CVE-2003-0789

HIGH

Description

mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.

References

http://apache.secsup.org/dist/httpd/Announcement2.html

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000775

http://docs.info.apple.com/article.html?artnum=61798

http://lists.apple.com/archives/security-announce/2004/Jan/msg00000.html

http://lists.apple.com/mhonarc/security-announce/msg00045.html

http://marc.info/?l=bugtraq&m=106761802305141&w=2

http://security.gentoo.org/glsa/glsa-200310-04.xml

http://www.ciac.org/ciac/bulletins/o-015.shtml

http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:103

http://www.redhat.com/support/errata/RHSA-2003-320.html

http://www.securityfocus.com/advisories/6079

http://www.securityfocus.com/bid/8926

http://www.securityfocus.com/bid/9504

https://exchange.xforce.ibmcloud.com/vulnerabilities/13552

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

Details

Source: MITRE

Published: 2003-11-03

Updated: 2021-03-30

Risk Information

CVSS v2.0

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* versions up to 2.0.48 (inclusive)

Tenable Plugins

View all (7 total)

IDNameProductFamilySeverity
2175Apache < 2.0.48 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
high
2174Apache < 1.3.29 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
high
14085Mandrake Linux Security Advisory : apache (MDKSA-2003:103)NessusMandriva Local Security Checks
critical
12517Mac OS X Multiple Vulnerabilities (Security Update 2004-01-26)NessusMacOS X Local Security Checks
critical
11853Apache 2.0.x < 2.0.48 Multiple Vulnerabilities (OF, Info Disc.)NessusWeb Servers
critical
800585Apache < 1.3.29 Multiple VulnerabilitiesLog Correlation EngineWeb Servers
high
800583Apache < 2.0.48 Multiple VulnerabilitiesLog Correlation EngineWeb Servers
high