6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
Two vulnerabilities have been identified in the Apache 1.3 webserver:
CAN-2004-0940
“Crazy Einstein” has discovered a vulnerability in the
“mod_include” module, which can cause a buffer to be overflown and
could lead to the execution of arbitrary code.
NO VULN ID
Larry Cashdollar has discovered a potential buffer overflow in the
htpasswd utility, which could be exploited when user-supplied is
passed to the program via a CGI (or PHP, or ePerl, …) program.
For the stable distribution (woody) these problems have been fixed in
version 1.3.26-0woody6.
For the unstable distribution (sid) these problems have been fixed in
version 1.3.33-2.
We recommend that you upgrade your apache packages.