7.2 - RHSA-2003:360

Executive Summary

Summary
Title	Updated apache packages fix minor security vulnerability

Informations
Name	RHSA-2003:360	First vendor Publication	2003-12-10
Vendor	RedHat	Last vendor Modification	2003-12-10
Severity (Vendor)	N/A	Revision	01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	7.2	Attack Range	Local
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	3.9	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2003-360.html

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:3799

Oval ID:	oval:org.mitre.oval:def:3799
Title:	Apache Web Server Multiple Module Local Buffer Overflow
Description:	Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2003-0542	Version:	1
Platform(s):	Sun Solaris 8 Sun Solaris 9	Product(s):	Apache
Definition Synopsis:
Software section Solaris 8 or 9 installed Solaris 8 Installed AND Solaris 9 Installed AND NOT Patch 113146-03 or later installed AND NOT Patch 116973-01 or later installed AND Apache (SUNWapchu) installed AND Configuration section Apache running (httpd)

Definition Id: oval:org.mitre.oval:def:863

Oval ID:	oval:org.mitre.oval:def:863
Title:	Red Hat Multiple stack-based BO Vulnerabilities in Apache
Description:	Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2003-0542	Version:	4
Platform(s):	Red Hat Linux 9	Product(s):	httpd
Definition Synopsis:
Software section Red Hat 9 is installed AND ix86 architecture AND httpd version is less than 2.0.40-21.9 AND Configuration section httpd.worker is listening on the network

Definition Id: oval:org.mitre.oval:def:864

Oval ID:	oval:org.mitre.oval:def:864
Title:	Red Hat Enterprise 3 Multiple stack-based BO Vulnerabilities in Apache
Description:	Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2003-0542	Version:	4
Platform(s):	Red Hat Enterprise Linux 3	Product(s):	Apache
Definition Synopsis:
Software section Red Hat Enterprise 3 is installed AND ix86 architecture AND httpd version is less than 2.0.46-26.ent AND Configuration section httpd.worker is listening on the network

Definition Id: oval:org.mitre.oval:def:9458

Oval ID:	oval:org.mitre.oval:def:9458
Title:	Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
Description:	Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2003-0542	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3	Product(s):
Definition Synopsis:
RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section httpd-devel is earlier than 0:2.0.46-26.ent AND mod_ssl is earlier than 1:2.0.46-26.ent AND httpd is earlier than 0:2.0.46-26.ent

CPE : Common Platform Enumeration

Type	Description	Count
Application	Apache Http Server cpe:2.3:a:apache:http_server:2.0.47:::::::* cpe:2.3:a:apache:http_server:2.0.46:::::::* cpe:2.3:a:apache:http_server:2.0.45:::::::* cpe:2.3:a:apache:http_server:2.0.44:::::::* cpe:2.3:a:apache:http_server:2.0.43:::::::* cpe:2.3:a:apache:http_server:2.0.42:::::::* cpe:2.3:a:apache:http_server:2.0.41:::::::* cpe:2.3:a:apache:http_server:2.0.40:::::::* cpe:2.3:a:apache:http_server:2.0.39:::::::* cpe:2.3:a:apache:http_server:2.0.38:::::::* cpe:2.3:a:apache:http_server:2.0.37:::::::* cpe:2.3:a:apache:http_server:2.0.36:::::::* cpe:2.3:a:apache:http_server:2.0.35:::::::* cpe:2.3:a:apache:http_server:2.0.32:::::::* cpe:2.3:a:apache:http_server:2.0.28:::::::* cpe:2.3:a:apache:http_server:2.0:::::::* cpe:2.3:a:apache:http_server:1.3.9:::::::* cpe:2.3:a:apache:http_server:1.3.6:::::::* cpe:2.3:a:apache:http_server:1.3.4:::::::* cpe:2.3:a:apache:http_server:1.3.3:::::::* cpe:2.3:a:apache:http_server:1.3.28:::::::* cpe:2.3:a:apache:http_server:1.3.27:::::::* cpe:2.3:a:apache:http_server:1.3.26:::::::* cpe:2.3:a:apache:http_server:1.3.25:::::::* cpe:2.3:a:apache:http_server:1.3.24:::::::* cpe:2.3:a:apache:http_server:1.3.23:::::::* cpe:2.3:a:apache:http_server:1.3.22:::::::* cpe:2.3:a:apache:http_server:1.3.20:::::::* cpe:2.3:a:apache:http_server:1.3.19:::::::* cpe:2.3:a:apache:http_server:1.3.18:::::::* cpe:2.3:a:apache:http_server:1.3.17:::::::* cpe:2.3:a:apache:http_server:1.3.14:::::::* cpe:2.3:a:apache:http_server:1.3.12:::::::* cpe:2.3:a:apache:http_server:1.3.11:::::::* cpe:2.3:a:apache:http_server:1.3.1:::::::* cpe:2.3:a:apache:http_server:1.3:::::::*	36

OpenVAS Exploits

Date	Description
2009-05-05	Name : HP-UX Update for Apache mod_cgid HPSBUX00301 File : nvt/gb_hp_ux_HPSBUX00301.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200310-03 (Apache) File : nvt/glsa_200310_03.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200310-04 (Apache) File : nvt/glsa_200310_04.nasl
0000-00-00	Name : Slackware Advisory SSA:2003-308-01 apache security update File : nvt/esoft_slk_ssa_2003_308_01.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
7611	Apache HTTP Server mod_alias Local Overflow A local overflow exists in Apache. The mod_alias module fails to handle regular expressions containing more than 9 captures (stored strings matching a particular pattern) resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code or cause a denial of service resulting in a loss of integrity and/or confidentiality.
2733	Apache HTTP Server mod_rewrite Local Overflow A local overflow exists in Apache. The mod_rewrite module fails to handle regular expressions containing more than 9 captures (stored strings matching a particular pattern) resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code or cause a denial of service resulting in a loss of integrity and/or confidentiality.

Description

7611

Apache HTTP Server mod_alias Local Overflow

A local overflow exists in Apache. The mod_alias module fails to handle regular expressions containing more than 9 captures (stored strings matching a particular pattern) resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code or cause a denial of service resulting in a loss of integrity and/or confidentiality.

2733

Apache HTTP Server mod_rewrite Local Overflow

A local overflow exists in Apache. The mod_rewrite module fails to handle regular expressions containing more than 9 captures (stored strings matching a particular pattern) resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code or cause a denial of service resulting in a loss of integrity and/or confidentiality.

Nessus® Vulnerability Scanner

Date	Description
2005-07-13	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2003-308-01.nasl - Type : ACT_GATHER_INFO
2004-10-17	Name : The remote host is missing Sun Security Patch number 116973-07 File : solaris8_116973.nasl - Type : ACT_GATHER_INFO
2004-10-17	Name : The remote host is missing Sun Security Patch number 116974-07 File : solaris8_x86_116974.nasl - Type : ACT_GATHER_INFO
2004-07-31	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2003-103.nasl - Type : ACT_GATHER_INFO
2004-07-23	Name : The remote Fedora Core host is missing a security update. File : fedora_2003-004.nasl - Type : ACT_GATHER_INFO
2004-07-12	Name : The remote host is missing Sun Security Patch number 113146-13 File : solaris9_113146.nasl - Type : ACT_GATHER_INFO
2004-07-12	Name : The remote host is missing Sun Security Patch number 114145-12 File : solaris9_x86_114145.nasl - Type : ACT_GATHER_INFO
2004-07-06	Name : The remote host is missing a Mac OS X security update. File : macosx_SecUpd20040126.nasl - Type : ACT_GATHER_INFO
2004-07-06	Name : The remote host is using an unsupported version of Mac OS X. File : macosx_version.nasl - Type : ACT_GATHER_INFO
2004-07-06	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2003-360.nasl - Type : ACT_GATHER_INFO
2004-07-06	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-015.nasl - Type : ACT_GATHER_INFO
2003-11-01	Name : The remote web server is affected by multiple local buffer overflow vulnerabi... File : apache_1_3_29.nasl - Type : ACT_GATHER_INFO
2003-09-26	Name : The remote web server is affected by multiple vulnerabilities. File : apache_2_0_48.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:48:17	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	4
CPE ID(s)	36
osvdb(s)	2
Openvas Exploit(s)	4
Nessus® Exploit(s)	13

	Related
7.2	CVE-2003-0542
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)

7.2 - RHSA-2003:360

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU