CVE-2004-2343

Sažetak

Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument

Reference

http://archives.neohapsis.com/archives/bugtraq/2004-02/0043.html
http://archives.neohapsis.com/archives/bugtraq/2004-02/0064.html
http://archives.neohapsis.com/archives/bugtraq/2004-02/0120.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/15015

CVSS

Base:	7.2
Impact:	10.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

08-08-2024 - 02:15

Objavljeno

31-12-2004 - 05:00