Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 13/04/2007 Updated: 29/07/2017

CVSS v2 Base Score: 6.2 | Impact Score: 10 | Exploitability Score: 1.9

VMScore: 552

Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C

Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache http server 2.2.3

CWE-362 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=511 http://marc.info/?l=apache-httpd-dev&m=117511568709063&w=2 http://marc.info/?l=apache-httpd-dev&m=117511834512138&w=2 http://www.securityfocus.com/bid/23438 http://www.securitytracker.com/id?1017904 http://osvdb.org/38639 https://exchange.xforce.ibmcloud.com/vulnerabilities/33584 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2007-1741

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect