High severity7.1NVD Advisory· Published Nov 17, 2003· Updated Apr 16, 2026

CVE-2003-0844

Description

mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.

Affected products

Schroepl/Mod Gzip
cpe:2.3:a:schroepl:mod_gzip:*:*:*:*:*:*:*:*
Range: <=1.3.26.1a

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

marc.infonvdMailing List

News mentions

No linked articles in our index yet.

cvss	0.461
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000