Plugin ID | 8 |
Plugin name | Apache prior 1.3.28 mod_alias code execution |
Plugin filename | Apache prior 1.3.28 mod_alias code execution.plugin |
Plugin filesize | 2977 bytes |
Plugin family | HTTP |
Plugin created name | Marc Ruef |
Plugin created email | marc dot ruef at computec dot ch |
Plugin created web | http://www.computec.ch |
Plugin created company | computec.ch |
Plugin created date | 2003/11/13 |
Plugin updated name | Marc Ruef |
Plugin updated email | marc dot ruef at computec dot ch |
Plugin updated web | http://www.computec.ch |
Plugin updated company | computec.ch |
Plugin updated date | 2004/11/13 |
Plugin version | 2.0 |
Plugin changelog | Changed the title and file name in version 1.5. Corrected the plugin structure and added the accuracy values in 1.6. Improved the pattern matching and added the changelog in 2.0 |
Plugin protocol | tcp |
Plugin port | 80 |
Plugin procedure detection | open|send HEAD / HTTP/1.0\n\n|sleep|close|pattern_exists HTTP/1.[0-1] ### *Server: Apache/1.3.2[1-8]* OR HTTP/1.[0-1] ### *Server: Apache/1.[1-2].* |
Plugin detection accuracy | 80 |
Plugin comment | This plugin was written with the ATK Attack Editor. |
Bug produced name | Apache Software Foundation |
Bug produced email | apache at apache dot org |
Bug produced web | http://httpd.apache.org |
Bug affected | Apache web server older than 1.3.29 |
Bug not affected | Other web servers and Apache newer than 1.3.28 |
Bug vulnerability class | Configuration |
Bug description | The remote host appears to be running a version of Apache which is older than 1.3.29. There are several flaws in this version, which may allow an attacker to possibly execute arbitrary code through mod_alias and mod_rewrite. |
Bug solution | You should upgrade to 1.3.29 or newer. Or you may install another web server. |
Bug fixing time | Approx. 1 hour |
Bug exploit availability | Yes |
Bug remote | Yes |
Bug local | Yes |
Bug severity | High |
Bug popularity | 6 |
Bug simplicity | 5 |
Bug impact | 9 |
Bug risk | 8 |
Bug check tools | Nessus is able to do the same check. |
Source CVE | CAN-2003-0542 |
Source Nessus ID | 11915 |
Source Literature | Hacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427 |
Source Misc. | http://www.computec.ch |