CVE-2004-0940

Published Feb 9, 2005

Last updated 10 months ago

CVSS high 7.8

Overview

Description: Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 6.9
Impact score: 10
Exploitability score: 3.4
Vector string: AV:L/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-131

Hype score: Not currently trending

Vendor comments

ApacheFixed in Apache HTTP Server 1.3.33: http://httpd.apache.org/security/vulnerabilities_13.html

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E48FC2F5-318B-4460-861D-80314B42F84B",
            "versionEndIncluding": "1.3.32",
            "versionStartIncluding": "1.3"
          },
          {
            "criteria": "cpe:2.3:a:openpkg:openpkg:2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "48A4B336-2D5B-4D9B-AA87-E5266FED05BD"
          },
          {
            "criteria": "cpe:2.3:a:openpkg:openpkg:2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37042CDE-E4FE-442E-891A-CD84433D36E2"
          },
          {
            "criteria": "cpe:2.3:a:openpkg:openpkg:2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "11F6E348-01DF-4FA4-808E-39A2A7A2B97B"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "771931F7-9180-4EBD-8627-E1CF17D24647"
          },
          {
            "criteria": "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EDD9BE2B-7255-4FC1-B452-E8370632B03F"
          },
          {
            "criteria": "cpe:2.3:o:hp:hp-ux:11.20:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6AB76FE0-BEF3-40D4-B362-0C95CA625A71"
          },
          {
            "criteria": "cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EBD0DC0A-ACAD-4870-9C0F-3095F2AC8CCD"
          },
          {
            "criteria": "cpe:2.3:o:slackware:slackware_linux:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "78D76664-F4AC-470A-9686-3F708922A340"
          },
          {
            "criteria": "cpe:2.3:o:slackware:slackware_linux:8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "57F41B40-75E6-45C8-A5FB-8464C0B2D064"
          },
          {
            "criteria": "cpe:2.3:o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "300A6A65-05FD-401C-80F6-B5F5B1F056E0"
          },
          {
            "criteria": "cpe:2.3:o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AA3D53C9-3806-45E6-8AE9-7D41280EF64C"
          },
          {
            "criteria": "cpe:2.3:o:slackware:slackware_linux:10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D29C5A03-A7C9-4780-BB63-CF1E874D018D"
          },
          {
            "criteria": "cpe:2.3:o:slackware:slackware_linux:current:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B1CB2DD9-E77F-46EE-A145-F87AD10EA8E4"
          },
          {
            "criteria": "cpe:2.3:o:suse:suse_linux:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "28CD54FE-D682-4063-B7C3-8B29B26B39AD"
          },
          {
            "criteria": "cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F8C55338-3372-413F-82E3-E1B476D6F41A"
          },
          {
            "criteria": "cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1EFB33BF-F6A5-48C1-AEB5-194FCBCFC958"
          },
          {
            "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FB0E2D3B-B50A-46C2-BA1E-3E014DE91954"
          },
          {
            "criteria": "cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CFABFCE5-4F86-4AE8-9849-BC360AC72098"
          },
          {
            "criteria": "cpe:2.3:o:suse:suse_linux:9.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CFF36BC6-6CCD-4FEE-A120-5B8C4BF5620C"
          },
          {
            "criteria": "cpe:2.3:o:trustix:secure_linux:1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "39605B96-BAD6-45C9-BB9A-43D6E2C51ADD"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Vendor comments

Configurations

References