Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-0940

CWE-131 CWE-119 — Buffer Overflow8 documents6 sources

Severity

7.8HIGH

EPSS

3.7%

top 12.07%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Apache Http Server HP Hp-ux Openpkg Openpkg +3 more

Timeline

PublishedFeb 9

Latest updateApr 29

Description

Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages6 packages

▶NVDapache/http_server1.3 — 1.3.32

▶NVDhp/hp-ux4 versions+3

▶NVDopenpkg/openpkg2.0, 2.1, 2.2+2

▶NVDsuse/suse_linux6 versions+5

▶NVDtrustix/secure_linux1.5

Patches

Patch: www.securityfocus.com ↗Patch: lists.apache.org ↗Patch: lists.apache.org ↗

🔴Vulnerability Details

GHSA

GHSA-cx2h-jfxr-vw9c: Buffer overflow in the get_tag function in mod_include for Apache 1↗2022-04-29

▶

CVEList

CVE-2004-0940: Buffer overflow in the get_tag function in mod_include for Apache 1↗2004-10-26

▶

💥Exploits & PoCs

Exploit-DB

Apache 1.3.31 mod_include - Local Buffer Overflow↗2004-10-21

▶

Exploit-DB

Apache 1.3.x mod_include - Local Buffer Overflow↗2004-10-18

▶

📋Vendor Advisories

Red Hat

httpd mod_include SSI overflow↗2004-10-21

▶

💬Community

Bugzilla

CVE-2004-0940 httpd mod_include SSI overflow↗2008-01-28

▶

Bugzilla

CVE-2003-0542 multiple flaws in Apache (CVE-2003-0542, CVE-2003-0987, CVE-2004-0940)↗2005-10-25

▶