ID CVE-2003-0789
Summary mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
References
Vulnerable Configurations
  • Apache Software Foundation Apache HTTP Server 2.0.48
    cpe:2.3:a:apache:http_server:2.0.48
CVSS
Base: 10.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Web Servers
    NASL id APACHE_2_0_48.NASL
    description The remote host appears to be running a version of Apache 2.0.x prior to 2.0.48. It is, therefore, affected by multiple vulnerabilities : - The mod_rewrite and mod_alias modules fail to handle regular expressions containing more than 9 captures resulting in a buffer overflow. - A vulnerability may occur in the mod_cgid module caused by the mishandling of CGI redirect paths. This could cause Apache to send the output of a CGI program to the wrong client.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 11853
    published 2003-09-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=11853
    title Apache 2.0.x < 2.0.48 Multiple Vulnerabilities (OF, Info Disc.)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD20040126.NASL
    description The remote host is missing Security Update 2004-01-26. This security update includes the following components : - Apache 1.3 - Classic - Mail - Safari - Windows File Sharing For MacOS 10.1.5, it only includes the following : - Mail This update contains various fixes which may allow an attacker to execute arbitrary code on the remote host.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 12517
    published 2004-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=12517
    title Mac OS X Multiple Vulnerabilities (Security Update 2004-01-26)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2003-103.NASL
    description A buffer overflow in mod_alias and mod_rewrite was discovered in Apache versions 1.3.19 and earlier as well as Apache 2.0.47 and earlier. This happens when a regular expression with more than 9 captures is confined. An attacker would have to create a carefully crafted configuration file (.htaccess or httpd.conf) in order to exploit these problems. As well, another buffer overflow in Apache 2.0.47 and earlier in mod_cgid's mishandling of CGI redirect paths could result in CGI output going to the wrong client when a threaded MPM is used. Apache version 2.0.48 and 1.3.29 were released upstream to correct these bugs; backported patches have been applied to the provided packages.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 14085
    published 2004-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14085
    title Mandrake Linux Security Advisory : apache (MDKSA-2003:103)
redhat via4
advisories
rhsa
id RHSA-2003:320
refmap via4
apple APPLE-SA-2004-01-26
bid
  • 8926
  • 9504
bugtraq 20031031 GLSA: apache (200310-04)
ciac O-015
conectiva CLA-2003:775
confirm
gentoo 200310-04
hp HPSBUX0311-301
mandrake MDKSA-2003:103
xf apache-modcgi-info-disclosure(13552)
statements via4
contributor Mark J Cox
lastmodified 2008-07-02
organization Apache
statement Fixed in Apache HTTP Server 2.0.48: http://httpd.apache.org/security/vulnerabilities_20.html
Last major update 17-10-2016 - 22:37
Published 03-11-2003 - 00:00
Last modified 10-07-2017 - 21:29
Back to Top