NVD脆弱性詳細

CVE-2003-0542

概要	Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
公表日	2003年11月3日14:00
登録日	2021年1月29日18:02
最終更新日	2023年11月7日10:56

CVSS2.0 : HIGH
スコア	7.2
ベクター	AV:L/AC:L/Au:N/C:C/I:C/A:C
攻撃元区分(AV)	ローカル
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高
全ての特権を取得	はい
ユーザー権限を取得	いいえ
その他の権限を取得	いいえ
ユーザー操作が必要	いいえ

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:apache:http_server:2.0.42:::::::*
cpe:2.3:a:apache:http_server:1.3.23:::::::*
cpe:2.3:a:apache:http_server:2.0.47:::::::*
cpe:2.3:a:apache:http_server:1.3.27:::::::*
cpe:2.3:a:apache:http_server:2.0.35:::::::*
cpe:2.3:a:apache:http_server:2.0.37:::::::*
cpe:2.3:a:apache:http_server:2.0.44:::::::*
cpe:2.3:a:apache:http_server:1.3.1:::::::*
cpe:2.3:a:apache:http_server:1.3.25:::::::*
cpe:2.3:a:apache:http_server:1.3.28:::::::*
cpe:2.3:a:apache:http_server:1.3.19:::::::*
cpe:2.3:a:apache:http_server:2.0.39:::::::*
cpe:2.3:a:apache:http_server:1.3.24:::::::*
cpe:2.3:a:apache:http_server:1.3.20:::::::*
cpe:2.3:a:apache:http_server:1.3.6:::::::*
cpe:2.3:a:apache:http_server:2.0.41:::::::*
cpe:2.3:a:apache:http_server:1.3.4:::::::*
cpe:2.3:a:apache:http_server:1.3.18:::::::*
cpe:2.3:a:apache:http_server:2.0.32:::::::*
cpe:2.3:a:apache:http_server:2.0.38:::::::*
cpe:2.3:a:apache:http_server:1.3:::::::*
cpe:2.3:a:apache:http_server:1.3.12:::::::*
cpe:2.3:a:apache:http_server:1.3.3:::::::*
cpe:2.3:a:apache:http_server:1.3.17:::::::*
cpe:2.3:a:apache:http_server:2.0.45:::::::*
cpe:2.3:a:apache:http_server:1.3.26:::::::*
cpe:2.3:a:apache:http_server:1.3.9:::::::*
cpe:2.3:a:apache:http_server:2.0.40:::::::*
cpe:2.3:a:apache:http_server:2.0.36:::::::*
cpe:2.3:a:apache:http_server:1.3.14:::::::*
cpe:2.3:a:apache:http_server:2.0.46:::::::*
cpe:2.3:a:apache:http_server:1.3.22:::::::*
cpe:2.3:a:apache:http_server:1.3.11:::::::*
cpe:2.3:a:apache:http_server:2.0.43:::::::*
cpe:2.3:a:apache:http_server:2.0.28:::::::*
cpe:2.3:a:apache:http_server:2.0:::::::*

関連情報、対策とツール

No	URL	refsource	タグ
1	http://www.securityfocus.com/bid/8911	BID	Patch Vendor Advisory
2	http://www.redhat.com/support/errata/RHSA-2004-015.html	REDHAT	Patch Vendor Advisory
3	http://httpd.apache.org/dist/httpd/Announcement2.html	CONFIRM
4	http://www.securityfocus.com/archive/1/342674	BUGTRAQ
5	http://www.securityfocus.com/advisories/6079	HP
6	http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:103	MANDRAKE
7	http://www.redhat.com/support/errata/RHSA-2003-320.html	REDHAT
8	http://www.redhat.com/support/errata/RHSA-2003-360.html	REDHAT
9	http://www.redhat.com/support/errata/RHSA-2003-405.html	REDHAT
10	ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.6/SCOSA-2004.6.txt	SCO
11	ftp://patches.sgi.com/support/free/security/advisories/20031203-01-U.asc	SGI
12	http://lists.apple.com/mhonarc/security-announce/msg00045.html	CONFIRM
13	http://www.kb.cert.org/vuls/id/434566	CERT-VN	US Government Resource
14	http://www.kb.cert.org/vuls/id/549142	CERT-VN	US Government Resource
15	http://secunia.com/advisories/10096	SECUNIA
16	http://secunia.com/advisories/10098	SECUNIA
17	http://secunia.com/advisories/10102	SECUNIA
18	http://secunia.com/advisories/10112	SECUNIA
19	http://secunia.com/advisories/10114	SECUNIA
20	http://secunia.com/advisories/10153	SECUNIA
21	http://secunia.com/advisories/10260	SECUNIA
22	http://secunia.com/advisories/10264	SECUNIA
23	http://secunia.com/advisories/10463	SECUNIA
24	http://www.securityfocus.com/bid/9504	BID
25	http://www.redhat.com/support/errata/RHSA-2005-816.html	REDHAT
26	http://sunsolve.sun.com/search/document.do?assetkey=1-26-101444-1	SUNALERT
27	http://sunsolve.sun.com/search/document.do?assetkey=1-26-101841-1	SUNALERT
28	http://lists.apple.com/archives/security-announce/2004/Jan/msg00000.html	APPLE
29	ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc	SGI
30	http://secunia.com/advisories/10580	SECUNIA
31	http://secunia.com/advisories/10593	SECUNIA
32	http://marc.info/?l=bugtraq&m=130497311408250&w=2	HP
33	http://docs.info.apple.com/article.html?artnum=61798	CONFIRM
34	http://marc.info/?l=bugtraq&m=106761802305141&w=2	BUGTRAQ
35	https://exchange.xforce.ibmcloud.com/vulnerabilities/13400	XF
36	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9458	OVAL
37	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A864	OVAL
38	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A863	OVAL
39	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3799	OVAL
40	https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
41	https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
42	https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
43	https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
44	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
45	https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571%40%3Ccvs.httpd.apache.org%3E
46	https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
47	https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce%40%3Ccvs.httpd.apache.org%3E
48	https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
49	https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
50	https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594%40%3Ccvs.httpd.apache.org%3E
51	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
52	https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E
53	https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html

構成1	以上	以下	より上	未満
cpe:2.3:a:apache:http_server:2.0.42:::::::*
cpe:2.3:a:apache:http_server:1.3.23:::::::*
cpe:2.3:a:apache:http_server:2.0.47:::::::*
cpe:2.3:a:apache:http_server:1.3.27:::::::*
cpe:2.3:a:apache:http_server:2.0.35:::::::*
cpe:2.3:a:apache:http_server:2.0.37:::::::*
cpe:2.3:a:apache:http_server:2.0.44:::::::*
cpe:2.3:a:apache:http_server:1.3.1:::::::*
cpe:2.3:a:apache:http_server:1.3.25:::::::*
cpe:2.3:a:apache:http_server:1.3.28:::::::*
cpe:2.3:a:apache:http_server:1.3.19:::::::*
cpe:2.3:a:apache:http_server:2.0.39:::::::*
cpe:2.3:a:apache:http_server:1.3.24:::::::*
cpe:2.3:a:apache:http_server:1.3.20:::::::*
cpe:2.3:a:apache:http_server:1.3.6:::::::*
cpe:2.3:a:apache:http_server:2.0.41:::::::*
cpe:2.3:a:apache:http_server:1.3.4:::::::*
cpe:2.3:a:apache:http_server:1.3.18:::::::*
cpe:2.3:a:apache:http_server:2.0.32:::::::*
cpe:2.3:a:apache:http_server:2.0.38:::::::*
cpe:2.3:a:apache:http_server:1.3:::::::*
cpe:2.3:a:apache:http_server:1.3.12:::::::*
cpe:2.3:a:apache:http_server:1.3.3:::::::*
cpe:2.3:a:apache:http_server:1.3.17:::::::*
cpe:2.3:a:apache:http_server:2.0.45:::::::*
cpe:2.3:a:apache:http_server:1.3.26:::::::*
cpe:2.3:a:apache:http_server:1.3.9:::::::*
cpe:2.3:a:apache:http_server:2.0.40:::::::*
cpe:2.3:a:apache:http_server:2.0.36:::::::*
cpe:2.3:a:apache:http_server:1.3.14:::::::*
cpe:2.3:a:apache:http_server:2.0.46:::::::*
cpe:2.3:a:apache:http_server:1.3.22:::::::*
cpe:2.3:a:apache:http_server:1.3.11:::::::*
cpe:2.3:a:apache:http_server:2.0.43:::::::*
cpe:2.3:a:apache:http_server:2.0.28:::::::*
cpe:2.3:a:apache:http_server:2.0:::::::*