Summary
The remote host is missing an update to the system as announced in the referenced advisory.
Solution
Update your system with the appropriate patches or software upgrades.
http://cvs.apache.org/viewcvs.cgi/apache-1.3/src/modules/standard/mod_access.c?r1=1.46&r2=1.47 http://www.apacheweek.com/features/security-13
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23850 http://marc.theaimsgroup.com/?l=apache-cvs&m=107869603013722 http://www.vuxml.org/freebsd/09d418db-70fd-11d8-873f-0020ed76ef5a.html
Insight
The following packages are affected:
apache
apache+mod_ssl
apache+ssl
ru-apache
ru-apache+mod_ssl
CVE-2003-0993
mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
Severity
Classification
-
CVE CVE-2003-0993 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities