| Vulnerability Name: | CVE-2004-2343 (CCN-15015) | ||||||||
| Assigned: | 2004-01-31 | ||||||||
| Published: | 2004-01-31 | ||||||||
| Updated: | 2017-07-11 | ||||||||
| Summary: | ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. Note: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument. | ||||||||
| CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: BUGTRAQ Type: Vendor Advisory 20040131 BUG IN APACHE HTTPD SERVER (current version 2.0.47) Source: CCN Type: BugTraq Mailing List, Sat Jan 31 2004 - 15:18:51 CST BUG IN APACHE HTTPD SERVER (current version 2.0.47) Source: BUGTRAQ Type: UNKNOWN 20040202 Re: BUG IN APACHE HTTPD SERVER (current version 2.0.47) Source: BUGTRAQ Type: UNKNOWN 20040204 Re: BUG IN APACHE HTTPD SERVER (current version 2.0.47) Source: MITRE Type: CNA CVE-2004-2343 Source: CCN Type: OSVDB ID: 19855 Apache HTTP Server ErrorDocument Directive .htaccess Bypass Source: CCN Type: BID-9874 Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness Source: XF Type: UNKNOWN apache-httpd-bypass-restriction(15015) Source: XF Type: UNKNOWN apache-httpd-bypass-restriction(15015) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||