VYPR

Mod Gzip

by Schroepl

CVEs (3)

  • CVE-2003-0844HigNov 17, 2003
    risk 0.46cvss 7.1epss 0.00

    mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on…

  • CVE-2003-0842Nov 17, 2003
    risk 0.03cvss epss 0.04

    Stack-based buffer overflow in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode, allows remote attackers to execute arbitrary code via a long filename in a GET request with an "Accept-Encoding: gzip" header.

  • CVE-2003-0843Nov 17, 2003
    risk 0.00cvss epss 0.02

    Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request…