Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0245

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2003-0245
Last Modified 10 Sep 2008 03:18:23
Published 09 Jun 2003 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0245

Summary

Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.

Vulnerable Systems

Application

  • Apache Http Server 2.0.37

  • Apache Http Server 2.0.38

  • Apache Http Server 2.0.39

  • Apache Http Server 2.0.40

  • Apache Http Server 2.0.41

  • Apache Http Server 2.0.42

  • Apache Http Server 2.0.43

  • Apache Http Server 2.0.44

  • Apache Http Server 2.0.45


References

CERT-VN - VU#757612

REDHAT - RHSA-2003:186

CONFIRM - http://www.apache.org/dist/httpd/Announcement2.html

BUGTRAQ - 20030528 [SECURITY] [ANNOUNCE] Apache 2.0.46 released

XF - apache-aprpsprintf-code-execution(12090)

BID - 7723

MISC - http://www.idefense.com/advisory/05.30.03.txt

VULNWATCH - 20030530 iDEFENSE Security Advisory 05.30.03: Apache Portable Runtime Denial of Service and Arbitrary Code Execution Vulnerability

MANDRAKE - MDKSA-2003:063

CONECTIVA - CLA-2003:661


Last Updated: 27 May 2016 10:37:50