Vulnerability Description
mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Http Server | 1.3 |
References
- http://frontal2.mandriva.com/security/advisories?name=MDKSA-2004:046
- http://issues.apache.org/bugzilla/show_bug.cgi?id=23850
- http://marc.info/?l=apache-cvs&m=107869603013722
- http://marc.info/?l=bugtraq&m=108437852004207&w=2
- http://security.gentoo.org/glsa/glsa-200405-22.xml
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-101841-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-57628-1
- http://www.apacheweek.com/features/security-13Vendor Advisory
- http://www.securityfocus.com/bid/9829PatchVendor Advisory
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slack
- http://www.trustix.org/errata/2004/0027
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15422
- https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab3827
- https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4
FAQ
What is CVE-2003-0993?
CVE-2003-0993 is a vulnerability with a CVSS score of 7.5 (HIGH). mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to b...
How severe is CVE-2003-0993?
CVE-2003-0993 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-0993?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Http Server.