Vulnerabilities > CVE-2003-0789 - Unspecified vulnerability in Apache Http Server
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN apache
nessus
Summary
mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
Vulnerable Configurations
Nessus
NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD20040126.NASL description The remote host is missing Security Update 2004-01-26. This security update includes the following components : - Apache 1.3 - Classic - Mail - Safari - Windows File Sharing For MacOS 10.1.5, it only includes the following : - Mail This update contains various fixes which may allow an attacker to execute arbitrary code on the remote host. last seen 2020-06-01 modified 2020-06-02 plugin id 12517 published 2004-07-06 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/12517 title Mac OS X Multiple Vulnerabilities (Security Update 2004-01-26) code # # (C) Tenable Network Security, Inc. # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(12517); script_version ("1.16"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_cve_id("CVE-2004-0085", "CVE-2004-0086", "CVE-2004-0087", "CVE-2004-0088", "CVE-2004-0089", "CVE-2003-0789", "CVE-2003-0542", "CVE-2004-0092", "CVE-2003-0542"); script_bugtraq_id(9069); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2004-01-26)"); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a Mac OS X security update." ); script_set_attribute(attribute:"description", value: "The remote host is missing Security Update 2004-01-26. This security update includes the following components : - Apache 1.3 - Classic - Mail - Safari - Windows File Sharing For MacOS 10.1.5, it only includes the following : - Mail This update contains various fixes which may allow an attacker to execute arbitrary code on the remote host." ); # http://web.archive.org/web/20040206220131/http://www.apple.com/downloads/macosx/apple/securityupdate_2004-01-26_%2810_2_8_Server%29.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f54f1ccf" ); # http://web.archive.org/web/20040206214559/http://www.apple.com/downloads/macosx/apple/securityupdate_2004-01-26_%2810_1_5%29.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1a627a5f" ); script_set_attribute(attribute:"solution", value: "Install security update 2004-01-26. See http://support.apple.com/kb/HT1646 for more details." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119); script_set_attribute(attribute:"plugin_publication_date", value: "2004/07/06"); script_set_attribute(attribute:"vuln_publication_date", value: "2003/10/29"); script_set_attribute(attribute:"patch_publication_date", value: "2004/01/26"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_summary(english:"Check for Security Update 2004-01-26"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc."); script_family(english:"MacOS X Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages"); exit(0); } # packages = get_kb_item("Host/MacOSX/packages"); if ( ! packages ) exit(0); uname = get_kb_item("Host/uname"); # Security Update 2004-05-03 actually includes this update for MacOS X 10.2.8 Client if ( egrep(pattern:"Darwin.* 6\.8\.", string:uname) ) { if ( egrep(pattern:"^SecUpd2004-05-03", string:packages) ) exit(0); } # MacOS X 10.1.5, 10.2.8 and 10.3.2 only if ( egrep(pattern:"Darwin.* (5\.5\.|6\.8\.|7\.2\.)", string:uname) ) { if ( ! egrep(pattern:"^SecurityUpd2004-01-26", string:packages) ) { security_hole(0); exit(0); } else { set_kb_item(name:"CVE-2004-0174", value:TRUE); set_kb_item(name:"CVE-2003-0020", value:TRUE); } } if ( egrep(pattern:"Darwin.*", string:uname) ) { set_kb_item(name:"CVE-2004-0174", value:TRUE); set_kb_item(name:"CVE-2003-0020", value:TRUE); }NASL family Web Servers NASL id APACHE_2_0_48.NASL description The remote host appears to be running a version of Apache 2.0.x prior to 2.0.48. It is, therefore, affected by multiple vulnerabilities : - The mod_rewrite and mod_alias modules fail to handle regular expressions containing more than 9 captures resulting in a buffer overflow. - A vulnerability may occur in the mod_cgid module caused by the mishandling of CGI redirect paths. This could cause Apache to send the output of a CGI program to the wrong client. last seen 2020-06-01 modified 2020-06-02 plugin id 11853 published 2003-09-26 reporter This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/11853 title Apache 2.0.x < 2.0.48 Multiple Vulnerabilities (OF, Info Disc.) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2003-103.NASL description A buffer overflow in mod_alias and mod_rewrite was discovered in Apache versions 1.3.19 and earlier as well as Apache 2.0.47 and earlier. This happens when a regular expression with more than 9 captures is confined. An attacker would have to create a carefully crafted configuration file (.htaccess or httpd.conf) in order to exploit these problems. As well, another buffer overflow in Apache 2.0.47 and earlier in mod_cgid last seen 2020-06-01 modified 2020-06-02 plugin id 14085 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14085 title Mandrake Linux Security Advisory : apache (MDKSA-2003:103)
Redhat
| advisories |
|
Statements
| contributor | Mark J Cox |
| lastmodified | 2008-07-02 |
| organization | Apache |
| statement | Fixed in Apache HTTP Server 2.0.48: http://httpd.apache.org/security/vulnerabilities_20.html |
References
- http://apache.secsup.org/dist/httpd/Announcement2.html
- http://www.redhat.com/support/errata/RHSA-2003-320.html
- http://lists.apple.com/mhonarc/security-announce/msg00045.html
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000775
- http://security.gentoo.org/glsa/glsa-200310-04.xml
- http://www.securityfocus.com/advisories/6079
- http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:103
- http://www.ciac.org/ciac/bulletins/o-015.shtml
- http://www.securityfocus.com/bid/8926
- http://www.securityfocus.com/bid/9504
- http://lists.apple.com/archives/security-announce/2004/Jan/msg00000.html
- http://docs.info.apple.com/article.html?artnum=61798
- http://marc.info/?l=bugtraq&m=106761802305141&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13552
- https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E