Vulnerability Name:

CVE-2003-0993 (CCN-15422)

Assigned:2004-03-08
Published:2004-03-08
Updated:2021-06-06
Summary:mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2003-0993

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2004:046

Source: CCN
Type: Apache HTTP Server Project Web site
Welcome! - The Apache HTTP Server Project

Source: CONFIRM
Type: UNKNOWN
http://issues.apache.org/bugzilla/show_bug.cgi?id=23850

Source: MLIST
Type: UNKNOWN
[apache-cvs] 20040307 cvs commit: apache-1.3/src/modules/standard mod_access.c

Source: BUGTRAQ
Type: UNKNOWN
20040512 [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache)

Source: GENTOO
Type: UNKNOWN
GLSA-200405-22

Source: SUNALERT
Type: UNKNOWN
101555

Source: SUNALERT
Type: UNKNOWN
101841

Source: SUNALERT
Type: UNKNOWN
57628

Source: CCN
Type: Sun Alert ID: 57628
Security Vulnerabilities in the Apache Web Server and Apache Modules

Source: CONFIRM
Type: Vendor Advisory
http://www.apacheweek.com/features/security-13

Source: CCN
Type: CIAC Information Bulletin O-103
Apache HTTP Server mod_access Information Disclosure

Source: CCN
Type: CIAC INFORMATION BULLETIN P-273
Updated Solaris 8 Patches for Apache Security Vulnerabilities

Source: CCN
Type: GLSA-200405-22
Apache 1.3: Multiple vulnerabilities

Source: CCN
Type: Trustix Secure Linux Security Advisory #2004-0027
apache

Source: CCN
Type: GLSA 200405-22
Apache 1.3: Multiple vulnerabilities

Source: CCN
Type: OpenBSD 3.4 errata Web site
014: SECURITY FIX: March 13, 2004

Source: CCN
Type: OpenBSD 3.3 errata Web site
019: SECURITY FIX: March 13, 2004

Source: CCN
Type: OpenPKG-SA-2004.021
Apache

Source: CCN
Type: OSVDB ID: 4181
Apache HTTP Server mod_access IP Address Netmask Rule Bypass

Source: BID
Type: Patch, Vendor Advisory
9829

Source: CCN
Type: BID-9829
Apache Mod_Access Access Control Rule Bypass Vulnerability

Source: CCN
Type: BID-9876
VocalTec VGW4/8 Telephony Gateway Remote Authentication Bypass Vulnerability

Source: SLACKWARE
Type: UNKNOWN
SSA:2004-133

Source: CCN
Type: slackware-security Mailing List, Wed, 12 May 2004 16:54:58 -0700 (PDT)
apache (SSA:2004-133-01)

Source: TRUSTIX
Type: UNKNOWN
2004-0027

Source: CCN
Type: TLSA-2004-17
Multiple vulnerabilities in apache

Source: XF
Type: UNKNOWN
apache-modaccess-obtain-information(15422)

Source: XF
Type: UNKNOWN
apache-modaccess-obtain-information(15422)

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073149 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:100111

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:4670

Source: SUSE
Type: SUSE-SA:2003:014
kdelibs: remote file creation

Source: SUSE
Type: SUSE-SA:2004:015
cvs: remote command execution

Vulnerable Configuration:Configuration 1:
  • cpe:/a:apache:http_server:1.3:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.22:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.23:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.4:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.18:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.19:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.20:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.11:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.12:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.24:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.27:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.25:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.28:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.7:*:dev:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.6:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.17:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.26:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.9:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.14:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.29:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:apache:http_server:1.3:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.19:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.26:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.6:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.9:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.12:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.20:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.23:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.17:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.14:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.11:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.27:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.28:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.29:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.24:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.22:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.4:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.18:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.25:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.7:*:*:*:*:*:*:*
  • AND
  • cpe:/o:sun:solaris:8:*:sparc:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.04:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:6.5:*:*:*:server:*:*:*
  • OR cpe:/o:trustix:secure_linux:1.5:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_linux_database_server:*:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_linux_connectivity_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9:*:sparc:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_linux_office_server:*:*:*:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:current:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux_server:6.1:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:6.0:*:*:*:workstation:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:1.3:*:*:*:*:*:*:*
  • OR cpe:/o:openbsd:openbsd:3.3:*:*:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:openbsd:openbsd:3.4:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.1:*:ppc:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:amd64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:x86_64:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20030993
    V
    		CVE-2003-0993
    2015-11-16
    oval:org.mitre.oval:def:100111
    V
    		Apache Allow/Deny Parsing Error
    2005-11-16
    oval:org.mitre.oval:def:4670
    V
    		Apache Mod_Access Access Control Rule Bypass Vulnerability
    2004-12-09
    BACK
    apache http server 1.3
    apache http server 1.3.1
    apache http server 1.3.22
    apache http server 1.3.23
    apache http server 1.3.3
    apache http server 1.3.4
    apache http server 1.3.18
    apache http server 1.3.19
    apache http server 1.3.20
    apache http server 1.3.11
    apache http server 1.3.12
    apache http server 1.3.24
    apache http server 1.3.27
    apache http server 1.3.25
    apache http server 1.3.28
    apache http server 1.3.7
    apache http server 1.3.6
    apache http server 1.3.17
    apache http server 1.3.26
    apache http server 1.3.9
    apache http server 1.3.14
    apache http server 1.3.29
    apache http server 1.3
    apache http server 1.3.1
    apache http server 1.3.19
    apache http server 1.3.26
    apache http server 1.3.6
    apache http server 1.3.9
    apache http server 1.3.12
    apache http server 1.3.20
    apache http server 1.3.23
    apache http server 1.3.17
    apache http server 1.3.14
    apache http server 1.3.11
    apache http server 1.3.27
    apache http server 1.3.28
    apache http server 1.3.29
    apache http server 1.3.3
    apache http server 1.3.24
    apache http server 1.3.22
    apache http server 1.3.4
    apache http server 1.3.18
    apache http server 1.3.25
    apache http server 1.3.7
    sun solaris 8
    hp hp-ux 11.04
    mandrakesoft mandrake linux corporate server 1.0.1
    turbolinux turbolinux server 6.5
    trustix secure linux 1.5
    suse suse linux database server *
    suse suse linux connectivity server *
    sun solaris 9
    slackware slackware linux 8.1
    openpkg openpkg current
    gentoo linux *
    suse suse linux office server *
    mandrakesoft mandrake multi network firewall 8.2
    slackware slackware linux current
    turbolinux turbolinux server 6.1
    turbolinux turbolinux workstation 6.0
    mandrakesoft mandrake linux corporate server 2.1
    mandrakesoft mandrake linux 9.1
    slackware slackware linux 9.0
    openpkg openpkg 1.3
    openbsd openbsd 3.3
    slackware slackware linux 9.1
    suse suse linux 9.0
    mandrakesoft mandrake linux 9.2
    openbsd openbsd 3.4
    openpkg openpkg 2.0
    mandrakesoft mandrake linux 10.0
    mandrakesoft mandrake linux 9.1
    mandrakesoft mandrake linux 9.2
    mandrakesoft mandrake linux 10.0
    mandrakesoft mandrake linux corporate server 2.1