CVE-2003-0542

HIGH

Description

Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.

References

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.6/SCOSA-2004.6.txt

ftp://patches.sgi.com/support/free/security/advisories/20031203-01-U.asc

ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc

http://docs.info.apple.com/article.html?artnum=61798

http://httpd.apache.org/dist/httpd/Announcement2.html

http://lists.apple.com/archives/security-announce/2004/Jan/msg00000.html

http://lists.apple.com/mhonarc/security-announce/msg00045.html

http://marc.info/?l=bugtraq&m=106761802305141&w=2

http://marc.info/?l=bugtraq&m=130497311408250&w=2

http://secunia.com/advisories/10096

http://secunia.com/advisories/10098

http://secunia.com/advisories/10102

http://secunia.com/advisories/10112

http://secunia.com/advisories/10114

http://secunia.com/advisories/10153

http://secunia.com/advisories/10260

http://secunia.com/advisories/10264

http://secunia.com/advisories/10463

http://secunia.com/advisories/10580

http://secunia.com/advisories/10593

http://sunsolve.sun.com/search/document.do?assetkey=1-26-101444-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-101841-1

http://www.kb.cert.org/vuls/id/434566

http://www.kb.cert.org/vuls/id/549142

http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:103

http://www.redhat.com/support/errata/RHSA-2003-320.html

http://www.redhat.com/support/errata/RHSA-2003-360.html

http://www.redhat.com/support/errata/RHSA-2003-405.html

http://www.redhat.com/support/errata/RHSA-2004-015.html

http://www.redhat.com/support/errata/RHSA-2005-816.html

http://www.securityfocus.com/advisories/6079

http://www.securityfocus.com/archive/1/342674

http://www.securityfocus.com/bid/8911

http://www.securityfocus.com/bid/9504

https://exchange.xforce.ibmcloud.com/vulnerabilities/13400

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3799

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A863

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A864

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9458

Details

Source: MITRE

Published: 2003-11-03

Updated: 2018-05-03

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH