Lucene search

[email protected]CVE-2004-2343

HistoryDec 31, 2004 - 5:00 a.m.

CVE-2004-2343

2004-12-3105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

apache

http server

.htaccess

errordocument

security

local user

privileges

vulnerability

nvd

cve-2004-2343

7.1 High

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument

CPENameOperatorVersion
apache:http_serverapache http serverle2.0.47

CPE	Name	Operator	Version
apache:http_server	apache http server	le	2.0.47

References

archives.neohapsis.com/archives/bugtraq/2004-02/0043.html

archives.neohapsis.com/archives/bugtraq/2004-02/0064.html

archives.neohapsis.com/archives/bugtraq/2004-02/0120.html

exchange.xforce.ibmcloud.com/vulnerabilities/15015

7.1 High

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON