CVE-2004-0940

Published Feb 9, 2005

Last updated 10 days ago

CVSS high 7.8

Overview

Description: Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
Source: cve@mitre.org
NVD status: Modified
Products: http_server, openpkg, hp-ux, slackware_linux, suse_linux, secure_linux

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 6.9
Impact score: 10
Exploitability score: 3.4
Vector string: AV:L/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-131

Hype score: Not currently trending

Vendor comments

ApacheFixed in Apache HTTP Server 1.3.33: http://httpd.apache.org/security/vulnerabilities_13.html

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "E48FC2F5-318B-4460-861D-80314B42F84B",
            "versionEndIncluding": "1.3.32",
            "versionStartIncluding": "1.3",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:openpkg:openpkg:2.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "48A4B336-2D5B-4D9B-AA87-E5266FED05BD",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:openpkg:openpkg:2.1:*:*:*:*:*:*:*",
            "matchCriteriaId": "37042CDE-E4FE-442E-891A-CD84433D36E2",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:openpkg:openpkg:2.2:*:*:*:*:*:*:*",
            "matchCriteriaId": "11F6E348-01DF-4FA4-808E-39A2A7A2B97B",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*",
            "matchCriteriaId": "771931F7-9180-4EBD-8627-E1CF17D24647",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*",
            "matchCriteriaId": "EDD9BE2B-7255-4FC1-B452-E8370632B03F",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:hp:hp-ux:11.20:*:*:*:*:*:*:*",
            "matchCriteriaId": "6AB76FE0-BEF3-40D4-B362-0C95CA625A71",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*",
            "matchCriteriaId": "EBD0DC0A-ACAD-4870-9C0F-3095F2AC8CCD",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:slackware:slackware_linux:8.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "78D76664-F4AC-470A-9686-3F708922A340",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:slackware:slackware_linux:8.1:*:*:*:*:*:*:*",
            "matchCriteriaId": "57F41B40-75E6-45C8-A5FB-8464C0B2D064",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "300A6A65-05FD-401C-80F6-B5F5B1F056E0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*",
            "matchCriteriaId": "AA3D53C9-3806-45E6-8AE9-7D41280EF64C",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:slackware:slackware_linux:10.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "D29C5A03-A7C9-4780-BB63-CF1E874D018D",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:slackware:slackware_linux:current:*:*:*:*:*:*:*",
            "matchCriteriaId": "B1CB2DD9-E77F-46EE-A145-F87AD10EA8E4",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:suse:suse_linux:8.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "28CD54FE-D682-4063-B7C3-8B29B26B39AD",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*",
            "matchCriteriaId": "F8C55338-3372-413F-82E3-E1B476D6F41A",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*",
            "matchCriteriaId": "1EFB33BF-F6A5-48C1-AEB5-194FCBCFC958",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "FB0E2D3B-B50A-46C2-BA1E-3E014DE91954",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*",
            "matchCriteriaId": "CFABFCE5-4F86-4AE8-9849-BC360AC72098",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:suse:suse_linux:9.2:*:*:*:*:*:*:*",
            "matchCriteriaId": "CFF36BC6-6CCD-4FEE-A120-5B8C4BF5620C",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:trustix:secure_linux:1.5:*:*:*:*:*:*:*",
            "matchCriteriaId": "39605B96-BAD6-45C9-BB9A-43D6E2C51ADD",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Vendor comments

Configurations

Related CVEs

References