Vulnerability Name: | CVE-2004-1834 (CCN-15547) |
Assigned: | 2004-03-20 |
Published: | 2004-03-20 |
Updated: | 2021-06-06 |
Summary: | mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information. |
CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)Exploitability Metrics: | Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None | Scope: | Scope (S): Unchanged
| Impact Metrics: | Confidentiality (C): Low Integrity (I): None Availibility (A): None |
|
CVSS v2 Severity: | 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)Exploitability Metrics: | Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None | Impact Metrics: | Confidentiality (C): Partial Integrity (I): None Availibility (A): None | 2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)Exploitability Metrics: | Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
| Impact Metrics: | Confidentiality (C): Partial Integrity (I): None Availibility (A): None |
|
Vulnerability Type: | CWE-Other
|
Vulnerability Consequences: | Obtain Information |
References: | Source: CCN Type: BugTraq Mailing List, Sat Mar 20 2004 - 10:00:37 CST Apache mod_disk_cache stores client authentication credentials on
Source: MITRE Type: CNA CVE-2004-1834
Source: CCN Type: Apache HTTP Server Project Web site Welcome! - The Apache HTTP Server Project
Source: BUGTRAQ Type: UNKNOWN 20040319 Apache mod_disk_cache stores client authentication credentials on disk
Source: CCN Type: RHSA-2004-562 httpd security update
Source: CCN Type: SA11176 Apache 2 mod_disk_cache Stores Credentials
Source: SECUNIA Type: Exploit, Vendor Advisory 11176
Source: CCN Type: SA19072 Sun Solaris Multiple Apache2 Vulnerabilities
Source: SECUNIA Type: UNKNOWN 19072
Source: CCN Type: SECTRACK ID: 1009509 Apache mod_disk_cache Stores Authentication Credentials on Disk
Source: SECTRACK Type: Exploit, Vendor Advisory 1009509
Source: SUNALERT Type: UNKNOWN 102198
Source: CONFIRM Type: UNKNOWN http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm
Source: CCN Type: GLSA 200403-04 Multiple security vulnerabilities in Apache 2
Source: OSVDB Type: Exploit, Vendor Advisory 4446
Source: CCN Type: OSVDB ID: 4446 Apache HTTP Server mod_disk_cache Stores Credentials
Source: REDHAT Type: UNKNOWN RHSA-2004:562
Source: BID Type: Patch, Vendor Advisory 9933
Source: CCN Type: BID-9933 Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
Source: VUPEN Type: UNKNOWN ADV-2006-0789
Source: XF Type: UNKNOWN apache-moddiskcache-obtain-info(15547)
Source: XF Type: UNKNOWN apache-moddiskcache-obtain-info(15547)
Source: MLIST Type: UNKNOWN [httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Source: MLIST Type: UNKNOWN [httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Source: MLIST Type: UNKNOWN [httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Source: MLIST Type: UNKNOWN [httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Source: MLIST Type: UNKNOWN [httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Source: MLIST Type: UNKNOWN [httpd-cvs] 20210330 svn commit: r1073149 [4/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
Source: MLIST Type: UNKNOWN [httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Source: MLIST Type: UNKNOWN [httpd-cvs] 20210422 svn commit: r1074079 [2/3] - in /websites/staging/httpd/trunk/content: ./ apreq/ contribute/ contributors/ dev/ docs-project/ docs/ info/ mod_fcgid/ mod_ftp/ mod_mbox/ mod_smtpd/ modules/ security/ test/ test/flood/
Source: MLIST Type: UNKNOWN [httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/
Source: MLIST Type: UNKNOWN [httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
Source: MLIST Type: UNKNOWN [httpd-cvs] 20210330 svn commit: r1888194 [3/13] - /httpd/site/trunk/content/security/json/
Source: MLIST Type: UNKNOWN [httpd-cvs] 20210330 svn commit: r1073139 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
Source: MLIST Type: UNKNOWN [httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:11133
|
Vulnerable Configuration: | Configuration 1: cpe:/a:apache:http_server:2.0.35:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.36:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.43:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.44:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.28:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.39:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.40:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.47:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.48:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.37:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.38:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.45:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.46:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.28:beta:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.32:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.41:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.42:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.49:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.9:*:*:*:*:*:*:* Configuration RedHat 1: cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:* Configuration CCN 1: cpe:/a:apache:http_server:2.0.28:beta:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.38:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.39:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.42:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.47:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.49:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.48:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.40:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.46:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.28:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.32:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.35:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.36:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.37:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.41:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.43:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.44:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.45:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.9:*:*:*:*:*:*:*AND cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
Denotes that component is vulnerable |
Oval Definitions |
Definition ID | Class | Title | Last Modified |
---|
oval:org.mitre.oval:def:11133 | V | mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information. | 2013-04-29 | oval:com.redhat.rhsa:def:20040562 | P | RHSA-2004:562: httpd security update (Important) | 2004-11-12 |
|
BACK |
apache http server 2.0.35
apache http server 2.0.36
apache http server 2.0.43
apache http server 2.0.44
apache http server 2.0
apache http server 2.0.28
apache http server 2.0.39
apache http server 2.0.40
apache http server 2.0.47
apache http server 2.0.48
apache http server 2.0.37
apache http server 2.0.38
apache http server 2.0.45
apache http server 2.0.46
apache http server 2.0.28 beta
apache http server 2.0.32
apache http server 2.0.41
apache http server 2.0.42
apache http server 2.0.49
apache http server 2.0.9
apache http server 2.0.28 beta
apache http server 2.0
apache http server 2.0.38
apache http server 2.0.39
apache http server 2.0.42
apache http server 2.0.47
apache http server 2.0.49
apache http server 2.0.48
apache http server 2.0.40
apache http server 2.0.46
apache http server 2.0.28
apache http server 2.0.32
apache http server 2.0.35
apache http server 2.0.36
apache http server 2.0.37
apache http server 2.0.41
apache http server 2.0.43
apache http server 2.0.44
apache http server 2.0.45
apache http server 2.0.9
gentoo linux *
redhat enterprise linux 3
redhat enterprise linux 3
redhat enterprise linux 3
redhat enterprise linux 3