Apache – CVE-2004-0747

Description

Kayran has detected that the Version of Apache HTTP Server being used is vulnerable to Buffer Copy without Checking Size of Input, also referred to as a ‘Classic Buffer Overflow’ (CWE-120).

The Vulnerability type is also categorized as Overflow and Gain Privileges. Also known as CVE-2004-0747.

A Buffer Overflow in the version of Apache being used is allowing local users to gain Apache related privileges. That can be done by an .htaccess file.
That, will cause the overflow to exist during an expansion of environment variables.

That will lead to information being disclosed.

There’s a chance that this vulnerability will allow attackers to modify system files and information. And, in addition, there is the possibility that it will cause a decrease in performance and also for interruptions in the availability of resources.

The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

A buffer overflow condition exists when a program attempts to put more data in a buffer than it can hold, or when a program attempts to put data in a memory area outside of the boundaries of a buffer.

Recommendation

To fix CVE-2004-0747, upgrade the version of Apache HTTP Server being used to 2.0.51.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0747

https://cwe.mitre.org/data/definitions/120.html

< Return to all Vulnerabilities

HAR Files

In this article, I’ll talk and explain about HAR Files, so if you don’t know what they are, or, what do we use them for,

Read More »

What is Kayran

Kayran scanner is helping all businesses, both SMBs and enterprises, to test their online assets and products for over 9000 vulnerabilities.Kayran’s mission is to make

Read More »