Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
httpdApache Team FoundationHTTPD:18EAF7F92541BF62857123A840724D27
HistoryAug 04, 2003 - 12:00 a.m.

Apache Httpd < 1.3.29 : Local configuration regular expression overflow

2003-08-0400:00:00
Apache Team Foundation
httpd.apache.org
14

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.001

Percentile

40.7%

JSON

By using a regular expression with more than 9 captures a buffer overflow can occur in mod_alias or mod_rewrite. To exploit this an attacker would need to be able to create a carefully crafted configuration file (.htaccess or httpd.conf)

Affected configurations

Vulners
Node
apacheapache_httpdMatch1.3.28
OR
apacheapache_httpdMatch1.3.27
OR
apacheapache_httpdMatch1.3.26
OR
apacheapache_httpdMatch1.3.24
OR
apacheapache_httpdMatch1.3.22
OR
apacheapache_httpdMatch1.3.20
OR
apacheapache_httpdMatch1.3.19
OR
apacheapache_httpdMatch1.3.17
OR
apacheapache_httpdMatch1.3.14
OR
apacheapache_httpdMatch1.3.12
OR
apacheapache_httpdMatch1.3.11
OR
apacheapache_httpdMatch1.3.9
OR
apacheapache_httpdMatch1.3.6
OR
apacheapache_httpdMatch1.3.4
OR
apacheapache_httpdMatch1.3.3
OR
apacheapache_httpdMatch1.3.2
OR
apacheapache_httpdMatch1.3.1
OR
apacheapache_httpdMatch1.3.0

Related

nessus 13
gentoo 2
openvas 8
redhat 2
f5 2
slackware 1
httpd 1
nvd 1
cve 1
cvelist 1
debiancve 1
securityvulns 2
cert 2
nessus
nessus
Fedora Core 1 : httpd-2.0.48-1.2 (2003-004)
2004-07-23 00:00:00
Apache < 1.3.29 Multiple Modules Local Overflow
2003-11-01 00:00:00
Slackware 8.1 / 9.0 / 9.1 / current : apache security update (SSA:2003-308-01)
2005-07-13 00:00:00
gentoo
gentoo
Apache: multiple buffer overflows
2003-10-28 00:00:00
Apache: buffer overflows and a possible information disclosure
2003-10-31 00:00:00
openvas
openvas
Slackware: Security Advisory (SSA:2003-308-01)
2012-09-10 00:00:00
Gentoo Security Advisory GLSA 200310-03 (Apache)
2008-09-24 00:00:00
Slackware Advisory SSA:2003-308-01 apache security update
2012-09-11 00:00:00
redhat
redhat
(RHSA-2004:015) httpd security update
2004-01-13 00:00:00
(RHSA-2003:360) apache security update
2003-12-10 00:00:00
f5
f5
SOL3144 - Apache mod_alias buffer overflow vulnerability - CAN-2003-0542
2007-05-16 00:00:00
K3144 : Apache mod_alias buffer overflow vulnerability CAN-2003-0542
2013-03-28 00:00:00
slackware
slackware
apache security update
2003-11-04 16:48:11
httpd
httpd
Apache Httpd < 2.0.48 : Local configuration regular expression overflow
2003-08-04 00:00:00
nvd
nvd
CVE-2003-0542
2003-11-03 05:00:00
cve
cve
CVE-2003-0542
2003-11-03 05:00:00
cvelist
cvelist
CVE-2003-0542
2003-10-30 05:00:00
debiancve
debiancve
CVE-2003-0542
2003-11-03 05:00:00
securityvulns
securityvulns
NetSec Security Advisory: Multiple Vulnerabilities Resulting From Use Of Apple OSX HFS+
2005-02-17 00:00:00
[RHSA-2003:320-01] Updated httpd packages fix Apache security vulnerabilities
2003-12-17 00:00:00
cert
cert
Apache mod_alias vulnerable to buffer overflow via crafted regular expression
2004-02-03 00:00:00
Apache mod_rewrite vulnerable to buffer overflow via crafted regular expression
2004-02-03 00:00:00

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.001

Percentile

40.7%

JSON
Related for HTTPD:18EAF7F92541BF62857123A840724D27
nessus13gentoo2openvas8redhat2f52slackware1httpd1nvd1cve1cvelist1debiancve1securityvulns2cert2