Analyst readout for executives and security teams
Plain-English summary
This is an old information-disclosure issue in Apache mod_python. When vulnerable output filters handle responses over 16 KB, the module may return data from previously freed memory. That could expose sensitive server or application data if an affected legacy deployment is still reachable.
Executive priority
Address during legacy web-server risk reduction, with higher priority for internet-facing systems. The issue can leak memory contents, but the provided evidence does not show active exploitation or broad modern exposure.
Technical view
mod_python/libapache2-mod-python 3.1.4 and earlier mishandles output-filter reads above 16384 bytes. The reported failure mode is filter.read returning portions of freed memory, creating a memory disclosure risk. The source bundle references an Apache filterobject.c patch and vendor advisories, but does not provide CVSS details.
Likely exposure
Exposure is most likely on legacy Apache deployments still using mod_python or libapache2-mod-python 3.1.4 or earlier, especially where Python output filters process larger responses. Modern stacks not using mod_python are not indicated as affected by the provided sources.
Exploitation context
The bundle does not show CISA KEV listing, active exploitation, public exploit use, or weaponized details. Treat this as a plausible remote information-disclosure risk only where the obsolete module is deployed and reachable.
Researcher notes
The key condition is output-filter processing over 16384 bytes in mod_python 3.1.4 and earlier. Sources identify freed-memory disclosure and reference an Apache source patch, but affected package fixed versions and exploitability details are incomplete in the supplied bundle.
Mitigation direction
- Inventory Apache servers for mod_python or libapache2-mod-python version 3.1.4 or earlier.
- Apply vendor-provided mod_python updates where available from the relevant distribution.
- If no supported update exists, remove or disable mod_python usage.
- Review Apache configuration for Python output filters handling large responses.
- Prioritize externally reachable legacy web servers before internal-only systems.
Validation and detection
- Confirm installed package versions against vendor advisory records.
- Check Apache module loading and configuration for mod_python output filters.
- Verify distribution changelogs include the referenced filterobject.c fix.
- Test affected applications in staging after updating or disabling the module.
- Document unsupported legacy servers that cannot be remediated immediately.
Public sources used
Based on public source material and reviewed before publication.
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
CVE-2004-2680 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
Open ATT&CK lookup- Severity
- Unknown
- CVSS
- Not scored
- Known Exploited
- No
- Published
CNA and ADP enrichment extracted from CVE v5
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
CVSS and timeline data
No CVSS vectors or timeline events were available in the normalized CVE source material.
Source materials
- CVE List V5 sourceCVE List V5
- 24424CVE reference · third-party-advisory, x_refsource_SECUNIA
- USN-430-1CVE reference · vendor-advisory, x_refsource_UBUNTU
- [httpd-python-dev] 20040416 patch for filterobject.cCVE reference · mailing-list, x_refsource_MLIST
- 20070307 rPSA-2007-0051-1 mod_pythonCVE reference · mailing-list, x_refsource_BUGTRAQ
- [httpd-python-dev] 20040416 Re: possible bug in filter.write()CVE reference · mailing-list, x_refsource_MLIST
- ADV-2007-0846CVE reference · vdb-entry, x_refsource_VUPEN
- [httpd-python-dev] 20040416 possible bug in filter.write()CVE reference · mailing-list, x_refsource_MLIST
- https://launchpad.net/bugs/89308CVE reference · x_refsource_CONFIRM
- http://svn.apache.org/viewvc/httpd/mod_python/trunk/src/filterobject.c?r1=102649&r2=103561&pathrev=103561CVE reference · x_refsource_CONFIRM
- https://issues.rpath.com/browse/RPL-1105CVE reference · x_refsource_CONFIRM
- 24418CVE reference · third-party-advisory, x_refsource_SECUNIA
- 22849CVE reference · vdb-entry, x_refsource_BID
- modpython-outputfilter-info-disclosure(14751)CVE reference · vdb-entry, x_refsource_XF
Products and packages named in the record
CWE details
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
