ID CVE-2003-0973
Summary Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote attackers to cause a denial of service (httpd crash) via a certain query string.
References
Vulnerable Configurations
  • Apache Software Foundation mod_python 2.7
    cpe:2.3:a:apache:mod_python:2.7
  • Apache Software Foundation mod_python 2.7.1
    cpe:2.3:a:apache:mod_python:2.7.1
  • Apache Software Foundation mod_python 2.7.2
    cpe:2.3:a:apache:mod_python:2.7.2
  • Apache Software Foundation mod_python 2.7.3
    cpe:2.3:a:apache:mod_python:2.7.3
  • Apache Software Foundation mod_python 2.7.4
    cpe:2.3:a:apache:mod_python:2.7.4
  • Apache Software Foundation mod_python 2.7.5
    cpe:2.3:a:apache:mod_python:2.7.5
  • Apache Software Foundation mod_python 2.7.6
    cpe:2.3:a:apache:mod_python:2.7.6
  • Apache Software Foundation mod_python 2.7.7
    cpe:2.3:a:apache:mod_python:2.7.7
  • Apache Software Foundation mod_python 2.7.8
    cpe:2.3:a:apache:mod_python:2.7.8
  • Apache Software Foundation mod_python 3.0
    cpe:2.3:a:apache:mod_python:3.0
  • Apache Software Foundation mod_python 3.0.1
    cpe:2.3:a:apache:mod_python:3.0.1
  • Apache Software Foundation mod_python 3.0.2
    cpe:2.3:a:apache:mod_python:3.0.2
  • Apache Software Foundation mod_python 3.0.3
    cpe:2.3:a:apache:mod_python:3.0.3
CVSS
Base: 5.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2004-058.NASL
    description Updated mod_python packages that fix a denial of service vulnerability are now available for Red Hat Enterprise Linux. mod_python embeds the Python language interpreter within the Apache httpd server. A bug has been found in mod_python versions 2.7.10 and earlier that can lead to a denial of service vulnerability. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0973 to this issue. Although Red Hat Enterprise Linux shipped with a version of mod_python that contains this bug, our testing was unable to trigger the denial of service vulnerability. However, mod_python users are advised to upgrade to these errata packages, which contain a backported patch that corrects this bug.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 12464
    published 2004-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=12464
    title RHEL 2.1 / 3 : mod_python (RHSA-2004:058)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_MOD_PYTHON_2710.NASL
    description The following package needs to be updated: mod_python
    last seen 2016-09-26
    modified 2011-10-03
    plugin id 12577
    published 2004-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=12577
    title FreeBSD : mod_python denial-of-service vulnerability in parse_qs (111)
  • NASL family Web Servers
    NASL id MOD_PYTHON_MALFORMED_QUERY.NASL
    description The remote host is using the Apache mod_python module older than 2.7.9 or 3.0.4. These versions may be prone to a denial of service attacks when handling malformed queries.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 11937
    published 2003-12-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=11937
    title mod_python < 2.7.9 / 3.0.4 Malformed Query String DoS
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_1A448EB7698811D8873F0020ED76EF5A.NASL
    description An attacker may cause Apache with mod_python to crash by using a specially constructed query string.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 36819
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36819
    title FreeBSD : mod_python denial-of-service vulnerability in parse_qs (1a448eb7-6988-11d8-873f-0020ed76ef5a)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-452.NASL
    description The Apache Software Foundation announced that some versions of mod_python contain a bug which, when processing a request with a malformed query string, could cause the corresponding Apache child to crash. This bug could be exploited by a remote attacker to cause a denial of service.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 15289
    published 2004-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15289
    title Debian DSA-452-1 : libapache-mod-python - denial of service
oval via4
  • accepted 2013-04-29T04:04:06.832-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    description Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote attackers to cause a denial of service (httpd crash) via a certain query string.
    family unix
    id oval:org.mitre.oval:def:10259
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote attackers to cause a denial of service (httpd crash) via a certain query string.
    version 23
  • accepted 2010-09-20T04:00:38.929-04:00
    class vulnerability
    contributors
    • name Jay Beale
      organization Bastille Linux
    • name Matt Busby
      organization The MITRE Corporation
    • name Thomas R. Jones
      organization Maitreya Security
    • name Jonathan Baker
      organization The MITRE Corporation
    description Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote attackers to cause a denial of service (httpd crash) via a certain query string.
    family unix
    id oval:org.mitre.oval:def:828
    status accepted
    submitted 2004-03-20T12:00:00.000-04:00
    title mod_python Web Server Denial of Service
    version 36
  • accepted 2007-04-25T19:52:59.430-04:00
    class vulnerability
    contributors
    • name Jay Beale
      organization Bastille Linux
    • name Matt Busby
      organization The MITRE Corporation
    • name Thomas R. Jones
      organization Maitreya Security
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    description Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote attackers to cause a denial of service (httpd crash) via a certain query string.
    family unix
    id oval:org.mitre.oval:def:839
    status deprecated
    submitted 2004-03-20T12:00:00.000-04:00
    title mod_python Web Server Denial of Service
    version 35
redhat via4
advisories
  • rhsa
    id RHSA-2004:058
  • rhsa
    id RHSA-2004:063
refmap via4
conectiva CLA-2004:837
confirm http://www.modpython.org/pipermail/mod_python/2003-November/004005.html
debian DSA-452
fedora FEDORA-2004-1325
Last major update 04-09-2013 - 00:26
Published 15-12-2003 - 00:00
Last modified 10-10-2017 - 21:29
Back to Top