Security issues affecting Apache httpd 1.3.27

This page gives a list of all the vulnerabilities that are known to affect version 1.3.27 of Apache httpd. Note however that some vendor versions of Apache may already contain backported security patches for some of these issues, so if you're using a vendor-supplied version of Apache contact your vendor for details.

You can also see an alternative view of this data which lists which vulnerabilities were fixed in each version

Apache Week rates the severity of each issue based on the overall impact to users

Examine another version -- 2.0.52 -- 2.0.51 -- 2.0.50 -- 2.0.49 -- 2.0.48 -- 2.0.47 -- 2.0.46 -- 2.0.45 -- 2.0.44 -- 2.0.43 -- 2.0.42 -- 2.0.40 -- 2.0.39 -- 2.0.37 -- 2.0.36 -- 2.0.35 -- 1.3.32 -- 1.3.31 -- 1.3.29 -- 1.3.28 -- 1.3.27 -- 1.3.26 -- 1.3.24 -- 1.3.22 -- 1.3.20 -- 1.3.19 -- 1.3.17 -- 1.3.14 -- 1.3.12 -- 1.3.11 -- 1.3.9 -- 1.3.6 -- 1.3.4 -- 1.3.3 -- 1.3.2 -- 1.3.1 -- 1.3.0

important: Allow/Deny parsing on big-endian 64-bit platforms CVE-2003-0993

A bug in the parsing of Allow/Deny rules using IP addresses without a netmask on big-endian 64-bit platforms causes the rules to fail to match.

important: RotateLogs DoS CAN-2003-0460

The rotatelogs support program on Win32 and OS/2 would quit logging and exit if it received special control characters such as 0x1A.

moderate: mod_include overflow CAN-2004-0940

A buffer overflow in mod_include could allow a local user who is authorised to create server side include (SSI) files to gain the privileges of a httpd child.

moderate: mod_proxy buffer overflow CAN-2004-0492

A buffer overflow was found in the Apache proxy module, mod_proxy, which can be triggered by receiving an invalid Content-Length header. In order to exploit this issue an attacker would need to get an Apache installation that was configured as a proxy to connect to a malicious site. This would cause the Apache child processing the request to crash, although this does not represent a significant Denial of Service attack as requests will continue to be handled by other Apache child processes. This issue may lead to remote arbitrary code execution on some BSD platforms.

low: Error log escape filtering CVE-2003-0020

Apache does not filter terminal escape sequences from error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.

low: mod_digest nonce checking CAN-2003-0987

mod_digest does not properly verify the nonce of a client response by using a AuthNonce secret. This could allow a malicious user who is able to sniff network traffic to conduct a replay attack against a website using Digest protection. Note that mod_digest implements an older version of the MD5 Digest Authentication specification which is known not to work with modern browsers. This issue does not affect mod_auth_digest.

low: Local configuration regular expression overflow CAN-2003-0542

By using a regular expression with more than 9 captures a buffer overflow can occur in mod_alias or mod_rewrite. To exploit this an attacker would need to be able to create a carefully crafted configuration file (.htaccess or httpd.conf)

important: listening socket starvation CAN-2004-0174

A starvation issue on listening sockets occurs when a short-lived connection on a rarely-accessed listening socket will cause a child to hold the accept mutex and block out new connections until another connection arrives on that rarely-accessed listening socket. This issue is known to affect some versions of AIX, Solaris, and Tru64; it is known to not affect FreeBSD or Linux.