Sign-up

ID

VAR-200306-0041


CVE

CVE-2003-0420


TITLE

Apache Portable Runtime contains heap buffer overflow in apr_psprintf()

Trust: 0.8

sources: CERT/CC: VU#757612

DESCRIPTION

Information leak in dsimportexport for Apple Macintosh OS X Server 10.2.6 allows local users to obtain the username and password of the account running the tool. The Apache HTTP server contains a denial-of-service vulnerability that allows remote attackers to to conduct denial-of-service attacks on the HTTP basic authentication module of an affected server. Mac OS X is an operating system used on Mac machines, based on the BSD system. No detailed vulnerability details are currently available

Trust: 2.7

sources: NVD: CVE-2003-0420 // CERT/CC: VU#757612 // CERT/CC: VU#479268 // BID: 7894 // VULHUB: VHN-7248

AFFECTED PRODUCTS

vendor:apachemodel: - scope: - version: -

Trust: 1.6

vendor:conectivamodel: - scope: - version: -

Trust: 1.6

vendor:hewlett packardmodel: - scope: - version: -

Trust: 1.6

vendor:mandrakesoftmodel: - scope: - version: -

Trust: 1.6

vendor:red hatmodel: - scope: - version: -

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.2.6

Trust: 1.6

vendor:apple computermodel: - scope: - version: -

Trust: 0.8

vendor:applemodel:mac os serverscope:eqversion:x10.2.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2

Trust: 0.3

sources: CERT/CC: VU#757612 // CERT/CC: VU#479268 // BID: 7894 // CNNVD: CNNVD-200306-054 // NVD: CVE-2003-0420

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2003-0420
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#757612
value: 18.00

Trust: 0.8

CARNEGIE MELLON: VU#479268
value: 0.68

Trust: 0.8

CNNVD: CNNVD-200306-054
value: MEDIUM

Trust: 0.6

VULHUB: VHN-7248
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2003-0420
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-7248
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#757612 // CERT/CC: VU#479268 // VULHUB: VHN-7248 // CNNVD: CNNVD-200306-054 // NVD: CVE-2003-0420

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2003-0420

THREAT TYPE

local

Trust: 0.9

sources: BID: 7894 // CNNVD: CNNVD-200306-054

TYPE

Design Error

Trust: 0.9

sources: BID: 7894 // CNNVD: CNNVD-200306-054

EXTERNAL IDS

db:CERT/CCid:VU#757612

Trust: 2.5

db:BIDid:7894

Trust: 2.0

db:NVDid:CVE-2003-0420

Trust: 2.0

db:AUSCERTid:ESB-2003.0415

Trust: 1.7

db:SECUNIAid:9025

Trust: 1.7

db:SECUNIAid:8881

Trust: 1.6

db:CERT/CCid:VU#479268

Trust: 0.8

db:CNNVDid:CNNVD-200306-054

Trust: 0.7

db:CERT/CCid:HTTP://WWW.KB.CERT.ORG/VULS/ID/JPLA-5NTL8E

Trust: 0.6

db:XFid:12342

Trust: 0.6

db:VULHUBid:VHN-7248

Trust: 0.1

sources: CERT/CC: VU#757612 // CERT/CC: VU#479268 // VULHUB: VHN-7248 // BID: 7894 // CNNVD: CNNVD-200306-054 // NVD: CVE-2003-0420

REFERENCES

url:http://www.auscert.org.au/render.html?it=3165

Trust: 1.7

url:http://www.securityfocus.com/bid/7894

Trust: 1.7

url:http://www.kb.cert.org/vuls/id/jpla-5ntl8e

Trust: 1.7

url:http://secunia.com/advisories/9025/

Trust: 1.7

url:http://www.apache.org/dist/httpd/announcement2.html

Trust: 1.6

url:http://www.secunia.com/advisories/8881/

Trust: 1.6

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/12342

Trust: 1.1

url:http://www.idefense.com/advisory/05.30.03.txt

Trust: 0.8

url:http://www.webdav.org/mod_dav/

Trust: 0.8

url:http://www.iss.net/security_center/static/12090.php

Trust: 0.8

url:http://www.iss.net/security_center/static/12091.php

Trust: 0.8

url:http://xforce.iss.net/xforce/xfdb/12342

Trust: 0.6

url:http://www.info.apple.com/usen/security/security_updates.html

Trust: 0.3

sources: CERT/CC: VU#757612 // CERT/CC: VU#479268 // VULHUB: VHN-7248 // BID: 7894 // CNNVD: CNNVD-200306-054 // NVD: CVE-2003-0420

CREDITS

Apple Security Update

Trust: 0.6

sources: CNNVD: CNNVD-200306-054

SOURCES

db:CERT/CCid:VU#757612
db:CERT/CCid:VU#479268
db:VULHUBid:VHN-7248
db:BIDid:7894
db:CNNVDid:CNNVD-200306-054
db:NVDid:CVE-2003-0420

LAST UPDATE DATE

2024-08-14T14:09:05.440000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#757612date:2003-09-18T00:00:00
db:CERT/CCid:VU#479268date:2003-09-18T00:00:00
db:VULHUBid:VHN-7248date:2017-07-11T00:00:00
db:BIDid:7894date:2009-07-11T22:06:00
db:CNNVDid:CNNVD-200306-054date:2005-10-20T00:00:00
db:NVDid:CVE-2003-0420date:2017-07-11T01:29:32.057

SOURCES RELEASE DATE

db:CERT/CCid:VU#757612date:2003-06-24T00:00:00
db:CERT/CCid:VU#479268date:2003-06-24T00:00:00
db:VULHUBid:VHN-7248date:2003-06-13T00:00:00
db:BIDid:7894date:2003-06-13T00:00:00
db:CNNVDid:CNNVD-200306-054date:2003-06-13T00:00:00
db:NVDid:CVE-2003-0420date:2003-06-13T04:00:00