Lucene search

K
httpdApache Team FoundationHTTPD:B060BFAA862DD69F70DB2412EAE10DE9
HistoryOct 21, 2004 - 12:00 a.m.

Apache Httpd < 1.3.33 : mod_include overflow

2004-10-2100:00:00
Apache Team Foundation
httpd.apache.org
15

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

47.1%

A buffer overflow in mod_include could allow a local user who is authorised to create server side include (SSI) files to gain the privileges of a httpd child.

Affected configurations

Vulners
Node
apacheapache_httpdMatch1.3.32
OR
apacheapache_httpdMatch1.3.31
OR
apacheapache_httpdMatch1.3.29
OR
apacheapache_httpdMatch1.3.28
OR
apacheapache_httpdMatch1.3.27
OR
apacheapache_httpdMatch1.3.26
OR
apacheapache_httpdMatch1.3.24
OR
apacheapache_httpdMatch1.3.22
OR
apacheapache_httpdMatch1.3.20
OR
apacheapache_httpdMatch1.3.19
OR
apacheapache_httpdMatch1.3.17
OR
apacheapache_httpdMatch1.3.14
OR
apacheapache_httpdMatch1.3.12
OR
apacheapache_httpdMatch1.3.11
OR
apacheapache_httpdMatch1.3.9
OR
apacheapache_httpdMatch1.3.6
OR
apacheapache_httpdMatch1.3.4
OR
apacheapache_httpdMatch1.3.3
OR
apacheapache_httpdMatch1.3.2
OR
apacheapache_httpdMatch1.3.1
OR
apacheapache_httpdMatch1.3.0
VendorProductVersionCPE
apacheapache_httpd1.3.32cpe:2.3:a:apache:apache_httpd:1.3.32:*:*:*:*:*:*:*
apacheapache_httpd1.3.31cpe:2.3:a:apache:apache_httpd:1.3.31:*:*:*:*:*:*:*
apacheapache_httpd1.3.29cpe:2.3:a:apache:apache_httpd:1.3.29:*:*:*:*:*:*:*
apacheapache_httpd1.3.28cpe:2.3:a:apache:apache_httpd:1.3.28:*:*:*:*:*:*:*
apacheapache_httpd1.3.27cpe:2.3:a:apache:apache_httpd:1.3.27:*:*:*:*:*:*:*
apacheapache_httpd1.3.26cpe:2.3:a:apache:apache_httpd:1.3.26:*:*:*:*:*:*:*
apacheapache_httpd1.3.24cpe:2.3:a:apache:apache_httpd:1.3.24:*:*:*:*:*:*:*
apacheapache_httpd1.3.22cpe:2.3:a:apache:apache_httpd:1.3.22:*:*:*:*:*:*:*
apacheapache_httpd1.3.20cpe:2.3:a:apache:apache_httpd:1.3.20:*:*:*:*:*:*:*
apacheapache_httpd1.3.19cpe:2.3:a:apache:apache_httpd:1.3.19:*:*:*:*:*:*:*
Rows per page:
1-10 of 211

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

47.1%