CVE-2003-1462

mod_survey 3.0.0 through 3.0.15-pre6 does not check whether a survey exists before creating a subdirectory for it, which allows remote attackers to cause a denial of service (disk consumption and possible crash).

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2003-05/0058.html
http://gathering.itm.mh.se/modsurvey/SA20030504.txt
http://gathering.itm.mh.se/modsurvey/changelog.php
http://www.securityfocus.com/bid/7498	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/11861

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mod_survey:mod_survey:3.0:::::::*
	cpe:2.3:a:mod_survey:mod_survey:3.0.1:::::::*
	cpe:2.3:a:mod_survey:mod_survey:3.0.2:::::::*
	cpe:2.3:a:mod_survey:mod_survey:3.0.3:::::::*
	cpe:2.3:a:mod_survey:mod_survey:3.0.4:::::::*
	cpe:2.3:a:mod_survey:mod_survey:3.0.5:::::::*
	cpe:2.3:a:mod_survey:mod_survey:3.0.6:::::::*
	cpe:2.3:a:mod_survey:mod_survey:3.0.7:::::::*
	cpe:2.3:a:mod_survey:mod_survey:3.0.8:::::::*
	cpe:2.3:a:mod_survey:mod_survey:3.0.9:::::::*
	cpe:2.3:a:mod_survey:mod_survey:3.0.10:::::::*
	cpe:2.3:a:mod_survey:mod_survey:3.0.11:::::::*
	cpe:2.3:a:mod_survey:mod_survey:3.0.12:::::::*
	cpe:2.3:a:mod_survey:mod_survey:3.0.13:::::::*
	cpe:2.3:a:mod_survey:mod_survey:3.0.14:::::::*
	cpe:2.3:a:mod_survey:mod_survey:3.0.14d:::::::*
	cpe:2.3:a:mod_survey:mod_survey:3.0.14e:::::::*
	cpe:2.3:a:mod_survey:mod_survey:3.0.15pre1:::::::*
	cpe:2.3:a:mod_survey:mod_survey:3.0.15pre2:::::::*
	cpe:2.3:a:mod_survey:mod_survey:3.0.15pre3:::::::*
	cpe:2.3:a:mod_survey:mod_survey:3.0.15pre4:::::::*
	cpe:2.3:a:mod_survey:mod_survey:3.0.15pre5:::::::*
	cpe:2.3:a:mod_survey:mod_survey:3.0.15pre6:::::::*

History

No history.

Information

Published : 2003-12-31 05:00

Updated : 2024-02-04 16:31

NVD link : CVE-2003-1462

Mitre link : CVE-2003-1462

CVE.ORG link : CVE-2003-1462

JSON object : View

Products Affected

mod_survey

mod_survey

CWE

NVD-CWE-Other

{"id": "CVE-2003-1462", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2003-12-31T05:00:00.000", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2003-05/0058.html", "source": "cve@mitre.org"}, {"url": "http://gathering.itm.mh.se/modsurvey/SA20030504.txt", "source": "cve@mitre.org"}, {"url": "http://gathering.itm.mh.se/modsurvey/changelog.php", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/7498", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11861", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "mod_survey 3.0.0 through 3.0.15-pre6 does not check whether a survey exists before creating a subdirectory for it, which allows remote attackers to cause a denial of service (disk consumption and possible crash)."}], "lastModified": "2017-07-29T01:29:12.997", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mod_survey:mod_survey:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E44F740-732B-483D-B715-1E31696EE7FD"}, {"criteria": "cpe:2.3:a:mod_survey:mod_survey:3.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2DE5CB26-C9B4-4831-B7FA-0401E4A571C3"}, {"criteria": "cpe:2.3:a:mod_survey:mod_survey:3.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73914514-3C19-44E5-8ACA-12F81770CB35"}, {"criteria": "cpe:2.3:a:mod_survey:mod_survey:3.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "910BC04A-CA5B-4FA0-84D4-D08CDB501C35"}, {"criteria": "cpe:2.3:a:mod_survey:mod_survey:3.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05CBCEDF-6C02-403C-8B52-9A8F70AC2577"}, {"criteria": "cpe:2.3:a:mod_survey:mod_survey:3.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "63EA9172-A1A0-41C4-A243-B691114CE35F"}, {"criteria": "cpe:2.3:a:mod_survey:mod_survey:3.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ECB6187B-EEEC-422F-8287-454B4499F9A1"}, {"criteria": "cpe:2.3:a:mod_survey:mod_survey:3.0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1BC94437-39BE-4A8E-A6EB-E969AC9A3D17"}, {"criteria": "cpe:2.3:a:mod_survey:mod_survey:3.0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "663BA1DD-470E-42A0-B9DB-8E3949402A7B"}, {"criteria": "cpe:2.3:a:mod_survey:mod_survey:3.0.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AAFC4DA8-10AA-4DCD-8AA2-EB9ECC3CE0F4"}, {"criteria": "cpe:2.3:a:mod_survey:mod_survey:3.0.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8D5E369-BE73-4F67-B2B5-C62282BD3C94"}, {"criteria": "cpe:2.3:a:mod_survey:mod_survey:3.0.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84A94398-13AB-4CE6-B73A-005CEA584A11"}, {"criteria": "cpe:2.3:a:mod_survey:mod_survey:3.0.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B11F6DA-7310-454D-846B-5B6AC6B42CAB"}, {"criteria": "cpe:2.3:a:mod_survey:mod_survey:3.0.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3BCB0D9-E6F3-47B2-B2E4-B419AEDCADE5"}, {"criteria": "cpe:2.3:a:mod_survey:mod_survey:3.0.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "030AE841-F288-465E-A17F-036C48A057CE"}, {"criteria": "cpe:2.3:a:mod_survey:mod_survey:3.0.14d:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4F492520-6F6F-406A-8293-FFF34EB79884"}, {"criteria": "cpe:2.3:a:mod_survey:mod_survey:3.0.14e:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "664FEE9E-C722-4189-8E7A-D7359C238482"}, {"criteria": "cpe:2.3:a:mod_survey:mod_survey:3.0.15pre1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12046F92-D383-4CBB-B0FD-B323F84080EC"}, {"criteria": "cpe:2.3:a:mod_survey:mod_survey:3.0.15pre2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92756D1D-D640-42EA-AE5B-ED75EDB102C3"}, {"criteria": "cpe:2.3:a:mod_survey:mod_survey:3.0.15pre3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36ED694F-B51F-490A-91E1-C86C543CF712"}, {"criteria": "cpe:2.3:a:mod_survey:mod_survey:3.0.15pre4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42925279-D774-439D-8D62-0AE7D2E7F571"}, {"criteria": "cpe:2.3:a:mod_survey:mod_survey:3.0.15pre5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57B6A3B4-D165-4870-B189-0312BB111626"}, {"criteria": "cpe:2.3:a:mod_survey:mod_survey:3.0.15pre6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB8E29E6-19F2-4BE3-9E84-F2263CFEF24B"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}