| Vulnerability Name: | CVE-2003-0084 (CCN-11893) | ||||||||
| Assigned: | 2003-04-28 | ||||||||
| Published: | 2003-04-28 | ||||||||
| Updated: | 2017-07-11 | ||||||||
| Summary: | mod_auth_any package in Red Hat Enterprise Linux 2.1 and other operating systems does not properly escape arguments when calling other programs, which allows attackers to execute arbitrary commands via shell metacharacters. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2003-0084 Source: CCN Type: RHSA-2003-113 Updated mod_auth_any packages available Source: CCN Type: RHSA-2003-114 mod_auth_any security update Source: REDHAT Type: Patch, Vendor Advisory RHSA-2003:114 Source: CCN Type: CIAC Information Bulletin N-090 Red Hat mod_auth_any Vulnerabilities Source: CIAC Type: UNKNOWN N-090 Source: CONFIRM Type: UNKNOWN http://www.itlab.musc.edu/webNIS/mod_auth_any.html Source: CCN Type: mod_auth_any Web site Apache Module: mod_auth_any Source: REDHAT Type: UNKNOWN RHSA-2003:113 Source: BID Type: Patch, Vendor Advisory 7448 Source: CCN Type: BID-7448 Apache Mod_Auth_Any Remote Command Execution Vulnerability Source: XF Type: UNKNOWN modauthany-command-execution(11893) Source: XF Type: UNKNOWN modauthany-command-execution(11893) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||