ID |
CVE-2003-0993
|
Summary |
mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions. |
References |
|
Vulnerable Configurations |
-
Apache Software Foundation Apache HTTP Server 1.3
cpe:2.3:a:apache:http_server:1.3
-
Apache Software Foundation Apache HTTP Server 1.3.1
cpe:2.3:a:apache:http_server:1.3.1
-
Apache Software Foundation Apache HTTP Server 1.3.3
cpe:2.3:a:apache:http_server:1.3.3
-
Apache Software Foundation Apache HTTP Server 1.3.4
cpe:2.3:a:apache:http_server:1.3.4
-
Apache Software Foundation Apache HTTP Server 1.3.6
cpe:2.3:a:apache:http_server:1.3.6
-
cpe:2.3:a:apache:http_server:1.3.7:-:dev
cpe:2.3:a:apache:http_server:1.3.7:-:dev
-
Apache Software Foundation Apache HTTP Server 1.3.9
cpe:2.3:a:apache:http_server:1.3.9
-
Apache Software Foundation Apache HTTP Server 1.3.11
cpe:2.3:a:apache:http_server:1.3.11
-
Apache Software Foundation Apache HTTP Server 1.3.12
cpe:2.3:a:apache:http_server:1.3.12
-
Apache Software Foundation Apache HTTP Server 1.3.14
cpe:2.3:a:apache:http_server:1.3.14
-
Apache Software Foundation Apache HTTP Server 1.3.17
cpe:2.3:a:apache:http_server:1.3.17
-
Apache Software Foundation Apache HTTP Server 1.3.18
cpe:2.3:a:apache:http_server:1.3.18
-
Apache Software Foundation Apache HTTP Server 1.3.19
cpe:2.3:a:apache:http_server:1.3.19
-
Apache Software Foundation Apache HTTP Server 1.3.20
cpe:2.3:a:apache:http_server:1.3.20
-
Apache Software Foundation Apache HTTP Server 1.3.22
cpe:2.3:a:apache:http_server:1.3.22
-
Apache Software Foundation Apache HTTP Server 1.3.23
cpe:2.3:a:apache:http_server:1.3.23
-
Apache Software Foundation Apache HTTP Server 1.3.24
cpe:2.3:a:apache:http_server:1.3.24
-
Apache Software Foundation Apache HTTP Server 1.3.25
cpe:2.3:a:apache:http_server:1.3.25
-
Apache Software Foundation Apache HTTP Server 1.3.26
cpe:2.3:a:apache:http_server:1.3.26
-
Apache Software Foundation Apache HTTP Server 1.3.27
cpe:2.3:a:apache:http_server:1.3.27
-
Apache Software Foundation Apache HTTP Server 1.3.28
cpe:2.3:a:apache:http_server:1.3.28
-
Apache Software Foundation Apache HTTP Server 1.3.29
cpe:2.3:a:apache:http_server:1.3.29
|
CVSS |
Base: | 7.5 (as of 01-01-2004 - 00:00) |
Impact: | |
Exploitability: | |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
PARTIAL |
PARTIAL |
|
nessus
via4
|
NASL family | FreeBSD Local Security Checks | NASL id | FREEBSD_PKG_09D418DB70FD11D8873F0020ED76EF5A.NASL | description | Henning Brauer discovered a programming error in Apache 1.3's
mod_access that results in the netmasks in IP address access control
rules being interpreted incorrectly on 64-bit, big-endian platforms.
In some cases, this could cause a `deny from' IP address access
control rule including a netmask to fail. | last seen | 2019-01-16 | modified | 2018-11-21 | plugin id | 18833 | published | 2005-07-13 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=18833 | title | FreeBSD : Apache 1.3 IP address access control failure on some 64-bit platforms (09d418db-70fd-11d8-873f-0020ed76ef5a) |
NASL family | Web Servers | NASL id | APACHE_ACCESS_WO_NETMASK.NASL | description | The remote host is running a version of Apache web server prior to
1.3.31. It is, therefore, affected by an access control bypass
vulnerability due to a failure, on big-endian 64-bit platforms, to
properly match 'allow' or 'deny' rules that contain an IP address but
lack a corresponding netmask.
Nessus has determined the vulnerability exists only by looking at the
Server header returned by the web server running on the target. If the
target is not a big-endian 64-bit platform, consider this a false
positive. | last seen | 2019-01-16 | modified | 2018-11-15 | plugin id | 14177 | published | 2004-07-31 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=14177 | title | Apache < 1.3.31 mod_access IP Address Netmask Rule Bypass |
NASL family | Solaris Local Security Checks | NASL id | SOLARIS8_116973.NASL | description | SunOS 5.8: Apache Patch.
Date this patch was last updated by Sun : Apr/24/08 | last seen | 2018-09-01 | modified | 2016-12-09 | plugin id | 15482 | published | 2004-10-17 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=15482 | title | Solaris 8 (sparc) : 116973-07 |
NASL family | Solaris Local Security Checks | NASL id | SOLARIS9_X86_114145.NASL | description | SunOS 5.9_x86: Apache Security Patch.
Date this patch was last updated by Sun : Mar/05/10 | last seen | 2018-09-01 | modified | 2016-12-09 | plugin id | 13593 | published | 2004-07-12 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=13593 | title | Solaris 9 (x86) : 114145-12 |
NASL family | Slackware Local Security Checks | NASL id | SLACKWARE_SSA_2004-133-01.NASL | description | New apache packages are available for Slackware 8.1, 9.0, 9.1, and
-current to fix security issues. These include a possible
denial-of-service attack as well as the ability to possible pipe shell
escapes through Apache's errorlog (which could create an exploit if
the error log is read in a terminal program that does not filter such
escapes). We recommend that sites running Apache upgrade to the new
Apache package. | last seen | 2019-01-16 | modified | 2018-08-09 | plugin id | 18787 | published | 2005-07-13 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=18787 | title | Slackware 8.1 / 9.0 / 9.1 / current : apache (SSA:2004-133-01) |
NASL family | Solaris Local Security Checks | NASL id | SOLARIS9_113146.NASL | description | SunOS 5.9: Apache Security Patch.
Date this patch was last updated by Sun : Mar/05/10 | last seen | 2018-09-01 | modified | 2016-12-09 | plugin id | 13530 | published | 2004-07-12 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=13530 | title | Solaris 9 (sparc) : 113146-13 |
NASL family | Solaris Local Security Checks | NASL id | SOLARIS8_X86_116974.NASL | description | SunOS 5.8_x86: Apache Patch.
Date this patch was last updated by Sun : Apr/23/08 | last seen | 2018-09-01 | modified | 2016-12-09 | plugin id | 15483 | published | 2004-10-17 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=15483 | title | Solaris 8 (x86) : 116974-07 |
NASL family | Mandriva Local Security Checks | NASL id | MANDRAKE_MDKSA-2004-046.NASL | description | Four security vulnerabilities were fixed with the 1.3.31 release of
Apache. All of these issues have been backported and applied to the
provided packages. Thanks to Ralf Engelschall of OpenPKG for providing
the patches.
Apache 1.3 prior to 1.3.30 did not filter terminal escape sequences
from its error logs. This could make it easier for attackers to insert
those sequences into the terminal emulators of administrators viewing
the error logs that contain vulnerabilities related to escape sequence
handling (CVE-2003-0020).
mod_digest in Apache 1.3 prior to 1.3.31 did not properly verify the
nonce of a client response by using an AuthNonce secret. Apache now
verifies the nonce returned in the client response to check whether it
was issued by itself by means of a 'AuthDigestRealmSeed' secret
exposed as an MD5 checksum (CVE-2003-0987).
mod_access in Apache 1.3 prior to 1.3.30, when running on big-endian
64-bit platforms, did not properly parse Allow/Deny rules using IP
addresses without a netmask. This could allow a remote attacker to
bypass intended access restrictions (CVE-2003-0993).
Apache 1.3 prior to 1.3.30, when using multiple listening sockets on
certain platforms, allows a remote attacker to cause a DoS by blocking
new connections via a short-lived connection on a rarely-accessed
listening socket (CVE-2004-0174). While this particular vulnerability
does not affect Linux, we felt it prudent to include the fix.
Update :
Due to the changes in mod_digest.so, mod_perl needed to be rebuilt
against the patched Apache packages in order for httpd-perl to
properly load the module. The appropriate mod_perl packages have been
rebuilt and are now available. | last seen | 2019-01-16 | modified | 2018-07-19 | plugin id | 14145 | published | 2004-07-31 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=14145 | title | Mandrake Linux Security Advisory : apache-mod_perl (MDKSA-2004:046-1) |
NASL family | Gentoo Local Security Checks | NASL id | GENTOO_GLSA-200405-22.NASL | description | The remote host is affected by the vulnerability described in GLSA-200405-22
(Apache 1.3: Multiple vulnerabilities)
On 64-bit big-endian platforms, mod_access does not properly parse
Allow/Deny rules using IP addresses without a netmask which could result in
failure to match certain IP addresses.
Terminal escape sequences are not filtered from error logs. This could be
used by an attacker to insert escape sequences into a terminal emulator
vulnerable to escape sequences.
mod_digest does not properly verify the nonce of a client response by using
a AuthNonce secret. This could permit an attacker to replay the response of
another website. This does not affect mod_auth_digest.
On certain platforms there is a starvation issue where listening sockets
fails to handle short-lived connection on a rarely-accessed listening
socket. This causes the child to hold the accept mutex and block out new
connections until another connection arrives on the same rarely-accessed
listening socket thus leading to a denial of service.
Impact :
These vulnerabilities could lead to attackers bypassing intended access
restrictions, denial of service, and possibly execution of arbitrary code.
Workaround :
There is no known workaround at this time. | last seen | 2019-01-16 | modified | 2018-08-10 | plugin id | 14508 | published | 2004-08-30 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=14508 | title | GLSA-200405-22 : Apache 1.3: Multiple vulnerabilities |
|
oval
via4
|
accepted | 2005-11-16T08:02:00.000-04:00 | class | vulnerability | contributors | name | Robert L. Hollis | organization | ThreatGuard, Inc. |
| description | mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions. | family | unix | id | oval:org.mitre.oval:def:100111 | status | accepted | submitted | 2005-08-16T12:00:00.000-04:00 | title | Apache Allow/Deny Parsing Error | version | 32 |
accepted | 2004-12-09T08:46:00.000-04:00 | class | vulnerability | contributors | name | Brian Soby | organization | The MITRE Corporation |
name | Brian Soby | organization | The MITRE Corporation |
name | Brian Soby | organization | The MITRE Corporation |
| description | mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions. | family | unix | id | oval:org.mitre.oval:def:4670 | status | accepted | submitted | 2004-10-14T01:13:00.000-04:00 | title | Apache Mod_Access Access Control Rule Bypass Vulnerability | version | 31 |
|
refmap
via4
|
bid | 9829 | bugtraq | 20040512 [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache) | confirm | | gentoo | GLSA-200405-22 | mandrake | MDKSA-2004:046 | mlist | [apache-cvs] 20040307 cvs commit: apache-1.3/src/modules/standard mod_access.c | slackware | SSA:2004-133 | sunalert | | trustix | 2004-0027 | xf | apache-modaccess-obtain-information(15422) |
|
statements
via4
|
contributor | Mark J Cox | lastmodified | 2008-07-02 | organization | Apache | statement | Fixed in Apach HTTP Server 1.3.31:
http://httpd.apache.org/security/vulnerabilities_13.html |
|
Last major update |
17-10-2016 - 22:38 |
Published |
29-03-2004 - 00:00 |
Last modified |
09-10-2017 - 21:30 |