Vulnerability Details : CVE-2004-2343
Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument
Products affected by CVE-2004-2343
- cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
Threat overview for CVE-2004-2343
Top countries where our scanners detected CVE-2004-2343
Top open port discovered on systems with this issue
7547
IPs affected by CVE-2004-2343 92,889
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2004-2343!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2004-2343
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2004-2343
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
Vendor statements for CVE-2004-2343
-
Red Hat 2006-08-30Red Hat does not consider this to be a security issue.
-
Apache 2008-07-02The .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
References for CVE-2004-2343
-
http://archives.neohapsis.com/archives/bugtraq/2004-02/0064.html
-
http://archives.neohapsis.com/archives/bugtraq/2004-02/0043.html
Vendor Advisory
-
http://archives.neohapsis.com/archives/bugtraq/2004-02/0120.html
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/15015
Apache httpd server httpd.conf could allow a local user to bypass restrictions CVE-2004-2343 Vulnerability Report
Jump to