CVE-2003-0542

Description

Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.

Category

7.2
CVSS
Severity: High
CVSS 2.0 •
EPSS 0.41%
Vendor Advisory sgi.com Vendor Advisory redhat.com Vendor Advisory mandrakesecure.net Vendor Advisory redhat.com Vendor Advisory marc.info Vendor Advisory apple.com Vendor Advisory sco.com Vendor Advisory redhat.com Vendor Advisory sgi.com Vendor Advisory securityfocus.com Vendor Advisory redhat.com Vendor Advisory sun.com Vendor Advisory redhat.com Vendor Advisory sun.com Vendor Advisory securityfocus.com
Affected: n/a n/a
Published at:
Updated at:

References

Link Tags
ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc vendor advisory
http://www.redhat.com/support/errata/RHSA-2004-015.html patch vendor advisory
http://secunia.com/advisories/10112 third party advisory
http://www.kb.cert.org/vuls/id/434566 third party advisory us government resource
http://secunia.com/advisories/10593 third party advisory
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:103 vendor advisory
http://www.redhat.com/support/errata/RHSA-2003-360.html vendor advisory
http://marc.info/?l=bugtraq&m=130497311408250&w=2 vendor advisory
http://httpd.apache.org/dist/httpd/Announcement2.html
http://lists.apple.com/mhonarc/security-announce/msg00045.html
http://lists.apple.com/archives/security-announce/2004/Jan/msg00000.html vendor advisory
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.6/SCOSA-2004.6.txt vendor advisory
http://www.redhat.com/support/errata/RHSA-2003-405.html vendor advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3799 vdb entry signature
http://www.securityfocus.com/bid/9504 vdb entry
http://www.securityfocus.com/archive/1/342674 mailing list
ftp://patches.sgi.com/support/free/security/advisories/20031203-01-U.asc vendor advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9458 vdb entry signature
http://secunia.com/advisories/10102 third party advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/13400 vdb entry
http://www.securityfocus.com/advisories/6079 vendor advisory
http://www.redhat.com/support/errata/RHSA-2005-816.html vendor advisory
http://secunia.com/advisories/10153 third party advisory
http://secunia.com/advisories/10098 third party advisory
http://secunia.com/advisories/10264 third party advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A864 vdb entry signature
http://secunia.com/advisories/10580 third party advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101841-1 vendor advisory
http://www.redhat.com/support/errata/RHSA-2003-320.html vendor advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101444-1 vendor advisory
http://secunia.com/advisories/10260 third party advisory
http://secunia.com/advisories/10463 third party advisory
http://marc.info/?l=bugtraq&m=106761802305141&w=2 mailing list
http://www.kb.cert.org/vuls/id/549142 third party advisory us government resource
http://docs.info.apple.com/article.html?artnum=61798
http://secunia.com/advisories/10096 third party advisory
http://secunia.com/advisories/10114 third party advisory
http://www.securityfocus.com/bid/8911 vdb entry patch vendor advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A863 vdb entry signature
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E mailing list

Frequently Asked Questions

What is the severity of CVE-2003-0542?
CVE-2003-0542 has been scored as a high severity vulnerability.
How to fix CVE-2003-0542?
To fix CVE-2003-0542, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2003-0542 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2003-0542 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.