CVE-2003-0460 — Apache Http Server vulnerability

3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

9.2%

top 7.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Http Server

Timeline

PublishedAug 27

Latest updateApr 29

Description

The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDapache/http_server1.3.27

Patches

Patch: www.apache.org ↗Patch: www.apache.org ↗

🔴Vulnerability Details

GHSA

GHSA-qh2g-9c2g-cvcr: The rotatelogs program on Apache before 1↗2022-04-29

▶

CVEList

CVE-2003-0460: The rotatelogs program on Apache before 1↗2003-07-25

▶