Unrated severityNVD Advisory· Published Dec 31, 2004· Updated Apr 16, 2026

CVE-2004-2343

Description

Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument

Affected products

Apache/HTTP Server2 versions
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*range: <=2.0.47
- (no CPE)range: <=2.0.47

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

archives.neohapsis.com/archives/bugtraq/2004-02/0043.htmlnvdVendor Advisory
archives.neohapsis.com/archives/bugtraq/2004-02/0064.htmlnvd
archives.neohapsis.com/archives/bugtraq/2004-02/0120.htmlnvd
exchange.xforce.ibmcloud.com/vulnerabilities/15015nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000