CVE-2003-0993

mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.

Published: Mar 29, 2004
Updated: Apr 13, 2023
CVE: CVE-2003-0993
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
apache / http_server	1.3.23	1.3.23.x
apache / http_server	1.3.27	1.3.27.x
apache / http_server	1.3.1	1.3.1.x
apache / http_server	1.3.25	1.3.25.x
apache / http_server	1.3.28	1.3.28.x
apache / http_server	1.3.19	1.3.19.x
apache / http_server	1.3.24	1.3.24.x
apache / http_server	1.3.20	1.3.20.x
apache / http_server	1.3.7	1.3.7.x
apache / http_server	1.3	1.3.x
apache / http_server	1.3.22	1.3.22.x
apache / http_server	1.3.3	1.3.3.x
apache / http_server	1.3.4	1.3.4.x
apache / http_server	1.3.18	1.3.18.x
apache / http_server	1.3.11	1.3.11.x
apache / http_server	1.3.12	1.3.12.x
apache / http_server	1.3.6	1.3.6.x
apache / http_server	1.3.29	1.3.29.x
apache / http_server	1.3.14	1.3.14.x
apache / http_server	1.3.17	1.3.17.x
apache / http_server	1.3.26	1.3.26.x
apache / http_server	1.3.9	1.3.9.x

Vulnerability Database

290,206

CVE-2003-0993