CVE Vulnerabilities

CVE-2007-1742

Published: Apr 13, 2007 | Modified: Nov 07, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
3.7 LOW
AV:L/AC:H/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using html_backup and htmleditor under an html directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because the attacks described rely on an insecure server configuration in which the user has write access to the document root.

Affected Software

Name Vendor Start Version End Version
Http_server Apache 2.2.3 2.2.3

References