ID CVE-2003-0134
Summary Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
References
Vulnerable Configurations
  • Apache Software Foundation Apache HTTP Server 2.0
    cpe:2.3:a:apache:http_server:2.0
  • Apache Software Foundation Apache HTTP Server 2.0.28
    cpe:2.3:a:apache:http_server:2.0.28
  • Apache Software Foundation Apache HTTP Server 2.0.32
    cpe:2.3:a:apache:http_server:2.0.32
  • Apache Software Foundation Apache HTTP Server 2.0.35
    cpe:2.3:a:apache:http_server:2.0.35
  • Apache Software Foundation Apache HTTP Server 2.0.36
    cpe:2.3:a:apache:http_server:2.0.36
  • Apache Software Foundation Apache HTTP Server 2.0.37
    cpe:2.3:a:apache:http_server:2.0.37
  • Apache Software Foundation Apache HTTP Server 2.0.38
    cpe:2.3:a:apache:http_server:2.0.38
  • Apache Software Foundation Apache HTTP Server 2.0.39
    cpe:2.3:a:apache:http_server:2.0.39
  • Apache Software Foundation Apache HTTP Server 2.0.40
    cpe:2.3:a:apache:http_server:2.0.40
  • Apache Software Foundation Apache HTTP Server 2.0.41
    cpe:2.3:a:apache:http_server:2.0.41
  • Apache Software Foundation Apache HTTP Server 2.0.42
    cpe:2.3:a:apache:http_server:2.0.42
  • Apache Software Foundation Apache HTTP Server 2.0.43
    cpe:2.3:a:apache:http_server:2.0.43
  • Apache Software Foundation Apache HTTP Server 2.0.44
    cpe:2.3:a:apache:http_server:2.0.44
  • Apache Software Foundation Apache HTTP Server 2.0.45
    cpe:2.3:a:apache:http_server:2.0.45
  • Apache Software Foundation Apache HTTP Server 2.0.9a
    cpe:2.3:a:apache:http_server:2.0.9
CVSS
Base: 5.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
NASL family Web Servers
NASL id APACHE_2_0_45_OS2.NASL
description The remote host appears to be running a version of Apache 2.0.x that is prior to 2.0.46 on OS/2. There is a vulnerability specific to such versions running on OS/2 in 'filestat.c' that could allow an attacker to disable this service remotely. *** Note that Nessus solely relied on the version number *** of the remote server to issue this warning. This might *** be a false positive.
last seen 2019-01-16
modified 2018-11-15
plugin id 11607
published 2003-05-08
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=11607
title Apache 2.0.x < 2.0.46 on OS/2 filestat.c Device Name Request DoS
refmap via4
bugtraq
  • 20030402 [ANNOUNCE] Apache 2.0.45 Released
  • 20030528 [SECURITY] [ANNOUNCE] Apache 2.0.46 released
confirm http://cvs.apache.org/viewcvs/apr/file_io/os2/filestat.c.diff?r1=1.34&r2=1.35
statements via4
contributor Mark J Cox
lastmodified 2008-07-02
organization Apache
statement Fixed in Apache HTTP Server 2.0.46: http://httpd.apache.org/security/vulnerabilities_20.html
Last major update 17-10-2016 - 22:29
Published 11-04-2003 - 00:00
Back to Top