Vulnerabilities > CVE-2003-0842 - Remote Security vulnerability in DAG APT Repository MOD Gzip 1.3.26.1A

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

dag-apt-repository

exploit available

NVD

Published: 2003-11-17

Updated: 2016-10-18

Summary

Stack-based buffer overflow in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode, allows remote attackers to execute arbitrary code via a long filename in a GET request with an "Accept-Encoding: gzip" header.

Vulnerable Configurations

Part	Description	Count
Application	Dag_Apt_Repository DAG APT Repository MOD Gzip 1.3.26.1A	1

Exploit-Db

description	Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit. CVE-2003-0842. Remote exploit for linux platform
id	EDB-ID:126
last seen	2016-01-31
modified	2003-11-20
published	2003-11-20
reporter	xCrZx
source	https://www.exploit-db.com/download/126/
title	Apache mod_gzip with debug_mode <= 1.2.26.1a Remote Exploit

References

http://marc.info/?l=bugtraq&m=105457180009860&w=2