[Forgot Password]
Login  Register Subscribe

23631

 
 

119105

 
 

98250

 
 

909

 
 

79281

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2004-0940

Date: (C)2005-02-09   (M)2017-07-18 


Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.

CVSS Score: 6.9Access Vector: LOCAL
Exploit Score: 3.4Access Complexity: MEDIUM
Impact Score: 10.0Authentication: NONE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE





Reference:
SECTRACK-1011783
SUNALERT-102197
BID-11471
SECUNIA-12898
SECUNIA-19073
ADV-2006-0789
DSA-594
MDKSA-2004:134
OpenPKG-SA-2004.047
RHSA-2004:600
RHSA-2005:816
apache-modinclude-bo(17785)
http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm
http://www.apacheweek.com/features/security-13

CPE    42
cpe:/o:slackware:slackware_linux:8.0
cpe:/o:hp:hp-ux:11.20
cpe:/o:slackware:slackware_linux:8.1
cpe:/o:slackware:slackware_linux:9.1
...
CWE    1
CWE-119

© 2013 SecPod Technologies