mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
http://apache.secsup.org/dist/httpd/Announcement2.html
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000775
http://docs.info.apple.com/article.html?artnum=61798
http://lists.apple.com/archives/security-announce/2004/Jan/msg00000.html
http://lists.apple.com/mhonarc/security-announce/msg00045.html
http://marc.info/?l=bugtraq&m=106761802305141&w=2
http://security.gentoo.org/glsa/glsa-200310-04.xml
http://www.ciac.org/ciac/bulletins/o-015.shtml
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:103
http://www.redhat.com/support/errata/RHSA-2003-320.html
http://www.securityfocus.com/advisories/6079
http://www.securityfocus.com/bid/8926
http://www.securityfocus.com/bid/9504
https://exchange.xforce.ibmcloud.com/vulnerabilities/13552
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
Source: MITRE
Published: 2003-11-03
Updated: 2017-07-11
Type: NVD-CWE-Other
Base Score: 10
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Impact Score: 10
Exploitability Score: 10
Severity: HIGH
OR
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* versions up to 2.0.48 (inclusive)
ID | Name | Product | Family | Severity |
---|---|---|---|---|
14085 | Mandrake Linux Security Advisory : apache (MDKSA-2003:103) | Nessus | Mandriva Local Security Checks | critical |
12517 | Mac OS X Multiple Vulnerabilities (Security Update 2004-01-26) | Nessus | MacOS X Local Security Checks | critical |
11853 | Apache 2.0.x < 2.0.48 Multiple Vulnerabilities (OF, Info Disc.) | Nessus | Web Servers | critical |
800585 | Apache < 1.3.29 Multiple Vulnerabilities | Log Correlation Engine | Web Servers | high |