Vulnerability Name:

CCN-13688

Published:2003-11-11
Updated:2003-11-11
Summary:The Apache HTTP Server configuration allows Server Side Includes (SSI). SSI's allow dynamic content, such as the date or hit counters to be embedded in Web pages. SSI's can potentially be abused to execute operating system commands in ways not intended by the developer. The 'Options' configuration file directive controls SSI execution.
CVSS v3 Severity:
CVSS v2 Severity:
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: Apache Web site
Welcome! - The Apache Software Foundation

Source: XF
Type: UNKNOWN
apache-ssi(13688)

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/o:hp:hp-ux:10.20:*:*:*:*:*:*:*
  • AND
  • cpe:/a:apache:http_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:2.6::sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:8::sparc:*:*:*:*:*
  • OR cpe:/o:ibm:aix:4:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:7.0::sparc:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    hp hp-ux 10.20
    apache http server *
    sun solaris 2.6
    sun solaris 8
    ibm aix 4
    hp hp-ux 11
    redhat linux 7
    redhat linux 7.1
    redhat linux 7.2
    redhat linux 7.3
    sun solaris 7.0