Back to search
CVE-2004-2343
Published: Aug 16, 2005
Modified: Aug 8, 2024
PUBLISHED
Description
Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20040202 Re: BUG IN APACHE HTTPD SERVER (current version 2.0.47)
mailing-list
x_refsource_BUGTRAQ
20040204 Re: BUG IN APACHE HTTPD SERVER (current version 2.0.47)
mailing-list
x_refsource_BUGTRAQ
apache-httpd-bypass-restriction(15015)
vdb-entry
x_refsource_XF
20040131 BUG IN APACHE HTTPD SERVER (current version 2.0.47)
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now