CVE-2003-1054

mod_access_referer 1.0.2 - Denial of Service via Malformed Referer Header

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-1054. PoCs published by zillion.

AI-analyzed exploit summary The provided text describes a vulnerability in the mod_access_referer Apache module where an invalid HTTP referer header can trigger a NULL pointer dereference, causing Apache to crash. The example shows a malformed referer header that exploits this issue.

Description

mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.

Exploits (1)

exploitdb WRITEUP VERIFIED
by zillion · textdosmultiple
https://www.exploit-db.com/exploits/22505

The provided text describes a vulnerability in the mod_access_referer Apache module where an invalid HTTP referer header can trigger a NULL pointer dereference, causing Apache to crash. The example shows a malformed referer header that exploits this issue.

Classification
Writeup 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Apache with mod_access_referer module
No auth needed
Prerequisites: Apache server with mod_access_referer module enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/8612
Patch, Vendor Advisory mailing-list x_refsource_fulldisc
http://lists.grok.org.uk/pipermail/full-disclosure/2003-April/004555.html
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/7375

Scores

EPSS 0.0712
EPSS Percentile 93.4%

Details

Status published
Products (1)
mod_access_referer/mod_access_referer 1.0.2
Published Apr 16, 2003
Tracked Since Feb 18, 2026