FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2003-0993

This CVE name corresponds to:

Entered Topic
2004-03-08 Apache 1.3 IP address access control failure on some 64-bit platforms

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type CVE Entry
Name CVE-2003-0993

Description

mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.

References

Source Reference
CONFIRM http://issues.apache.org/bugzilla/show_bug.cgi?id=23850
MLIST [apache-cvs] 20040307 cvs commit: apache-1.3/src/modules/standard mod_access.c
CONFIRM http://www.apacheweek.com/features/security-13
GENTOO GLSA-200405-22
MANDRAKE MDKSA-2004:046
SLACKWARE SSA:2004-133
SUNALERT 57628
SUNALERT 101555
SUNALERT 101841
TRUSTIX 2004-0027
BUGTRAQ 20040512 [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache)
BID 9829
OVAL oval:org.mitre.oval:def:4670
OVAL oval:org.mitre.oval:def:100111
XF apache-modaccess-obtain-information(15422)