Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0844


Vulnerability Score 2.1 2.1
CVE Id CVE-2003-0844
Last Modified 07 Mar 2011 09:13:09
Published 17 Nov 2003 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE



mod_gzip and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.

Vulnerable Systems


  • Dag Apt Repository Mod Gzip


BUGTRAQ - 20030601 Mod_gzip Debug Mode Vulnerabilities

Last Updated: 27 May 2016 10:38:05