Summary
According to its version number, the remote version of Apache Web Server is prone to a local buffer-overflow vulnerability that affects a configuration file environment variable. This occurs because the application fails to validate user-supplied string lengths before copying them into finite process buffers.
An attacker may leverage this issue to execute arbitrary code on the affected computer with the privileges of the Apache webserver process.
Solution
The vendor has released an upgrade. Please see
http://www.apache.org/dist/httpd/Announcement2.html for more information.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2004-0747 -
CVSS Base Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
- appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability
- Alt-N WebAdmin Remote Source Code Information Disclosure Vulnerability
- AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
- Adobe ColdFusion Multiple Full Path Disclosure Vulnerabilities