CVE-2003-1418

Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child process IDs (PID).

Published: Dec 31, 2003
Updated: Apr 13, 2023
CVE: CVE-2003-1418
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
apache / http_server	1.3.23	1.3.23.x
apache / http_server	1.3.27	1.3.27.x
apache / http_server	1.3.25	1.3.25.x
apache / http_server	1.3.24	1.3.24.x
apache / http_server	1.3.26	1.3.26.x
apache / http_server	1.3.22	1.3.22.x

http://www.openbsd.org/errata32.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.securityfocus.com/bid/6939
http://www.securityfocus.com/bid/6943
https://exchange.xforce.ibmcloud.com/vulnerabilities/11438

Vulnerability Database

290,206

CVE-2003-1418