| VID |
22151 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Apache web server, according to its version number, has several flaws relative to MS-DOS device name. These flaws in Apache web servers before version 2.0.44 allow a remote attacker to crash the server via request for MS-DOS device name or even execute arbitrary code via crafted POST request containing MS-DOS device name, but it only affects Windows 9x and Windows ME.
* Note: This check solely relied on the banner of the remote web server to assess this vulnerability, so this might be a false positive. If the OS of target system is not Windows 9x or ME then ignore this advisory.
* References:
http://online.securityfocus.com/bid/6659
http://lists.netsys.com/pipermail/full-disclosure/2003-January/003653.html
* Platforms Affected:
Apache before 2.0.44
MS Windows ME
MS Windows 9x |
| Recommendation |
Upgrade to version 2.0.44 or later of Apache, available from:
http://httpd.apache.org/download.cgi |
| Related URL |
CVE-2003-0016 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
