CVE-2003-0843

{"id": "CVE-2003-0843", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2003-11-17T05:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=105457180009860&w=2", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=105457180009860&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an \"Accept-Encoding: gzip\" header."}, {"lang": "es", "value": "Vulnerabilidad de cadena de formato en mod_gzip_printf de mod_gzip 1.3.26a y anteriores, y posiblemente versiones oficiales posteriores, cuando corre en modo de depuraci\u00f3n y usando el registro de Apache, permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante caract\u00e9res de cadena de formato en una petici\u00f3n HTTP GET con una cabecera \"Accept-Encoding: gzip\""}], "lastModified": "2024-11-20T23:45:39.167", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dag_apt_repository:mod_gzip:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F18A4E3-D4C9-48D3-A0EB-C99DABD7C214", "versionEndIncluding": "1.3.26.1a"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}