Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200310-03
HistoryOct 28, 2003 - 12:00 a.m.

Apache: multiple buffer overflows

2003-10-2800:00:00
Gentoo Foundation
security.gentoo.org
20

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

40.9%

JSON

Background

The Apache HTTP Server is one of the most popular web servers on the Internet.

Description

Multiple stack-based buffer overflows in mod_alias and mod_rewrite allow attackers who can create or edit configuration files including .htaccess files, to cause a denial of service and execute arbitrary code via a regular expression containing more than 9 captures.

Impact

An attacker may cause a denial of service or execute arbitrary code with the privileges of the user that is running apache.

Workaround

There is no known workaround at this time, other than to disable both mod_alias and mod_rewrite.

Resolution

It is recommended that all Gentoo Linux users who are running net-misc/apache 1.x upgrade:

 # emerge sync
 # emerge -pv apache
 # emerge '>=www-servers/apache-1.3.29'
 # emerge clean
 # /etc/init.d/apache restart
OSVersionArchitecturePackageVersionFilename
Gentooanyallwww-servers/apache< 1.3.29UNKNOWN

Related

f5 2
openvas 8
slackware 1
httpd 2
nessus 13
redhat 2
cve 1
nvd 1
securityvulns 2
cvelist 1
debiancve 1
cert 2
gentoo 1
f5
f5
SOL3144 - Apache mod_alias buffer overflow vulnerability - CAN-2003-0542
2007-05-16 00:00:00
K3144 : Apache mod_alias buffer overflow vulnerability CAN-2003-0542
2013-03-28 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200310-03 (Apache)
2008-09-24 00:00:00
Slackware Advisory SSA:2003-308-01 apache security update
2012-09-11 00:00:00
Slackware: Security Advisory (SSA:2003-308-01)
2012-09-10 00:00:00
slackware
slackware
apache security update
2003-11-04 16:48:11
httpd
httpd
Apache Httpd < 1.3.29 : Local configuration regular expression overflow
2003-08-04 00:00:00
Apache Httpd < 2.0.48 : Local configuration regular expression overflow
2003-08-04 00:00:00
nessus
nessus
Fedora Core 1 : httpd-2.0.48-1.2 (2003-004)
2004-07-23 00:00:00
Slackware 8.1 / 9.0 / 9.1 / current : apache security update (SSA:2003-308-01)
2005-07-13 00:00:00
Apache < 1.3.29 Multiple Modules Local Overflow
2003-11-01 00:00:00
redhat
redhat
(RHSA-2004:015) httpd security update
2004-01-13 00:00:00
(RHSA-2003:360) apache security update
2003-12-10 00:00:00
cve
cve
CVE-2003-0542
2003-11-03 05:00:00
nvd
nvd
CVE-2003-0542
2003-11-03 05:00:00
securityvulns
securityvulns
NetSec Security Advisory: Multiple Vulnerabilities Resulting From Use Of Apple OSX HFS+
2005-02-17 00:00:00
[RHSA-2003:320-01] Updated httpd packages fix Apache security vulnerabilities
2003-12-17 00:00:00
cvelist
cvelist
CVE-2003-0542
2003-10-30 05:00:00
debiancve
debiancve
CVE-2003-0542
2003-11-03 05:00:00
cert
cert
Apache mod_alias vulnerable to buffer overflow via crafted regular expression
2004-02-03 00:00:00
Apache mod_rewrite vulnerable to buffer overflow via crafted regular expression
2004-02-03 00:00:00
gentoo
gentoo
Apache: buffer overflows and a possible information disclosure
2003-10-31 00:00:00

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

40.9%

JSON
Related for GLSA-200310-03
f52openvas8slackware1httpd2nessus13redhat2cve1nvd1securityvulns2cvelist1debiancve1cert2gentoo1