Vulnerability CVE-2003-0134 - CERT Civis.Net

Vulnerability Name:

CVE-2003-0134 (CCN-11694)

Assigned:

2003-04-02

Published:

2003-04-02

Updated:

2021-06-06

Summary:

Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Denial of Service

References:

Source: CCN
Type: BugTraq Mailing List, Wed Apr 02 2003 - 01:38:28 CST
[ANNOUNCE] Apache 2.0.45 Released

Source: MITRE
Type: CNA
CVE-2003-0134

Source: CCN
Type: Apache Web site
CVS log for apr/file_io/os2/filestat.c

Source: CONFIRM
Type: Patch
http://cvs.apache.org/viewcvs/apr/file_io/os2/filestat.c.diff?r1=1.34&r2=1.35

Source: BUGTRAQ
Type: UNKNOWN
20030402 [ANNOUNCE] Apache 2.0.45 Released

Source: BUGTRAQ
Type: UNKNOWN
20030528 [SECURITY] [ANNOUNCE] Apache 2.0.46 released

Source: CCN
Type: OSVDB ID: 9713
Apache HTTP Server on OS2 filestat.c Device Name Request DoS

Source: CCN
Type: BID-7332
Apache Web Server OS2 Filestat Denial Of Service Vulnerability

Source: XF
Type: UNKNOWN
apache-filestat-dos(11694)

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073149 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/

Vulnerable Configuration:

Configuration 1:

cpe:/a:apache:http_server:2.0.32:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:2.0.35:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:2.0.36:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:2.0.43:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:2.0.44:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:2.0.37:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:2.0.38:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:2.0.45:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:2.0.9:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:2.0:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:2.0.28:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:2.0.41:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:2.0.42:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:2.0.39:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:2.0.40:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:apache:http_server:2.0:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:2.0.38:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:2.0.39:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:2.0.42:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:2.0.40:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:2.0.28:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:2.0.32:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:2.0.35:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:2.0.36:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:2.0.37:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:2.0.41:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:2.0.43:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:2.0.44:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:2.0.45:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:2.0.9:*:*:*:*:*:*:*

Denotes that component is vulnerable