Vulnerability Description
Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Http Server | 1.3 |
Related Weaknesses (CWE)
References
- ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.6/SCOSA-2004.6.txt
- ftp://patches.sgi.com/support/free/security/advisories/20031203-01-U.asc
- ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
- http://docs.info.apple.com/article.html?artnum=61798
- http://httpd.apache.org/dist/httpd/Announcement2.html
- http://lists.apple.com/archives/security-announce/2004/Jan/msg00000.html
- http://lists.apple.com/mhonarc/security-announce/msg00045.html
- http://marc.info/?l=bugtraq&m=106761802305141&w=2
- http://marc.info/?l=bugtraq&m=130497311408250&w=2
- http://secunia.com/advisories/10096
- http://secunia.com/advisories/10098
- http://secunia.com/advisories/10102
- http://secunia.com/advisories/10112
- http://secunia.com/advisories/10114
- http://secunia.com/advisories/10153
FAQ
What is CVE-2003-0542?
CVE-2003-0542 is a vulnerability with a CVSS score of 7.2 (HIGH). Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitr...
How severe is CVE-2003-0542?
CVE-2003-0542 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-0542?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Http Server.