← Back to CVEs
CVE-2003-0844
HIGH7.1
Description
mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
CVE Details
CVSS v3.1 Score7.1
SeverityHIGH
CVSS VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Attack VectorLOCAL
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published11/17/2003
Last Modified4/16/2026
Sourcenvd
Honeypot Sightings0
Affected Products
schroepl:mod_gzip
Weaknesses (CWE)
CWE-59
References
http://marc.info/?l=bugtraq&m=105457180009860&w=2(cve@mitre.org)
http://marc.info/?l=bugtraq&m=105457180009860&w=2(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.