Vulnerability CVE-2003-1418

Vulnerability Name:

CVE-2003-1418 (CCN-11438)

Assigned:

2003-02-25

Published:

2003-02-25

Updated:

2017-10-20

Summary:

Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child process IDs (PID).

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-200

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2003-1418

Source: CCN
Type: OpenBSD 3.2 errata
008: SECURITY FIX: February 25, 2003

Source: OPENBSD
Type: UNKNOWN
[3.2] 008: SECURITY FIX: February 25, 2003

Source: CCN
Type: Oracle CPUOct2017
Oracle Critical Patch Update Advisory - October 2017

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Source: CCN
Type: OSVDB ID: 60395
Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure

Source: CCN
Type: OSVDB ID: 60396
Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure

Source: BID
Type: UNKNOWN
6939

Source: CCN
Type: BID-6939
Apache Web Server ETag Header Information Disclosure Weakness

Source: BID
Type: Patch
6943

Source: CCN
Type: BID-6943
Apache Web Server MIME Boundary Information Disclosure Vulnerability

Source: XF
Type: UNKNOWN
apache-mime-information-disclosure(11438)

Source: XF
Type: UNKNOWN
apache-mime-information-disclosure(11438)

Vulnerable Configuration:

Configuration 1:

cpe:/a:apache:http_server:1.3.22:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:1.3.23:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:1.3.24:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:1.3.25:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:1.3.26:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:1.3.27:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:apache:http_server:1.3.26:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:1.3.23:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:1.3.27:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:1.3.24:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:1.3.22:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:1.3.25:*:*:*:*:*:*:*

AND

cpe:/o:openbsd:openbsd:3.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:http_server:11.1.1.9.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:http_server:12.1.3.0.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20031418	V	CVE-2003-1418	2022-05-20
oval:org.opensuse.security:def:33045	P	Security update for postgresql96 (Important)	2021-11-22
oval:org.opensuse.security:def:32214	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:33006	P	Security update for openssl (Low)	2021-09-20
oval:org.opensuse.security:def:26123	P	Security update for openssl-1_0_0 (Low)	2021-09-09
oval:org.opensuse.security:def:32158	P	Security update for dbus-1 (Important)	2021-08-02
oval:org.opensuse.security:def:42489	P	apache2-2.2.12-1.51.52.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:31634	P	Security update for qemu (Important)	2021-06-08
oval:org.opensuse.security:def:36082	P	apache2-2.2.12-1.51.52.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36370	P	apache2-2.2.12-1.51.52.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:26057	P	Security update for libX11 (Moderate)	2021-05-26
oval:org.opensuse.security:def:26208	P	Security update for git (Important)	2021-03-09
oval:org.opensuse.security:def:26204	P	Security update for freeradius-server (Low)	2021-03-04
oval:org.opensuse.security:def:32263	P	Security update for java-1_8_0-ibm (Important)	2021-02-26
oval:org.opensuse.security:def:25973	P	Security update for the Linux Kernel (Important)	2020-12-09
oval:org.opensuse.security:def:31560	P	Security update for python-cryptography (Moderate)	2020-12-04
oval:org.opensuse.security:def:32002	P	Security update for gdm (Important)	2020-12-03
oval:org.opensuse.security:def:31915	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:27368	P	apache2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25643	P	Security update for hunspell (Low)	2020-12-01
oval:org.opensuse.security:def:26407	P	Security update for libmad (Moderate)	2020-12-01
oval:org.opensuse.security:def:31858	P	Security update for cups (Important)	2020-12-01
oval:org.opensuse.security:def:25995	P	Security update for mariadb (Moderate)	2020-12-01
oval:org.opensuse.security:def:27333	P	xorg-x11-libXrender-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25632	P	Security update for aspell (Moderate)	2020-12-01
oval:org.opensuse.security:def:26363	P	Security update for libgit2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31766	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:25931	P	Security update for libcares2 (Low)	2020-12-01
oval:org.opensuse.security:def:26695	P	fetchmail on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25631	P	Security update for tar (Moderate)	2020-12-01
oval:org.opensuse.security:def:26349	P	Security update for redis (Moderate)	2020-12-01
oval:org.opensuse.security:def:26496	P	Security update for tmux (Moderate)	2020-12-01
oval:org.opensuse.security:def:25920	P	Security update for gstreamer-plugins-base (Moderate)	2020-12-01
oval:org.opensuse.security:def:26651	P	xen on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26310	P	Security update for Cloud Compute 12 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26345	P	Security update for libgit2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25916	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:32368	P	Security update for tar (Moderate)	2020-12-01
oval:org.opensuse.security:def:25919	P	Security update for libplist (Moderate)	2020-12-01
oval:org.opensuse.security:def:26637	P	ruby on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26261	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:25835	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:27080	P	apache2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31549	P	Security update for screen (Low)	2020-12-01
oval:org.opensuse.security:def:32324	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:26598	P	libpulse-browse0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25707	P	Security update for java-1_7_1-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:27045	P	tgt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31548	P	Security update for sblim-sfcb (Moderate)	2020-12-01
oval:org.opensuse.security:def:32302	P	Security update for python (Important)	2020-12-01
oval:org.opensuse.security:def:26549	P	ft2demos on GA media (Moderate)	2020-12-01

BACK