ID CVE-2007-1742
Summary suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
References
Vulnerable Configurations
  • cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*
CVSS
Base: 3.7 (as of 13-11-2008 - 06:36)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:H/Au:N/C:P/I:P/A:P
refmap via4
idefense 20070411 Apache HTTPD suEXEC Multiple Vulnerabilities
mlist
  • [apache-http-dev] 20070328 Re: [Fwd: iDefense Final Notice [IDEF1445]]
  • [apache-http-dev] 20070328 [Fwd: iDefense Final Notice [IDEF1445]]
osvdb 38640
sectrack 1017904
statements via4
contributor Mark J Cox
lastmodified 2007-04-19
organization Red Hat
statement These attacks are reliant on an insecure configuration of the server - that the user the server runs as has write access to the document root. The suexec security model is not intented to protect against privilege escalation in such a configuration
Last major update 13-11-2008 - 06:36
Published 13-04-2007 - 17:19
Last modified 13-11-2008 - 06:36
Back to Top