Description
mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
Product(s):
- Apache HTTP Server
- Apache Software Foundation Apache HTTP Server 2.0.35
- Apache Software Foundation Apache HTTP Server 2.0.36
- Apache Software Foundation Apache HTTP Server 2.0.37
- Apache Software Foundation Apache HTTP Server 2.0.38
- Apache Software Foundation Apache HTTP Server 2.0.39
- Apache Software Foundation Apache HTTP Server 2.0.40
- Apache Software Foundation Apache HTTP Server 2.0.41
- Apache Software Foundation Apache HTTP Server 2.0.42
- Apache Software Foundation Apache HTTP Server 2.0.43
- Apache Software Foundation Apache HTTP Server 2.0.44
- Apache Software Foundation Apache HTTP Server 2.0.45
- Apache Software Foundation Apache HTTP Server 2.0.46
- Apache Software Foundation Apache HTTP Server 2.0.47
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2003-0789, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2003-0789 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.