Vulnerability Description
mod_auth_any package in Red Hat Enterprise Linux 2.1 and other operating systems does not properly escape arguments when calling other programs, which allows attackers to execute arbitrary commands via shell metacharacters.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mod Auth Any | Mod Auth Any | 1.2.2 |
References
- http://rhn.redhat.com/errata/RHSA-2003-114.htmlPatchVendor Advisory
- http://www.ciac.org/ciac/bulletins/n-090.shtml
- http://www.itlab.musc.edu/webNIS/mod_auth_any.html
- http://www.redhat.com/support/errata/RHSA-2003-113.html
- http://www.securityfocus.com/bid/7448PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11893
- http://rhn.redhat.com/errata/RHSA-2003-114.htmlPatchVendor Advisory
- http://www.ciac.org/ciac/bulletins/n-090.shtml
- http://www.itlab.musc.edu/webNIS/mod_auth_any.html
- http://www.redhat.com/support/errata/RHSA-2003-113.html
- http://www.securityfocus.com/bid/7448PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11893
FAQ
What is CVE-2003-0084?
CVE-2003-0084 is a vulnerability with a CVSS score of 7.5 (HIGH). mod_auth_any package in Red Hat Enterprise Linux 2.1 and other operating systems does not properly escape arguments when calling other programs, which allows attackers to execute arbitrary commands vi...
How severe is CVE-2003-0084?
CVE-2003-0084 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-0084?
Check the references section above for vendor advisories and patch information. Affected products include: Mod Auth Any Mod Auth Any.