CVE-2003-0542Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Http Server

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents7 sources
Severity
7.2HIGHNVD
EPSS
0.5%
top 33.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Http Server
Timeline
PublishedNov 3
Latest updateMay 3

Description

Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

NVDapache/http_server36 versions+35

Patches

Patch: www.redhat.comPatch: www.securityfocus.comPatch: www.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-5cfw-vgxw-pqxm: Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 12022-05-03
OSV
CVE-2003-0542: Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 12003-11-03
CVEList
CVE-2003-0542: Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 12003-10-30

📋Vendor Advisories

2
Red Hat
security flaw2003-10-29
Debian
CVE-2003-0542: apache2 - Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for A...2003

💬Community

2
Bugzilla
CVE-2003-0542 security flaw2018-08-16
Bugzilla
CVE-2003-0542 multiple flaws in Apache (CVE-2003-0542, CVE-2003-0987, CVE-2004-0940)2005-10-25
CVE-2003-0542 — Apache Http Server vulnerability | cvebase