Vulnerabilities > CVE-2003-0973 - Unspecified vulnerability in Apache MOD Python
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote attackers to cause a denial of service (httpd crash) via a certain query string.
Vulnerable Configurations
Nessus
NASL family Web Servers NASL id MOD_PYTHON_MALFORMED_QUERY.NASL description The remote host is using the Apache mod_python module older than 2.7.9 or 3.0.4. These versions may be prone to a denial of service attacks when handling malformed queries. last seen 2020-06-01 modified 2020-06-02 plugin id 11937 published 2003-12-04 reporter This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/11937 title mod_python < 2.7.9 / 3.0.4 Malformed Query String DoS code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(11937); script_version("1.23"); script_cvs_date("Date: 2018/11/15 20:50:25"); script_cve_id("CVE-2003-0973"); script_bugtraq_id(9129); script_name(english:"mod_python < 2.7.9 / 3.0.4 Malformed Query String DoS"); script_summary(english:"Checks for version of Python"); script_set_attribute(attribute:"synopsis", value:"The remote web server is prone to a denial of service attack."); script_set_attribute(attribute:"description", value: "The remote host is using the Apache mod_python module older than 2.7.9 or 3.0.4. These versions may be prone to a denial of service attacks when handling malformed queries."); script_set_attribute(attribute:"see_also", value:"http://modpython.org/pipermail/mod_python/2003-November/014533.html"); script_set_attribute(attribute:"solution", value:"Upgrade to mod_python 2.7.9 / 3.0.4 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2003/12/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2003/12/04"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2003-2018 Tenable Network Security, Inc."); script_family(english:"Web Servers"); script_dependencie("http_version.nasl", "find_service1.nasl", "no404.nasl"); script_require_keys("Settings/ParanoidReport"); script_require_ports("Services/www", 80); exit(0); } include("audit.inc"); include("backport.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); if (report_paranoia < 2) audit(AUDIT_PARANOID); port = get_http_port(default:80); banner = get_backport_banner(banner:get_http_banner(port:port)); if(!banner || backported)exit(0); serv = strstr(banner, "Server"); if(ereg(pattern:".*mod_python/(1.*|2\.([0-6]\..*|7\.[0-8][^0-9])|3\.0\.[0-3][^0-9]).*", string:serv)) { security_warning(port); }
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_1A448EB7698811D8873F0020ED76EF5A.NASL description An attacker may cause Apache with mod_python to crash by using a specially constructed query string. last seen 2020-06-01 modified 2020-06-02 plugin id 36819 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/36819 title FreeBSD : mod_python denial-of-service vulnerability in parse_qs (1a448eb7-6988-11d8-873f-0020ed76ef5a) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2004-058.NASL description Updated mod_python packages that fix a denial of service vulnerability are now available for Red Hat Enterprise Linux. mod_python embeds the Python language interpreter within the Apache httpd server. A bug has been found in mod_python versions 2.7.10 and earlier that can lead to a denial of service vulnerability. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0973 to this issue. Although Red Hat Enterprise Linux shipped with a version of mod_python that contains this bug, our testing was unable to trigger the denial of service vulnerability. However, mod_python users are advised to upgrade to these errata packages, which contain a backported patch that corrects this bug. last seen 2020-06-01 modified 2020-06-02 plugin id 12464 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12464 title RHEL 2.1 / 3 : mod_python (RHSA-2004:058) NASL family FreeBSD Local Security Checks NASL id FREEBSD_MOD_PYTHON_2710.NASL description The following package needs to be updated: mod_python last seen 2016-09-26 modified 2011-10-03 plugin id 12577 published 2004-07-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=12577 title FreeBSD : mod_python denial-of-service vulnerability in parse_qs (111) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-452.NASL description The Apache Software Foundation announced that some versions of mod_python contain a bug which, when processing a request with a malformed query string, could cause the corresponding Apache child to crash. This bug could be exploited by a remote attacker to cause a denial of service. last seen 2020-06-01 modified 2020-06-02 plugin id 15289 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15289 title Debian DSA-452-1 : libapache-mod-python - denial of service
Oval
accepted 2013-04-29T04:04:06.832-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 3 oval oval:org.mitre.oval:def:11782 comment CentOS Linux 3.x oval oval:org.mitre.oval:def:16651
description Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote attackers to cause a denial of service (httpd crash) via a certain query string. family unix id oval:org.mitre.oval:def:10259 status accepted submitted 2010-07-09T03:56:16-04:00 title Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote attackers to cause a denial of service (httpd crash) via a certain query string. version 26 accepted 2010-09-20T04:00:38.929-04:00 class vulnerability contributors name Jay Beale organization Bastille Linux name Matt Busby organization The MITRE Corporation name Thomas R. Jones organization Maitreya Security name Jonathan Baker organization The MITRE Corporation
description Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote attackers to cause a denial of service (httpd crash) via a certain query string. family unix id oval:org.mitre.oval:def:828 status accepted submitted 2004-03-20T12:00:00.000-04:00 title mod_python Web Server Denial of Service version 40 accepted 2007-04-25T19:52:59.430-04:00 class vulnerability contributors name Jay Beale organization Bastille Linux name Matt Busby organization The MITRE Corporation name Thomas R. Jones organization Maitreya Security name Robert L. Hollis organization ThreatGuard, Inc. name Jonathan Baker organization The MITRE Corporation
description Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote attackers to cause a denial of service (httpd crash) via a certain query string. family unix id oval:org.mitre.oval:def:839 status deprecated submitted 2004-03-20T12:00:00.000-04:00 title mod_python Web Server Denial of Service version 39
Redhat
advisories |
| ||||||||
rpms |
|
References
- http://bugzilla.fedora.us/show_bug.cgi?id=1325
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000837
- http://www.debian.org/security/2004/dsa-452
- http://www.modpython.org/pipermail/mod_python/2003-November/004005.html
- http://www.redhat.com/support/errata/RHSA-2004-058.html
- http://www.redhat.com/support/errata/RHSA-2004-063.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10259
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A828
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A839