National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2003-0993 Detail

Description

mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.

Source:  MITRE      Last Modified:  03/29/2004

Quick Info

CVE Dictionary Entry:
CVE-2003-0993
Original release date:
03/29/2004
Last revised:
10/09/2017
Source:
US-CERT/NIST

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score:
7.5 HIGH
Vector:
(AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)
Impact Subscore:
6.4
Exploitability Subscore:
10.0
CVSS Version 2 Metrics:
Access Vector:
Network exploitable
Access Complexity:
Low
Authentication:
Not required to exploit
Impact Type:
Provides unauthorized access, Allows partial confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service

Vendor Statements (disclaimer)

Official Statement from Apache (07/02/2008)

Fixed in Apach HTTP Server 1.3.31: http://httpd.apache.org/security/vulnerabilities_13.html

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource Type Source Name
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2004:046 External Source MANDRAKE MDKSA-2004:046
http://issues.apache.org/bugzilla/show_bug.cgi?id=23850 External Source CONFIRM http://issues.apache.org/bugzilla/show_bug.cgi?id=23850
http://marc.info/?l=apache-cvs&m=107869603013722 External Source MLIST [apache-cvs] 20040307 cvs commit: apache-1.3/src/modules/standard mod_access.c
http://marc.info/?l=bugtraq&m=108437852004207&w=2 External Source BUGTRAQ 20040512 [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache)
http://security.gentoo.org/glsa/glsa-200405-22.xml External Source GENTOO GLSA-200405-22
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1 External Source SUNALERT 101555
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101841-1 External Source SUNALERT 101841
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57628-1 External Source SUNALERT 57628
http://www.apacheweek.com/features/security-13 Vendor Advisory External Source CONFIRM http://www.apacheweek.com/features/security-13
http://www.securityfocus.com/bid/9829 Patch; Vendor Advisory External Source BID 9829
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.529643 External Source SLACKWARE SSA:2004-133
http://www.trustix.org/errata/2004/0027 External Source TRUSTIX 2004-0027
https://exchange.xforce.ibmcloud.com/vulnerabilities/15422 External Source XF apache-modaccess-obtain-information(15422)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100111 External Source OVAL oval:org.mitre.oval:def:100111
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4670 External Source OVAL oval:org.mitre.oval:def:4670

References to Check Content

Identifier:
oval:org.mitre.oval:def:100111
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:100111
Identifier:
oval:org.mitre.oval:def:4670
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:4670

Technical Details

Vulnerability Type (View All)

Change History 4 change records found - show changes