Description
Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
Product(s):
- Apache Software Foundation Apache HTTP Server 1.3.11
- Apache Software Foundation Apache HTTP Server 1.3.12
- Apache Software Foundation Apache HTTP Server 1.3.14
- Apache Software Foundation Apache HTTP Server 1.3.17
- Apache Software Foundation Apache HTTP Server 1.3.18
- Apache Software Foundation Apache HTTP Server 1.3.19
- Apache Software Foundation Apache HTTP Server 1.3.1
- Apache Software Foundation Apache HTTP Server 1.3.20
- Apache Software Foundation Apache HTTP Server 1.3.22
- Apache Software Foundation Apache HTTP Server 1.3.23
- Apache Software Foundation Apache HTTP Server 1.3.24
- Apache Software Foundation Apache HTTP Server 1.3.25
- Apache Software Foundation Apache HTTP Server 1.3.26
- Apache Software Foundation Apache HTTP Server 1.3.27
- Apache Software Foundation Apache HTTP Server 1.3.28
- Apache Software Foundation Apache HTTP Server 1.3.3
- Apache Software Foundation Apache HTTP Server 1.3.4
- Apache Software Foundation Apache HTTP Server 1.3.6
- Apache Software Foundation Apache HTTP Server 1.3.9
- Apache Software Foundation Apache HTTP Server 1.3
- Apache Software Foundation Apache HTTP Server 2.0.28
- Apache Software Foundation Apache HTTP Server 2.0.28 Beta
- Apache Software Foundation Apache HTTP Server 2.0.32
- Apache Software Foundation Apache HTTP Server 2.0.32 Beta
- Apache Software Foundation Apache HTTP Server 2.0.35
- Apache Software Foundation Apache HTTP Server 2.0.36
- Apache Software Foundation Apache HTTP Server 2.0.37
- Apache Software Foundation Apache HTTP Server 2.0.38
- Apache Software Foundation Apache HTTP Server 2.0.39
- Apache Software Foundation Apache HTTP Server 2.0.40
- Apache Software Foundation Apache HTTP Server 2.0.41
- Apache Software Foundation Apache HTTP Server 2.0.42
- Apache Software Foundation Apache HTTP Server 2.0.43
- Apache Software Foundation Apache HTTP Server 2.0.44
- Apache Software Foundation Apache HTTP Server 2.0.45
- Apache Software Foundation Apache HTTP Server 2.0.46
- Apache Software Foundation Apache HTTP Server 2.0.47
- Apache Software Foundation Apache HTTP Server 2.0
- Apache Software Foundation HTTP Server 2.0 Alpha 9
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2003-0542, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2003-0542 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.
References:
- http://webappsec.pbworks.com/Buffer-Overflow
- https://capec.mitre.org/data/definitions/10.html
- https://capec.mitre.org/data/definitions/100.html
- https://capec.mitre.org/data/definitions/123.html
- https://capec.mitre.org/data/definitions/14.html
- https://capec.mitre.org/data/definitions/24.html
- https://capec.mitre.org/data/definitions/42.html
- https://capec.mitre.org/data/definitions/44.html
- https://capec.mitre.org/data/definitions/45.html
- https://capec.mitre.org/data/definitions/46.html
- https://capec.mitre.org/data/definitions/47.html
- https://capec.mitre.org/data/definitions/8.html
- https://capec.mitre.org/data/definitions/9.html
- https://nvd.nist.gov/vuln/detail/CVE-2003-0542