Summary
The target is running an Apache web server that may not properly handle access controls. In effect, on big-endian 64-bit platforms, Apache fails to match allow or deny rules containing an IP address but not a netmask.
***** OVS has determined the vulnerability exists only by looking at ***** the Server header returned by the web server running on the target.
***** If the target is not a big-endian 64-bit platform, consider this a ***** false positive.
Additional information on the vulnerability can be found at :
- http://www.apacheweek.com/features/security-13
- http://marc.theaimsgroup.com/?l=apache-cvs&m=107869603013722 - http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23850
Solution
Upgrade to Apache version 1.3.31 or newer.
Severity
Classification
-
CVE CVE-2003-0993 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe AIR Multiple Vulnerabilities-01 Dec13 (Windows)
- Adobe Air and Flash Player Multiple Vulnerabilities August-2011 (Windows)
- Adobe Extension Manager CS5 Insecure Library Loading Vulnerability (Win)
- Adobe Acrobat and Reader PDF Handling Multiple Vulnerabilities (Linux)
- Adobe AIR Multiple Vulnerabilities-01 Sep13 (Mac OS X)