← Voltar para CVEs
CVE-2003-0844
HIGH7.1
Descricao
mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
Detalhes CVE
Pontuacao CVSS v3.17.1
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Vetor de ataqueLOCAL
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado11/17/2003
Ultima modificacao4/16/2026
Fontenvd
Avistamentos honeypot0
Produtos afetados
schroepl:mod_gzip
Fraquezas (CWE)
CWE-59
Referencias
http://marc.info/?l=bugtraq&m=105457180009860&w=2(cve@mitre.org)
http://marc.info/?l=bugtraq&m=105457180009860&w=2(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.