Apache – CVE-2004-0747

Description

Cytrix has detected that the Version of Apache HTTP Server being used is vulnerable to Buffer Copy without Checking Size of Input, also referred to as a ‘Classic Buffer Overflow’ (CWE-120).

The Vulnerability type is also categorized as Overflow and Gain Privileges. Also known as CVE-2004-0747.

A Buffer Overflow in the version of Apache being used is allowing local users to gain Apache related privileges. That can be done by an .htaccess file.
That, will cause the overflow to exist during an expansion of environment variables.

That will lead to information being disclosed.

There’s a chance that this vulnerability will allow attackers to modify system files and information. And, in addition, there is the possibility that it will cause a decrease in performance and also for interruptions in the availability of resources.

The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

A buffer overflow condition exists when a program attempts to put more data in a buffer than it can hold, or when a program attempts to put data in a memory area outside of the boundaries of a buffer.

Recommendation

To fix CVE-2004-0747, upgrade the version of Apache HTTP Server being used to 2.0.51.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0747
https://cwe.mitre.org/data/definitions/120.html