CVE-2004-0940

Current Description

Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.

Basic Data

PublishedFebruary 09, 2005
Last ModifiedJuly 11, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-119
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:M/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score6.9
SeverityMEDIUM
Exploitability Score3.4
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationApacheHttp Server1.3*******
    2.3ApplicationApacheHttp Server1.3.1*******
    2.3ApplicationApacheHttp Server1.3.3*******
    2.3ApplicationApacheHttp Server1.3.4*******
    2.3ApplicationApacheHttp Server1.3.6*******
    2.3ApplicationApacheHttp Server1.3.7*dev*****
    2.3ApplicationApacheHttp Server1.3.9*******
    2.3ApplicationApacheHttp Server1.3.11*******
    2.3ApplicationApacheHttp Server1.3.12*******
    2.3ApplicationApacheHttp Server1.3.14*******
    2.3ApplicationApacheHttp Server1.3.17*******
    2.3ApplicationApacheHttp Server1.3.18*******
    2.3ApplicationApacheHttp Server1.3.19*******
    2.3ApplicationApacheHttp Server1.3.20*******
    2.3ApplicationApacheHttp Server1.3.22*******
    2.3ApplicationApacheHttp Server1.3.23*******
    2.3ApplicationApacheHttp Server1.3.24*******
    2.3ApplicationApacheHttp Server1.3.25*******
    2.3ApplicationApacheHttp Server1.3.26*******
    2.3ApplicationApacheHttp Server1.3.27*******
    2.3ApplicationApacheHttp Server1.3.28*******
    2.3ApplicationApacheHttp Server1.3.29*******
    2.3ApplicationApacheHttp Server1.3.31*******
    2.3ApplicationApacheHttp Server1.3.32*******
    2.3ApplicationOpenpkgOpenpkg2.0*******
    2.3ApplicationOpenpkgOpenpkg2.1*******
    2.3ApplicationOpenpkgOpenpkg2.2*******
    2.3ApplicationOpenpkgOpenpkgcurrent*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSHpHp-ux11.00*******
    2.3OSHpHp-ux11.11*******
    2.3OSHpHp-ux11.20*******
    2.3OSHpHp-ux11.22*******
    2.3OSSlackwareSlackware Linux8.0*******
    2.3OSSlackwareSlackware Linux8.1*******
    2.3OSSlackwareSlackware Linux9.0*******
    2.3OSSlackwareSlackware Linux9.1*******
    2.3OSSlackwareSlackware Linux10.0*******
    2.3OSSlackwareSlackware Linuxcurrent*******
    2.3OSSuseSuse Linux8.0*******
    2.3OSSuseSuse Linux8.1*******
    2.3OSSuseSuse Linux8.2*******
    2.3OSSuseSuse Linux9.0*******
    2.3OSSuseSuse Linux9.0*x86_64*****
    2.3OSSuseSuse Linux9.1*******
    2.3OSSuseSuse Linux9.2*******
    2.3OSTrustixSecure Linux1.5*******

Vulnerable Software List

VendorProductVersions
Openpkg Openpkg 2.0, 2.1, 2.2, current
Slackware Slackware Linux 10.0, 8.0, 8.1, 9.0, 9.1, current
Apache Http Server 1.3, 1.3.1, 1.3.11, 1.3.12, 1.3.14, 1.3.17, 1.3.18, 1.3.19, 1.3.20, 1.3.22, 1.3.23, 1.3.24, 1.3.25, 1.3.26, 1.3.27, 1.3.28, 1.3.29, 1.3.3, 1.3.31, 1.3.32, 1.3.4, 1.3.6, 1.3.7, 1.3.9
Hp Hp-ux 11.00, 11.11, 11.20, 11.22
Trustix Secure Linux 1.5
Suse Suse Linux 8.0, 8.1, 8.2, 9.0, 9.1, 9.2

References

NameSourceURLTags
OpenPKG-SA-2004.047http://marc.info/?l=bugtraq&m=109906660225051&w=2OPENPKG
12898http://secunia.com/advisories/12898/SECUNIA
19073http://secunia.com/advisories/19073SECUNIA
1011783http://securitytracker.com/id?1011783SECTRACK
102197http://sunsolve.sun.com/search/document.do?assetkey=1-26-102197-1SUNALERT
http://support.avaya.com/elmodocs2/security/ASA-2006-081.htmhttp://support.avaya.com/elmodocs2/security/ASA-2006-081.htmCONFIRM
http://www.apacheweek.com/features/security-13http://www.apacheweek.com/features/security-13CONFIRM
DSA-594http://www.debian.org/security/2004/dsa-594DEBIAN
MDKSA-2004:134http://www.mandriva.com/security/advisories?name=MDKSA-2004:134MANDRAKE
RHSA-2004:600http://www.redhat.com/support/errata/RHSA-2004-600.htmlREDHAT
RHSA-2005:816http://www.redhat.com/support/errata/RHSA-2005-816.htmlREDHAT
11471http://www.securityfocus.com/bid/11471BIDExploit Patch Vendor Advisory
ADV-2006-0789http://www.vupen.com/english/advisories/2006/0789VUPEN
apache-modinclude-bo(17785)https://exchange.xforce.ibmcloud.com/vulnerabilities/17785XF