ID CVE-2003-0843
Summary Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
References
Vulnerable Configurations
  • cpe:2.3:a:dag_apt_repository:mod_gzip:1.3.26.1a
    cpe:2.3:a:dag_apt_repository:mod_gzip:1.3.26.1a
CVSS
Base: 7.5 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
NASL family Web Servers
NASL id MOD_GZIP_FORMAT_STRING.NASL
description The remote host is running mod_gzip with debug symbols compiled in. The debug code includes vulnerabilities that can be exploited by an attacker to gain a shell on this host.
last seen 2019-01-16
modified 2018-11-15
plugin id 11686
published 2003-06-02
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=11686
title mod_gzip Debug Mode mod_gzip_printf Remote Format String
refmap via4
bugtraq 20030601 Mod_gzip Debug Mode Vulnerabilities
Last major update 17-10-2016 - 22:37
Published 17-11-2003 - 00:00
Back to Top