QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2003-0844

Back to search

CVE-2003-0844

Published: Oct 9, 2003

Modified: Aug 8, 2024

PUBLISHED

Description

mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.

VendorProductVersions

n/a

n/a

affected
n/a

References

20030601 Mod_gzip Debug Mode Vulnerabilities
mailing-list
x_refsource_BUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now