ID CVE-2003-0016
Summary Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
References
Vulnerable Configurations
  • Apache Software Foundation Apache HTTP Server 2.0.36
    cpe:2.3:a:apache:http_server:2.0.36
  • Apache Software Foundation Apache HTTP Server 2.0.37
    cpe:2.3:a:apache:http_server:2.0.37
  • Apache Software Foundation Apache HTTP Server 2.0.38
    cpe:2.3:a:apache:http_server:2.0.38
  • Apache Software Foundation Apache HTTP Server 2.0.39
    cpe:2.3:a:apache:http_server:2.0.39
  • Apache Software Foundation Apache HTTP Server 2.0.40
    cpe:2.3:a:apache:http_server:2.0.40
  • Apache Software Foundation Apache HTTP Server 2.0.41
    cpe:2.3:a:apache:http_server:2.0.41
  • Apache Software Foundation Apache HTTP Server 2.0.42
    cpe:2.3:a:apache:http_server:2.0.42
  • Apache Software Foundation Apache HTTP Server 2.0.43
    cpe:2.3:a:apache:http_server:2.0.43
CVSS
Base: 7.5 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Web Servers
    NASL id APACHE_WIN32_DEVNAME.NASL
    description The remote host appears to be running a version of Apache for Windows that is older than 2.0.44. There are several flaws in this version that allow an attacker to crash this host or even execute arbitrary code remotely, but it only affects WindowsME and Windows9x. *** Note that Nessus solely relied on the version number *** of the remote server to issue this warning. This might *** be a false positive.
    last seen 2019-01-16
    modified 2018-06-29
    plugin id 11209
    published 2003-01-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=11209
    title Apache < 2.0.44 DOS Device Name Multiple Remote Vulnerabilities (Code Exec, DoS)
  • NASL family Web Servers
    NASL id HTTP_W98_DEVNAME_DOS.NASL
    description It was possible to freeze or reboot Windows by reading a MS/DOS device through HTTP, using a file name like CON\CON, AUX.htm, or AUX. An attacker could exploit this flaw to deny service to the affected system.
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 10930
    published 2002-03-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=10930
    title Multiple Web Server on Windows MS/DOS Device Request Remote DOS
refmap via4
bid 6659
cert-vn
  • VU#825177
  • VU#979793
confirm http://www.apacheweek.com/issues/03-01-24#security
mlist [apache-httpd-announce] 20030120 [ANNOUNCE] Apache 2.0.44 Released
xf
  • apache-device-code-execution(11125)
  • apache-device-name-dos(11124)
statements via4
contributor Mark J Cox
lastmodified 2008-07-02
organization Apache
statement Fixed in Apache HTTP Server 2.0.44: http://httpd.apache.org/security/vulnerabilities_20.html
Last major update 17-10-2016 - 22:28
Published 07-02-2003 - 00:00
Last modified 09-10-2017 - 21:30
Back to Top