Apache < 2.0.44 MS-DOS Device Name DoS / Code Execution

high Nessus Network Monitor Plugin ID 1497

Synopsis

The remote server is running a web server that is affected by several issues

Description

The remote host is running a version of Apache2 for Win32 which is older than 2.0.44. There are several flaws pre-2.0.44 which may allow an attacker to crash this host or even execute arbitrary code remotely. However, these bugs only affect WindowsME and Windows9x.

Solution

Upgrade to Apache 2.0.44 or higher.

See Also

http://www-01.ibm.com/support/docview.wss?uid=swg1IC48645

Plugin Details

Severity: High

ID: 1497

Family: Web Servers

Published: 8/20/2004

Updated: 3/6/2019

Nessus ID: 11209

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 6.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:apache:http_server:2.0

Reference Information

CVE: CVE-2003-0016

BID: 6659