ID CVE-2003-0993
Summary mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
References
Vulnerable Configurations
  • Apache Software Foundation Apache HTTP Server 1.3
    cpe:2.3:a:apache:http_server:1.3
  • Apache Software Foundation Apache HTTP Server 1.3.1
    cpe:2.3:a:apache:http_server:1.3.1
  • Apache Software Foundation Apache HTTP Server 1.3.3
    cpe:2.3:a:apache:http_server:1.3.3
  • Apache Software Foundation Apache HTTP Server 1.3.4
    cpe:2.3:a:apache:http_server:1.3.4
  • Apache Software Foundation Apache HTTP Server 1.3.6
    cpe:2.3:a:apache:http_server:1.3.6
  • cpe:2.3:a:apache:http_server:1.3.7:-:dev
    cpe:2.3:a:apache:http_server:1.3.7:-:dev
  • Apache Software Foundation Apache HTTP Server 1.3.9
    cpe:2.3:a:apache:http_server:1.3.9
  • Apache Software Foundation Apache HTTP Server 1.3.11
    cpe:2.3:a:apache:http_server:1.3.11
  • Apache Software Foundation Apache HTTP Server 1.3.12
    cpe:2.3:a:apache:http_server:1.3.12
  • Apache Software Foundation Apache HTTP Server 1.3.14
    cpe:2.3:a:apache:http_server:1.3.14
  • Apache Software Foundation Apache HTTP Server 1.3.17
    cpe:2.3:a:apache:http_server:1.3.17
  • Apache Software Foundation Apache HTTP Server 1.3.18
    cpe:2.3:a:apache:http_server:1.3.18
  • Apache Software Foundation Apache HTTP Server 1.3.19
    cpe:2.3:a:apache:http_server:1.3.19
  • Apache Software Foundation Apache HTTP Server 1.3.20
    cpe:2.3:a:apache:http_server:1.3.20
  • Apache Software Foundation Apache HTTP Server 1.3.22
    cpe:2.3:a:apache:http_server:1.3.22
  • Apache Software Foundation Apache HTTP Server 1.3.23
    cpe:2.3:a:apache:http_server:1.3.23
  • Apache Software Foundation Apache HTTP Server 1.3.24
    cpe:2.3:a:apache:http_server:1.3.24
  • Apache Software Foundation Apache HTTP Server 1.3.25
    cpe:2.3:a:apache:http_server:1.3.25
  • Apache Software Foundation Apache HTTP Server 1.3.26
    cpe:2.3:a:apache:http_server:1.3.26
  • Apache Software Foundation Apache HTTP Server 1.3.27
    cpe:2.3:a:apache:http_server:1.3.27
  • Apache Software Foundation Apache HTTP Server 1.3.28
    cpe:2.3:a:apache:http_server:1.3.28
  • Apache Software Foundation Apache HTTP Server 1.3.29
    cpe:2.3:a:apache:http_server:1.3.29
CVSS
Base: 7.5 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_09D418DB70FD11D8873F0020ED76EF5A.NASL
    description Henning Brauer discovered a programming error in Apache 1.3's mod_access that results in the netmasks in IP address access control rules being interpreted incorrectly on 64-bit, big-endian platforms. In some cases, this could cause a `deny from' IP address access control rule including a netmask to fail.
    last seen 2019-01-16
    modified 2018-11-21
    plugin id 18833
    published 2005-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18833
    title FreeBSD : Apache 1.3 IP address access control failure on some 64-bit platforms (09d418db-70fd-11d8-873f-0020ed76ef5a)
  • NASL family Web Servers
    NASL id APACHE_ACCESS_WO_NETMASK.NASL
    description The remote host is running a version of Apache web server prior to 1.3.31. It is, therefore, affected by an access control bypass vulnerability due to a failure, on big-endian 64-bit platforms, to properly match 'allow' or 'deny' rules that contain an IP address but lack a corresponding netmask. Nessus has determined the vulnerability exists only by looking at the Server header returned by the web server running on the target. If the target is not a big-endian 64-bit platform, consider this a false positive.
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 14177
    published 2004-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14177
    title Apache < 1.3.31 mod_access IP Address Netmask Rule Bypass
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS8_116973.NASL
    description SunOS 5.8: Apache Patch. Date this patch was last updated by Sun : Apr/24/08
    last seen 2018-09-01
    modified 2016-12-09
    plugin id 15482
    published 2004-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15482
    title Solaris 8 (sparc) : 116973-07
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_X86_114145.NASL
    description SunOS 5.9_x86: Apache Security Patch. Date this patch was last updated by Sun : Mar/05/10
    last seen 2018-09-01
    modified 2016-12-09
    plugin id 13593
    published 2004-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=13593
    title Solaris 9 (x86) : 114145-12
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2004-133-01.NASL
    description New apache packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix security issues. These include a possible denial-of-service attack as well as the ability to possible pipe shell escapes through Apache's errorlog (which could create an exploit if the error log is read in a terminal program that does not filter such escapes). We recommend that sites running Apache upgrade to the new Apache package.
    last seen 2019-01-16
    modified 2018-08-09
    plugin id 18787
    published 2005-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18787
    title Slackware 8.1 / 9.0 / 9.1 / current : apache (SSA:2004-133-01)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_113146.NASL
    description SunOS 5.9: Apache Security Patch. Date this patch was last updated by Sun : Mar/05/10
    last seen 2018-09-01
    modified 2016-12-09
    plugin id 13530
    published 2004-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=13530
    title Solaris 9 (sparc) : 113146-13
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS8_X86_116974.NASL
    description SunOS 5.8_x86: Apache Patch. Date this patch was last updated by Sun : Apr/23/08
    last seen 2018-09-01
    modified 2016-12-09
    plugin id 15483
    published 2004-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15483
    title Solaris 8 (x86) : 116974-07
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2004-046.NASL
    description Four security vulnerabilities were fixed with the 1.3.31 release of Apache. All of these issues have been backported and applied to the provided packages. Thanks to Ralf Engelschall of OpenPKG for providing the patches. Apache 1.3 prior to 1.3.30 did not filter terminal escape sequences from its error logs. This could make it easier for attackers to insert those sequences into the terminal emulators of administrators viewing the error logs that contain vulnerabilities related to escape sequence handling (CVE-2003-0020). mod_digest in Apache 1.3 prior to 1.3.31 did not properly verify the nonce of a client response by using an AuthNonce secret. Apache now verifies the nonce returned in the client response to check whether it was issued by itself by means of a 'AuthDigestRealmSeed' secret exposed as an MD5 checksum (CVE-2003-0987). mod_access in Apache 1.3 prior to 1.3.30, when running on big-endian 64-bit platforms, did not properly parse Allow/Deny rules using IP addresses without a netmask. This could allow a remote attacker to bypass intended access restrictions (CVE-2003-0993). Apache 1.3 prior to 1.3.30, when using multiple listening sockets on certain platforms, allows a remote attacker to cause a DoS by blocking new connections via a short-lived connection on a rarely-accessed listening socket (CVE-2004-0174). While this particular vulnerability does not affect Linux, we felt it prudent to include the fix. Update : Due to the changes in mod_digest.so, mod_perl needed to be rebuilt against the patched Apache packages in order for httpd-perl to properly load the module. The appropriate mod_perl packages have been rebuilt and are now available.
    last seen 2019-01-16
    modified 2018-07-19
    plugin id 14145
    published 2004-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14145
    title Mandrake Linux Security Advisory : apache-mod_perl (MDKSA-2004:046-1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200405-22.NASL
    description The remote host is affected by the vulnerability described in GLSA-200405-22 (Apache 1.3: Multiple vulnerabilities) On 64-bit big-endian platforms, mod_access does not properly parse Allow/Deny rules using IP addresses without a netmask which could result in failure to match certain IP addresses. Terminal escape sequences are not filtered from error logs. This could be used by an attacker to insert escape sequences into a terminal emulator vulnerable to escape sequences. mod_digest does not properly verify the nonce of a client response by using a AuthNonce secret. This could permit an attacker to replay the response of another website. This does not affect mod_auth_digest. On certain platforms there is a starvation issue where listening sockets fails to handle short-lived connection on a rarely-accessed listening socket. This causes the child to hold the accept mutex and block out new connections until another connection arrives on the same rarely-accessed listening socket thus leading to a denial of service. Impact : These vulnerabilities could lead to attackers bypassing intended access restrictions, denial of service, and possibly execution of arbitrary code. Workaround : There is no known workaround at this time.
    last seen 2019-01-16
    modified 2018-08-10
    plugin id 14508
    published 2004-08-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14508
    title GLSA-200405-22 : Apache 1.3: Multiple vulnerabilities
oval via4
  • accepted 2005-11-16T08:02:00.000-04:00
    class vulnerability
    contributors
    name Robert L. Hollis
    organization ThreatGuard, Inc.
    description mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
    family unix
    id oval:org.mitre.oval:def:100111
    status accepted
    submitted 2005-08-16T12:00:00.000-04:00
    title Apache Allow/Deny Parsing Error
    version 32
  • accepted 2004-12-09T08:46:00.000-04:00
    class vulnerability
    contributors
    • name Brian Soby
      organization The MITRE Corporation
    • name Brian Soby
      organization The MITRE Corporation
    • name Brian Soby
      organization The MITRE Corporation
    description mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
    family unix
    id oval:org.mitre.oval:def:4670
    status accepted
    submitted 2004-10-14T01:13:00.000-04:00
    title Apache Mod_Access Access Control Rule Bypass Vulnerability
    version 31
refmap via4
bid 9829
bugtraq 20040512 [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache)
confirm
gentoo GLSA-200405-22
mandrake MDKSA-2004:046
mlist [apache-cvs] 20040307 cvs commit: apache-1.3/src/modules/standard mod_access.c
slackware SSA:2004-133
sunalert
  • 101555
  • 101841
  • 57628
trustix 2004-0027
xf apache-modaccess-obtain-information(15422)
statements via4
contributor Mark J Cox
lastmodified 2008-07-02
organization Apache
statement Fixed in Apach HTTP Server 1.3.31: http://httpd.apache.org/security/vulnerabilities_13.html
Last major update 17-10-2016 - 22:38
Published 29-03-2004 - 00:00
Last modified 09-10-2017 - 21:30
Back to Top