Kaspersky LabKLA10068KLA10068 Multiple vulnerabilities in Apache httpd
5.1 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
8.1 High
AI Score
Confidence
High
0.956 High
EPSS
Percentile
99.4%
Multiple serious vulnerabilities have been found in Apache httpd. Malicious users can exploit these vulnerabilities to cause denial of service or execute arbitrary commands Below is a complete list of vulnerabilities
- An improper DAV restriction vulnerability can be exploited remotely via a specially designed MERGE request;
- An improper strings work vulnerability can be exploited remotely via a specially designed HTTP request.
Original advisories
Related products
CVE list
CVE-2013-1862 high
CVE-2013-1896 warning
Solution
Update to latest version
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
- OSI
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
- DoS
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
- SB
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
- PE
Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.
Affected Products
- Apache httpd 2.2 versions 2.2.24 and earlier
Related
5.1 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
8.1 High
AI Score
Confidence
High
0.956 High
EPSS
Percentile
99.4%