CVE-2003-0843 - Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly late

CVE-2003-0843

Summary

Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.

References

http://marc.info/?l=bugtraq&m=105457180009860&w=2

Vulnerable Configurations

cpe:2.3:a:dag_apt_repository:mod_gzip:*:*:*:*:*:*:*:*
cpe:2.3:a:dag_apt_repository:mod_gzip:*:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 18-10-2016 - 02:37)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bugtraq

20030601 Mod_gzip Debug Mode Vulnerabilities

Last major update

18-10-2016 - 02:37

Published

17-11-2003 - 05:00

Last modified

18-10-2016 - 02:37