CVE-2003-0993

Apache 1.3 <1.3.30 - Info Disclosure

Title source: llm
STIX 2.1

Description

mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.

References (23)

Core 23
Core References
Vendor Advisory x_refsource_confirm
http://www.apacheweek.com/features/security-13
Vendor Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57628-1
Vendor Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1
Vendor Advisory vendor-advisory x_refsource_trustix
http://www.trustix.org/errata/2004/0027
Vendor Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101841-1
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15422
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=108437852004207&w=2
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200405-22.xml
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100111
Mailing List mailing-list x_refsource_mlist
http://marc.info/?l=apache-cvs&m=107869603013722
Various Sources vendor-advisory x_refsource_mandrake
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2004:046
Various Sources x_refsource_confirm
http://issues.apache.org/bugzilla/show_bug.cgi?id=23850
Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/9829
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4670

Scores

EPSS 0.0974
EPSS Percentile 95.0%

Details

Status published
Products (22)
apache/http_server 1.3
apache/http_server 1.3.1
apache/http_server 1.3.3
apache/http_server 1.3.4
apache/http_server 1.3.6
apache/http_server 1.3.7
apache/http_server 1.3.9
apache/http_server 1.3.11
apache/http_server 1.3.12
apache/http_server 1.3.14
... and 12 more
Published Mar 29, 2004
Tracked Since Feb 18, 2026