CVE-2003-0844

{"id": "CVE-2003-0844", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 1.8}]}, "published": "2003-11-17T05:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=105457180009860&w=2", "tags": ["Mailing List"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-59"}]}], "descriptions": [{"lang": "en", "value": "mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the \"Strengthen default permissions of internal system objects\" policy is not enabled."}, {"lang": "es", "value": "mod_gzip 1.3.26 y anteriores y anteriores, y posiblemente versiones oficiales posteriores, cuando corren en modo de depuraci\u00f3n sin el log de Apache, lo que permite a usuarios locales sobreescribir ficheros arbitrarios mediante\r\nUn ataque de de enlaces simb\u00f3licos en nombres de fichero temporales en sistemas Unix, o\r\nun enlace duro NTFS en sistemas Windows cuando la pol\u00edtica de \"Reforzar permisos por defecto de objetos internos del sistema\" no est\u00e1 establecida."}], "lastModified": "2024-02-16T20:29:20.857", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:schroepl:mod_gzip:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A0891F87-B15D-441C-ABF1-6E0328466087", "versionEndIncluding": "1.3.26.1a"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}