Vulnerability Name:

CCN-13703

Published:2003-11-11
Updated:2003-11-11
Summary:In order to mitigate the impact of a successful attack, a special user, with minimal privileges, should be used to run the Apache HTTP Server. Specifically, do not use 'root', (or 'nobody' because it is often mapped to root under NFS). The httpd.conf 'User' directive defines the effective user for httpd.

NOTE: The system initialization scripts always start httpd as root. This is necessary to enable it to launch servers with the effective user defined in the httpd.conf file.
CVSS v3 Severity:
CVSS v2 Severity:
Vulnerability Consequences:Informational
References:Source: CCN
Type: Apache Web site
Welcome! - The Apache Software Foundation

Source: XF
Type: UNKNOWN
apache-user(13703)

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/o:hp:hp-ux:10.20:*:*:*:*:*:*:*
  • AND
  • cpe:/a:apache:http_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:2.6::sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:8::sparc:*:*:*:*:*
  • OR cpe:/o:ibm:aix:4:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:7.0::sparc:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    hp hp-ux 10.20
    apache http server *
    sun solaris 2.6
    sun solaris 8
    ibm aix 4
    hp hp-ux 11
    redhat linux 7
    redhat linux 7.1
    redhat linux 7.2
    redhat linux 7.3
    sun solaris 7.0