Apache HTTP Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2004-0940)

Description

Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.

Remediation

References

CVE-2004-0940

Related Vulnerabilities

Apache Tomcat Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-12615)

MySQL CVE-2022-21372 Vulnerability (CVE-2022-21372)

WordPress Plugin myCred-Points, Rewards, Gamification, Ranks, Badges & Loyalty Cross-Site Scripting (2.3.2)

Squid Missing Authentication for Critical Function Vulnerability (CVE-2019-12524)

Java Denial of Service (DoS) Vulnerability (CVE-2019-2762)

Severity

Medium

Classification

CVE-2004-0940 CWE-119