CVE-2004-0940 — Vulnetix

CVE-2004-0940 PUBLISHED CVSS 7.800000190734863 HIGH

Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.

EPSS 3.68% · 88.2th percentile

Risk Scores

CVSS 3.1

7.800000190734863

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

3.68%

88.2th percentile

Affected Products

Vendor	Product	Versions
apache	http_server	1.3
hp	hp-ux	11.20, 11.11, 11.22
openpkg	openpkg	2.2, 2.0, 2.1
n/a	n/a	n/a
trustix	secure_linux	1.5
slackware	slackware_linux	current, 9.1, 9.0
suse	suse_linux	8.1, 8.2, 9.0

Exploit Intelligence

OpenPKG-SA-2004.047 (circl)
http://www.apacheweek.com/features/security-13 (circl)
http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm (circl)
MDKSA-2004:134 (circl)
apache-modinclude-bo(17785) (circl)
11471 (circl)
RHSA-2005:816 (circl)
12898 (circl)
DSA-594 (circl)
19073 (circl)

…and 11 more exploits

Timeline

Oct 26, 2004 CVE Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
Jul 12, 2022 EPSS Score
Sep 4, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Feb 9, 2023 EPSS Score
Mar 7, 2023 EPSS Score
May 25, 2023 EPSS Score
Jul 17, 2023 EPSS Score
Sep 8, 2023 EPSS Score
Dec 22, 2023 EPSS Score

References

OpenPKG-SA-2004.047 vendor-advisory
http://www.apacheweek.com/features/security-13 url
http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm url
MDKSA-2004:134 vendor-advisory
apache-modinclude-bo(17785) vdb
11471 vdb
RHSA-2005:816 vendor-advisory
12898 third-party-advisory
DSA-594 vendor-advisory
19073 third-party-advisory
1011783 vdb
RHSA-2004:600 vendor-advisory
102197 vendor-advisory
ADV-2006-0789 vdb
[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ mailing-list
[httpd-cvs] 20210330 svn commit: r1073139 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ mailing-list
[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html mailing-list
[httpd-cvs] 20210330 svn commit: r1888194 [3/13] - /httpd/site/trunk/content/security/json/ mailing-list
[httpd-cvs] 20210330 svn commit: r1073149 [4/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ mailing-list
[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ mailing-list

…and 10 more

Open in Interactive Console →