CVE-2004-0747 — Incorrect Calculation of Buffer Size in Apache Http Server

CWE-131 — Incorrect Calculation of Buffer Size CWE-120 — Classic Buffer Overflow7 documents7 sources

Severity

7.8HIGHNVD

EPSS

1.4%

top 19.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Http Server

Timeline

PublishedOct 20

Latest updateApr 29

Description

Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

▶NVDapache/http_server2.0.35 — 2.0.51

Patches

Patch: lists.apache.org ↗Patch: lists.apache.org ↗Patch: lists.apache.org ↗

🔴Vulnerability Details

GHSA

GHSA-9q6c-grq3-7prg: Buffer overflow in Apache 2↗2022-04-29

▶

OSV

CVE-2004-0747: Buffer overflow in Apache 2↗2004-10-20

▶

CVEList

CVE-2004-0747: Buffer overflow in Apache 2↗2004-09-17

▶

📋Vendor Advisories

Red Hat

security flaw↗2004-09-15

▶

Debian

CVE-2004-0747: apache2 - Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache p...↗2004

▶

💬Community

Bugzilla

CVE-2004-0747 security flaw↗2018-08-16

▶