mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Http_server | Apache | 1.3 (including) | 1.3 (including) |
Http_server | Apache | 1.3.1 (including) | 1.3.1 (including) |
Http_server | Apache | 1.3.3 (including) | 1.3.3 (including) |
Http_server | Apache | 1.3.4 (including) | 1.3.4 (including) |
Http_server | Apache | 1.3.6 (including) | 1.3.6 (including) |
Http_server | Apache | 1.3.7 (including) | 1.3.7 (including) |
Http_server | Apache | 1.3.9 (including) | 1.3.9 (including) |
Http_server | Apache | 1.3.11 (including) | 1.3.11 (including) |
Http_server | Apache | 1.3.12 (including) | 1.3.12 (including) |
Http_server | Apache | 1.3.14 (including) | 1.3.14 (including) |
Http_server | Apache | 1.3.17 (including) | 1.3.17 (including) |
Http_server | Apache | 1.3.18 (including) | 1.3.18 (including) |
Http_server | Apache | 1.3.19 (including) | 1.3.19 (including) |
Http_server | Apache | 1.3.20 (including) | 1.3.20 (including) |
Http_server | Apache | 1.3.22 (including) | 1.3.22 (including) |
Http_server | Apache | 1.3.23 (including) | 1.3.23 (including) |
Http_server | Apache | 1.3.24 (including) | 1.3.24 (including) |
Http_server | Apache | 1.3.25 (including) | 1.3.25 (including) |
Http_server | Apache | 1.3.26 (including) | 1.3.26 (including) |
Http_server | Apache | 1.3.27 (including) | 1.3.27 (including) |
Http_server | Apache | 1.3.28 (including) | 1.3.28 (including) |
Http_server | Apache | 1.3.29 (including) | 1.3.29 (including) |
Apache | Ubuntu | dapper | * |
Apache | Ubuntu | edgy | * |
Apache | Ubuntu | feisty | * |