Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-0245Apache Http Server vulnerability

8 documents8 sources
Severity
5.0MEDIUMNVD
EPSS
84.1%
top 0.69%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apache Http Server
Timeline
PublishedJun 9
Latest updateApr 29

Description

Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDapache/http_server9 versions+8

Patches

Patch: www.apache.orgPatch: www.redhat.comPatch: www.apache.org

🔴Vulnerability Details

3
GHSA
GHSA-q57q-7777-f6xg: Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 22022-04-29
OSV
CVE-2003-0245: Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 22003-06-09
CVEList
CVE-2003-0245: Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 22003-05-30

💥Exploits & PoCs

1
Exploit-DB
Apache 2.0.45 - 'APR' Crash2003-06-08

📋Vendor Advisories

2
Red Hat
security flaw2003-05-28
Debian
CVE-2003-0245: apache2 - Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) ...2003

💬Community

1
Bugzilla
CVE-2003-0245 security flaw2018-08-16
CVE-2003-0245 — Apache Http Server vulnerability | cvebase