CVE-2003-0542

Apache HTTP Server - Stack-Based Buffer Overflow via Regular Expression with Excessive Captures

Title source: llm
STIX 2.1

Description

Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.

References (53)

Core 53
Core References
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3799
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2004/Jan/msg00000.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/10593
Various Sources vendor-advisory x_refsource_mandrake
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:103
Vendor Advisory vendor-advisory x_refsource_sgi
ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
Patch, Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2004-015.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/10112
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/434566
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2003-360.html
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=130497311408250&w=2
Various Sources x_refsource_confirm
http://httpd.apache.org/dist/httpd/Announcement2.html
Various Sources vendor-advisory x_refsource_sco
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.6/SCOSA-2004.6.txt
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2003-405.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/9504
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/342674
Vendor Advisory vendor-advisory x_refsource_sgi
ftp://patches.sgi.com/support/free/security/advisories/20031203-01-U.asc
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9458
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/10102
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/13400
Third Party Advisory, VDB Entry vendor-advisory x_refsource_hp
http://www.securityfocus.com/advisories/6079
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2005-816.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/10153
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/10098
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/10264
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A864
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/10580
Vendor Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101841-1
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2003-320.html
Vendor Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101444-1
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/10260
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/10463
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=106761802305141&w=2
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/549142
Vendor Advisory x_refsource_confirm
http://docs.info.apple.com/article.html?artnum=61798
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/10096
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/10114
Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/8911
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A863

Scores

EPSS 0.1273
EPSS Percentile 95.8%

Details

CWE
CWE-119
Status published
Products (36)
apache/http_server 1.3
apache/http_server 1.3.1
apache/http_server 1.3.3
apache/http_server 1.3.4
apache/http_server 1.3.6
apache/http_server 1.3.9
apache/http_server 1.3.11
apache/http_server 1.3.12
apache/http_server 1.3.14
apache/http_server 1.3.17
... and 26 more
Published Nov 03, 2003
Tracked Since Feb 18, 2026