Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2007-1742
Modified
More InfoOfficial Page
Source-secalert@redhat.com
View Known Exploited Vulnerability (KEV) details
Published At-13 Apr, 2007 | 17:19
Updated At-07 Nov, 2023 | 02:00

suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.03.7LOW
AV:L/AC:H/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 3.7
Base severity: LOW
Vector:
AV:L/AC:H/Au:N/C:P/I:P/A:P
CPE Matches
The Apache Software Foundation
apache
>>http_server>>2.2.3
cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
Organization : Red Hat
Last Modified : 2007-04-19T00:00:00

These attacks are reliant on an insecure configuration of the server - that the user the server runs as has write access to the document root. The suexec security model is not intented to protect against privilege escalation in such a configuration

References
HyperlinkSourceResource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=511secalert@redhat.com
N/A
http://marc.info/?l=apache-httpd-dev&m=117511568709063&w=2secalert@redhat.com
N/A
http://marc.info/?l=apache-httpd-dev&m=117511834512138&w=2secalert@redhat.com
N/A
http://osvdb.org/38640secalert@redhat.com
N/A
http://www.securitytracker.com/id?1017904secalert@redhat.com
N/A
Hyperlink: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=511
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://marc.info/?l=apache-httpd-dev&m=117511568709063&w=2
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://marc.info/?l=apache-httpd-dev&m=117511834512138&w=2
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://osvdb.org/38640
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1017904
Source: secalert@redhat.com
Resource: N/A
Change History
0Changes found
Details not found