CVE-2003-1307

Current Description

** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."

Basic Data

PublishedDecember 31, 2003
Last ModifiedOctober 19, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:L/Au:S/C:P/I:P/A:P
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationSINGLE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score4.3
SeverityMEDIUM
Exploitability Score3.1
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegetrue

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationApacheHttp Server2.0*******
    2.3ApplicationApacheHttp Server2.0.9*******
    2.3ApplicationApacheHttp Server2.0.28*******
    2.3ApplicationApacheHttp Server2.0.28beta******
    2.3ApplicationApacheHttp Server2.0.28betawin32*****
    2.3ApplicationApacheHttp Server2.0.32*******
    2.3ApplicationApacheHttp Server2.0.32betawin32*****
    2.3ApplicationApacheHttp Server2.0.34betawin32*****
    2.3ApplicationApacheHttp Server2.0.35*******
    2.3ApplicationApacheHttp Server2.0.36*******
    2.3ApplicationApacheHttp Server2.0.37*******
    2.3ApplicationApacheHttp Server2.0.38*******
    2.3ApplicationApacheHttp Server2.0.39*******
    2.3ApplicationApacheHttp Server2.0.40*******
    2.3ApplicationApacheHttp Server2.0.41*******
    2.3ApplicationApacheHttp Server2.0.42*******
    2.3ApplicationApacheHttp Server2.0.43*******
    2.3ApplicationApacheHttp Server2.0.44*******
    2.3ApplicationApacheHttp Server2.0.45*******
    2.3ApplicationApacheHttp Server2.0.46*******
    2.3ApplicationApacheHttp Server2.0.46*win32*****
    2.3ApplicationApacheHttp Server2.0.47*******
    2.3ApplicationApacheHttp Server2.0.48*******

Vulnerable Software List

VendorProductVersions
Apache Http Server 2.0, 2.0.28, 2.0.32, 2.0.34, 2.0.35, 2.0.36, 2.0.37, 2.0.38, 2.0.39, 2.0.40, 2.0.41, 2.0.42, 2.0.43, 2.0.44, 2.0.45, 2.0.46, 2.0.47, 2.0.48, 2.0.9

References

NameSourceURLTags
http://bugs.php.net/38915http://bugs.php.net/38915MISCExploit
http://hackerdom.ru/~dimmo/phpexpl.chttp://hackerdom.ru/~dimmo/phpexpl.cMISCExploit
20031226 Hijacking Apache https by mod_phphttp://www.securityfocus.com/archive/1/348368BUGTRAQExploit Vendor Advisory
20061019 PHP "exec", "system", "popen" problemhttp://www.securityfocus.com/archive/1/449234/100/0/threadedBUGTRAQ
20061020 Re: PHP "exec", "system", "popen" (+small POC)http://www.securityfocus.com/archive/1/449298/100/0/threadedBUGTRAQ
9302http://www.securityfocus.com/bid/9302BIDExploit