Rapid7 Vulnerability & Exploit Database

Apache HTTPD: Local configuration regular expression overflow (CVE-2003-0542)

Back to Search

Apache HTTPD: Local configuration regular expression overflow (CVE-2003-0542)

Severity
7
CVSS
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Published
11/03/2003
Created
07/25/2018
Added
04/12/2012
Modified
02/13/2015

Description

The affected asset is vulnerable to this vulnerability ONLY if it is running one of the following modules: mod_alias, mod_rewrite AND an attacker can create a crafted .htaccess or httpd.conf file with more than 9 regular expression captures. Review your web server configuration for validation. By using a regular expression with more than 9 captures a buffer overflow can occur in mod_alias or mod_rewrite. To exploit this an attacker would need to be able to create a carefully crafted configuration file (.htaccess or httpd.conf)

Solution(s)

  • apache-httpd-upgrade-1_3_29
  • apache-httpd-upgrade-2_0_48

References

  • apache-httpd-upgrade-1_3_29
  • apache-httpd-upgrade-2_0_48

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;