CVE-2003-0542 (CNNVD-200311-021)

HIGH
中文标题:
Apache Web Server 缓冲区错误漏洞
英文标题:
Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 ...
CVSS分数: 7.2
发布时间: 2003-10-30 05:00:00
漏洞类型: 缓冲区错误
状态: PUBLISHED
数据质量分数: 0.30
数据版本: v3
漏洞描述
中文描述:

Apache是一款广泛使用的开放源代码WEB服务程序。Apache的mod_alias和mod_rewrite模块中存在缓冲区溢出漏洞,可能允许本地攻击者在有漏洞的主机上执行任意代码。如果正则表达式配置了多于9个捕获括号的话,就可能导致mod_alias和mod_rewrite模块出现缓冲区溢出。攻击者可以通过创建特制的配置文件导致拒绝服务(崩溃)或执行任意代码。

英文描述:

Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.

CWE类型:
CWE-119
标签:
(暂无数据)
受影响产品
厂商 产品 版本 版本范围 平台 CPE
apache http_server 1.3 - - cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:*
apache http_server 1.3.1 - - cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:*
apache http_server 1.3.3 - - cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:*
apache http_server 1.3.4 - - cpe:2.3:a:apache:http_server:1.3.4:*:*:*:*:*:*:*
apache http_server 1.3.6 - - cpe:2.3:a:apache:http_server:1.3.6:*:*:*:*:*:*:*
apache http_server 1.3.9 - - cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:*
apache http_server 1.3.11 - - cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*
apache http_server 1.3.12 - - cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:*
apache http_server 1.3.14 - - cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:*
apache http_server 1.3.17 - - cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*
apache http_server 1.3.18 - - cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:*
apache http_server 1.3.19 - - cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:*
apache http_server 1.3.20 - - cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:*
apache http_server 1.3.22 - - cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:*
apache http_server 1.3.23 - - cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:*
apache http_server 1.3.24 - - cpe:2.3:a:apache:http_server:1.3.24:*:*:*:*:*:*:*
apache http_server 1.3.25 - - cpe:2.3:a:apache:http_server:1.3.25:*:*:*:*:*:*:*
apache http_server 1.3.26 - - cpe:2.3:a:apache:http_server:1.3.26:*:*:*:*:*:*:*
apache http_server 1.3.27 - - cpe:2.3:a:apache:http_server:1.3.27:*:*:*:*:*:*:*
apache http_server 1.3.28 - - cpe:2.3:a:apache:http_server:1.3.28:*:*:*:*:*:*:*
apache http_server 2.0 - - cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:*
apache http_server 2.0.28 - - cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:*
apache http_server 2.0.32 - - cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:*
apache http_server 2.0.35 - - cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:*
apache http_server 2.0.36 - - cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*
apache http_server 2.0.37 - - cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*
apache http_server 2.0.38 - - cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*
apache http_server 2.0.39 - - cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*
apache http_server 2.0.40 - - cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*
apache http_server 2.0.41 - - cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*
apache http_server 2.0.42 - - cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*
apache http_server 2.0.43 - - cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*
apache http_server 2.0.44 - - cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*
apache http_server 2.0.45 - - cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:*
apache http_server 2.0.46 - - cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:*
apache http_server 2.0.47 - - cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:*
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
20040202-01-U vendor-advisory
cve.org
访问
RHSA-2004:015 vendor-advisory
cve.org
访问
10112 third-party-advisory
cve.org
访问
VU#434566 third-party-advisory
cve.org
访问
10593 third-party-advisory
cve.org
访问
MDKSA-2003:103 vendor-advisory
cve.org
访问
RHSA-2003:360 vendor-advisory
cve.org
访问
SSRT090208 vendor-advisory
cve.org
访问
无标题 x_refsource_CONFIRM
cve.org
访问
无标题 x_refsource_CONFIRM
cve.org
访问
APPLE-SA-2004-01-26 vendor-advisory
cve.org
访问
SCOSA-2004.6 vendor-advisory
cve.org
访问
RHSA-2003:405 vendor-advisory
cve.org
访问
oval:org.mitre.oval:def:3799 vdb-entry
cve.org
访问
9504 vdb-entry
cve.org
访问
20031028 [OpenPKG-SA-2003.046] OpenPKG Security Advisory (apache) mailing-list
cve.org
访问
20031203-01-U vendor-advisory
cve.org
访问
oval:org.mitre.oval:def:9458 vdb-entry
cve.org
访问
10102 third-party-advisory
cve.org
访问
apache-modalias-modrewrite-bo(13400) vdb-entry
cve.org
访问
HPSBUX0311-301 vendor-advisory
cve.org
访问
RHSA-2005:816 vendor-advisory
cve.org
访问
10153 third-party-advisory
cve.org
访问
10098 third-party-advisory
cve.org
访问
10264 third-party-advisory
cve.org
访问
oval:org.mitre.oval:def:864 vdb-entry
cve.org
访问
10580 third-party-advisory
cve.org
访问
101841 vendor-advisory
cve.org
访问
RHSA-2003:320 vendor-advisory
cve.org
访问
101444 vendor-advisory
cve.org
访问
10260 third-party-advisory
cve.org
访问
10463 third-party-advisory
cve.org
访问
20031031 GLSA: apache (200310-04) mailing-list
cve.org
访问
VU#549142 third-party-advisory
cve.org
访问
无标题 x_refsource_CONFIRM
cve.org
访问
10096 third-party-advisory
cve.org
访问
10114 third-party-advisory
cve.org
访问
8911 vdb-entry
cve.org
访问
oval:org.mitre.oval:def:863 vdb-entry
cve.org
访问
[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html mailing-list
cve.org
访问
[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html mailing-list
cve.org
访问
[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html mailing-list
cve.org
访问
[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html mailing-list
cve.org
访问
[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ mailing-list
cve.org
访问
[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ mailing-list
cve.org
访问
[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html mailing-list
cve.org
访问
[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/ mailing-list
cve.org
访问
[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html mailing-list
cve.org
访问
[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/ mailing-list
cve.org
访问
[httpd-cvs] 20210330 svn commit: r1073149 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ mailing-list
cve.org
访问
[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ mailing-list
cve.org
访问
[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html mailing-list
cve.org
访问
[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html mailing-list
cve.org
访问
CVSS评分详情
7.2
HIGH
CVSS向量: AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS版本: 2.0
机密性
COMPLETE
完整性
COMPLETE
可用性
COMPLETE
时间信息
发布时间:
2003-10-30 05:00:00
修改时间:
2024-08-08 01:58:11
创建时间:
2025-11-11 15:32:19
更新时间:
2025-11-11 15:48:52
利用信息
暂无可利用代码信息
数据源详情
数据源 记录ID 版本 提取时间
CVE cve_CVE-2003-0542 2025-11-11 15:17:27 2025-11-11 07:32:19
NVD nvd_CVE-2003-0542 2025-11-11 14:50:37 2025-11-11 07:41:05
CNNVD cnnvd_CNNVD-200311-021 2025-11-11 15:08:43 2025-11-11 07:48:52
版本与语言
当前版本: v3
主要语言: EN
支持语言:
EN ZH
安全公告
暂无安全公告信息
变更历史
v3 CNNVD
2025-11-11 15:48:52
vulnerability_type: 未提取 → 缓冲区错误; cnnvd_id: 未提取 → CNNVD-200311-021; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
  • vulnerability_type: 未提取 -> 缓冲区错误
  • cnnvd_id: 未提取 -> CNNVD-200311-021
  • data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2 NVD
2025-11-11 15:41:05
severity: SeverityLevel.MEDIUM → SeverityLevel.HIGH; cvss_score: 未提取 → 7.2; cvss_vector: NOT_EXTRACTED → AV:L/AC:L/Au:N/C:C/I:C/A:C; cvss_version: NOT_EXTRACTED → 2.0; affected_products_count: 0 → 36; references_count: 54 → 53; data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
  • severity: SeverityLevel.MEDIUM -> SeverityLevel.HIGH
  • cvss_score: 未提取 -> 7.2
  • cvss_vector: NOT_EXTRACTED -> AV:L/AC:L/Au:N/C:C/I:C/A:C
  • cvss_version: NOT_EXTRACTED -> 2.0
  • affected_products_count: 0 -> 36
  • references_count: 54 -> 53
  • data_sources: ['cve'] -> ['cve', 'nvd']