Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2343

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2004-2343
Last Modified 05 Sep 2008 04:43:52
Published 31 Dec 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-2343

Summary

** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.

Vulnerable Systems

Application

  • Apache Http Server 2.0.47


References

XF - apache-httpd-bypass-restriction(15015)

BUGTRAQ - 20040204 Re: BUG IN APACHE HTTPD SERVER (current version 2.0.47)

BUGTRAQ - 20040202 Re: BUG IN APACHE HTTPD SERVER (current version 2.0.47)

BUGTRAQ - 20040131 BUG IN APACHE HTTPD SERVER (current version 2.0.47)


Last Updated: 27 May 2016 10:39:26