Lucene search

[email protected]CVE-2004-0263

HistoryNov 23, 2004 - 5:00 a.m.

CVE-2004-0263

2004-11-2305:00:00

[email protected]

web.nvd.nist.gov

cve-2004-0263

php

apache

mod_php

information security

sensitive information

global variables

virtual hosts

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.7%

JSON

PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.

Affected configurations

NVD

Node

apachehttp_serverMatch1.0

apachehttp_serverMatch1.0.2

apachehttp_serverMatch1.0.3

apachehttp_serverMatch1.0.5

apachehttp_serverMatch1.1

apachehttp_serverMatch1.1.1

apachehttp_serverMatch1.2

apachehttp_serverMatch1.2.5

apachehttp_serverMatch1.3

apachehttp_serverMatch1.3.1

apachehttp_serverMatch1.3.3

apachehttp_serverMatch1.3.4

apachehttp_serverMatch1.3.6

apachehttp_serverMatch1.3.7dev

apachehttp_serverMatch1.3.9

apachehttp_serverMatch1.3.11

apachehttp_serverMatch1.3.12

apachehttp_serverMatch1.3.14

apachehttp_serverMatch1.3.17

apachehttp_serverMatch1.3.18

apachehttp_serverMatch1.3.19

apachehttp_serverMatch1.3.20

apachehttp_serverMatch1.3.22

apachehttp_serverMatch1.3.23

apachehttp_serverMatch1.3.24

apachehttp_serverMatch1.3.25

apachehttp_serverMatch1.3.26

apachehttp_serverMatch1.3.27

apachehttp_serverMatch1.3.28

apachehttp_serverMatch1.3.29

apachehttp_serverMatch2.0

apachehttp_serverMatch2.0.9

apachehttp_serverMatch2.0.28

apachehttp_serverMatch2.0.28beta

apachehttp_serverMatch2.0.32

apachehttp_serverMatch2.0.35

apachehttp_serverMatch2.0.36

apachehttp_serverMatch2.0.37

apachehttp_serverMatch2.0.38

apachehttp_serverMatch2.0.39

apachehttp_serverMatch2.0.40

apachehttp_serverMatch2.0.41

apachehttp_serverMatch2.0.42

apachehttp_serverMatch2.0.43

apachehttp_serverMatch2.0.44

apachehttp_serverMatch2.0.45

apachehttp_serverMatch2.0.46

apachehttp_serverMatch2.0.47

apachehttp_serverMatch2.0.48

ibmhttp_serverMatch1.3.19

CPENameOperatorVersion
apache:http_serverapache http servereq1.0
apache:http_serverapache http servereq1.0.2
apache:http_serverapache http servereq1.0.3
apache:http_serverapache http servereq1.0.5
apache:http_serverapache http servereq1.1
apache:http_serverapache http servereq1.1.1
apache:http_serverapache http servereq1.2
apache:http_serverapache http servereq1.2.5
apache:http_serverapache http servereq1.3
apache:http_serverapache http servereq1.3.1

CPE	Name	Operator	Version
apache:http_server	apache http server	eq	1.0
apache:http_server	apache http server	eq	1.0.2
apache:http_server	apache http server	eq	1.0.3
apache:http_server	apache http server	eq	1.0.5
apache:http_server	apache http server	eq	1.1
apache:http_server	apache http server	eq	1.1.1
apache:http_server	apache http server	eq	1.2
apache:http_server	apache http server	eq	1.2.5
apache:http_server	apache http server	eq	1.3
apache:http_server	apache http server	eq	1.3.1

Rows per page:

1-10 of 491

References

security.gentoo.org/glsa/glsa-200402-01.xml

www.osvdb.org/3878

www.securityfocus.com/bid/9599

exchange.xforce.ibmcloud.com/vulnerabilities/15072

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.7%

JSON

Related for CVE-2004-0263

nvd1 openvas2 cvelist1