|
|
CVE Reference: CVE-2004-0940 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2004-0940 |
|
|
Description: Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/17785 SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-102197-1 ST 1011783 SAID Secunia Advisory: SA19073 Secunia Advisory: SA12898 REDHAT http://www.redhat.com/support/errata/RHSA-2004-600.html http://www.redhat.com/support/errata/RHSA-2005-816.html OPENPKG http://marc.theaimsgroup.com/?l=bugtraq&m=109906660225051&w=2 MANDRAKE http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:134 DEBIAN http://www.debian.org/security/2004/dsa-594 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm http://www.apacheweek.com/features/security-13 BID 11471 |
|
| Return to the previous page. |
