CVE-2003-0789high
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
References
http://apache.secsup.org/dist/httpd/Announcement2.html
http://www.redhat.com/support/errata/RHSA-2003-320.html
http://lists.apple.com/mhonarc/security-announce/msg00045.html
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000775
http://security.gentoo.org/glsa/glsa-200310-04.xml
http://www.securityfocus.com/advisories/6079
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:103
http://www.ciac.org/ciac/bulletins/o-015.shtml
http://www.securityfocus.com/bid/8926
http://www.securityfocus.com/bid/9504
http://lists.apple.com/archives/security-announce/2004/Jan/msg00000.html
http://docs.info.apple.com/article.html?artnum=61798
http://marc.info/?l=bugtraq&m=106761802305141&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/13552
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
Details
Source: MITRE
Published: 2003-11-03
Updated: 2021-06-06
Type: NVD-CWE-Other
Risk Information
CVSS v2
Base Score: 10
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Impact Score: 10
Exploitability Score: 10
Severity: HIGH
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* versions up to 2.0.48 (inclusive)
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 2175 | Apache < 2.0.48 Multiple Vulnerabilities | Nessus Network Monitor | Web Servers | high |
| 2174 | Apache < 1.3.29 Multiple Vulnerabilities | Nessus Network Monitor | Web Servers | high |
| 14085 | Mandrake Linux Security Advisory : apache (MDKSA-2003:103) | Nessus | Mandriva Local Security Checks | critical |
| 12517 | Mac OS X Multiple Vulnerabilities (Security Update 2004-01-26) | Nessus | MacOS X Local Security Checks | critical |
| 11853 | Apache 2.0.x < 2.0.48 Multiple Vulnerabilities (OF, Info Disc.) | Nessus | Web Servers | critical |
| 800585 | Apache < 1.3.29 Multiple Vulnerabilities | Log Correlation Engine | Web Servers | high |
| 800583 | Apache < 2.0.48 Multiple Vulnerabilities | Log Correlation Engine | Web Servers | high |