CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2007-1741

Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 28.1%

CVSS Severity

CVSS v2 Score 6.2

References

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=511
http://marc.info/?l=apache-httpd-dev&m=117511568709063&w=2
http://marc.info/?l=apache-httpd-dev&m=117511834512138&w=2
http://osvdb.org/38639
http://www.securityfocus.com/bid/23438
http://www.securitytracker.com/id?1017904
https://exchange.xforce.ibmcloud.com/vulnerabilities/33584
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=511
http://marc.info/?l=apache-httpd-dev&m=117511568709063&w=2
http://marc.info/?l=apache-httpd-dev&m=117511834512138&w=2
http://osvdb.org/38639
http://www.securityfocus.com/bid/23438
http://www.securitytracker.com/id?1017904
https://exchange.xforce.ibmcloud.com/vulnerabilities/33584

Products affected by CVE-2007-1741

Apache » Http Server » Version: 2.2.3

cpe:2.3:a:apache:http_server:2.2.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2007-1741

Products

Pricing

Contact Us