CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2003-0844

mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 26.0%

CVSS Severity

CVSS v3 Score 7.1

CVSS v2 Score 2.1

References

Products affected by CVE-2003-0844

Schroepl » Mod Gzip » Version: N/A

cpe:2.3:a:schroepl:mod_gzip:-
Schroepl » Mod Gzip » Version: 1.3.17.1a

cpe:2.3:a:schroepl:mod_gzip:1.3.17.1a
Schroepl » Mod Gzip » Version: 1.3.17.2a

cpe:2.3:a:schroepl:mod_gzip:1.3.17.2a
Schroepl » Mod Gzip » Version: 1.3.19.1a

cpe:2.3:a:schroepl:mod_gzip:1.3.19.1a
Schroepl » Mod Gzip » Version: 1.3.19.2a

cpe:2.3:a:schroepl:mod_gzip:1.3.19.2a
Schroepl » Mod Gzip » Version: 1.3.26.1a

cpe:2.3:a:schroepl:mod_gzip:1.3.26.1a

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2003-0844

Products

Pricing

Contact Us