CVE-2004-0940 — Vulnetix

Try Vulnetix Request Demo

CVE-2004-0940 PUBLISHED CVSS 7.800000190734863 HIGH

Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.

EPSS 3.68% · 87.8th percentile

Risk Scores

CVSS v3.1

7.800000190734863

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

3.68%

87.8th percentile

Affected Products

Vendor	Product	Versions
apache	http_server	1.3
hp	hp-ux	11.00, 11.11, 11.20
openpkg	openpkg	2.2, 2.0, 2.1
n/a	n/a	n/a
trustix	secure_linux	1.5
slackware	slackware_linux	8.1, 9.0, 9.1
suse	suse_linux	8.1, 8.2, 9.0

Timeline

Oct 26, 2004 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 10, 2023 EPSS Score
Aug 31, 2023 EPSS Score
Dec 13, 2023 EPSS Score

References

OpenPKG-SA-2004.047 vendor-advisory
http://www.apacheweek.com/features/security-13 url
http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm url
MDKSA-2004:134 vendor-advisory
apache-modinclude-bo(17785) vdb
11471 vdb
RHSA-2005:816 vendor-advisory
12898 third-party-advisory
DSA-594 vendor-advisory
19073 third-party-advisory
1011783 vdb
RHSA-2004:600 vendor-advisory
102197 vendor-advisory
ADV-2006-0789 vdb
[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ mailing-list
[httpd-cvs] 20210330 svn commit: r1073139 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ mailing-list
[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html mailing-list
[httpd-cvs] 20210330 svn commit: r1888194 [3/13] - /httpd/site/trunk/content/security/json/ mailing-list
[httpd-cvs] 20210330 svn commit: r1073149 [4/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ mailing-list
[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ mailing-list

…and 10 more

Open in Interactive Console →