CVE-2004-0747

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.

References

http://www.redhat.com/support/errata/RHSA-2004-463.html

http://www.gentoo.org/security/en/glsa/glsa-200409-21.xml

http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:096

http://www.novell.com/linux/security/advisories/2004_32_apache2.html

http://www.trustix.org/errata/2004/0047/

http://www.kb.cert.org/vuls/id/481998

http://securitytracker.com/id?1011303

http://secunia.com/advisories/12540

http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=205147

http://secunia.com/advisories/34920

http://www.vupen.com/english/advisories/2009/1233

https://exchange.xforce.ibmcloud.com/vulnerabilities/17384

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11561

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

Details

Source: MITRE

Published: 2004-10-20

Updated: 2021-06-06

Risk Information

CVSS v2

Base Score: 4.6

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 3.9

Severity: MEDIUM

Tenable Plugins

View all (10 total)

IDNameProductFamilySeverity
36910FreeBSD : apache -- ap_resolve_env buffer overflow (4d49f4ba-071f-11d9-b45d-000c41e2cdad)NessusFreeBSD Local Security Checks
medium
15898Mac OS X Multiple Vulnerabilities (Security Update 2004-12-02)NessusMacOS X Local Security Checks
high
14766GLSA-200409-21 : Apache 2, mod_dav: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
14752Mandrake Linux Security Advisory : apache2 (MDKSA-2004:096)NessusMandriva Local Security Checks
high
14748Apache 2.0.x < 2.0.51 Multiple Vulnerabilities (OF, DoS)NessusWeb Servers
medium
2292Apache < 2.0.51 IPv6 Remote Buffer OverflowNessus Network MonitorWeb Servers
medium
2290Apache < 2.0.51 ${ENVVAR} Local OverflowNessus Network MonitorWeb Servers
medium
14736RHEL 3 : httpd (RHSA-2004:463)NessusRed Hat Local Security Checks
medium
14731SUSE-SA:2004:032: apache2NessusSuSE Local Security Checks
medium
800562Apache < 2.0.51 ${ENVVAR} Local OverflowLog Correlation EngineWeb Servers
medium