CVE-2004-0747medium
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
References
http://www.redhat.com/support/errata/RHSA-2004-463.html
http://www.gentoo.org/security/en/glsa/glsa-200409-21.xml
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:096
http://www.novell.com/linux/security/advisories/2004_32_apache2.html
http://www.trustix.org/errata/2004/0047/
http://www.kb.cert.org/vuls/id/481998
http://securitytracker.com/id?1011303
http://secunia.com/advisories/12540
http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=205147
http://secunia.com/advisories/34920
http://www.vupen.com/english/advisories/2009/1233
https://exchange.xforce.ibmcloud.com/vulnerabilities/17384
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11561
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
Details
Source: MITRE
Published: 2004-10-20
Updated: 2021-06-06
Type: NVD-CWE-Other
Risk Information
CVSS v2
Base Score: 4.6
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 3.9
Severity: MEDIUM
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.48:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.49:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.50:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 36910 | FreeBSD : apache -- ap_resolve_env buffer overflow (4d49f4ba-071f-11d9-b45d-000c41e2cdad) | Nessus | FreeBSD Local Security Checks | medium |
| 15898 | Mac OS X Multiple Vulnerabilities (Security Update 2004-12-02) | Nessus | MacOS X Local Security Checks | high |
| 14766 | GLSA-200409-21 : Apache 2, mod_dav: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | medium |
| 14752 | Mandrake Linux Security Advisory : apache2 (MDKSA-2004:096) | Nessus | Mandriva Local Security Checks | high |
| 14748 | Apache 2.0.x < 2.0.51 Multiple Vulnerabilities (OF, DoS) | Nessus | Web Servers | medium |
| 2292 | Apache < 2.0.51 IPv6 Remote Buffer Overflow | Nessus Network Monitor | Web Servers | medium |
| 2290 | Apache < 2.0.51 ${ENVVAR} Local Overflow | Nessus Network Monitor | Web Servers | medium |
| 14736 | RHEL 3 : httpd (RHSA-2004:463) | Nessus | Red Hat Local Security Checks | medium |
| 14731 | SUSE-SA:2004:032: apache2 | Nessus | SuSE Local Security Checks | medium |
| 800562 | Apache < 2.0.51 ${ENVVAR} Local Overflow | Log Correlation Engine | Web Servers | medium |