CVE-2007-1741

NONECVSS 0.0

0.0

Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."

🔗 References (14)

secalert@redhathttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=511
secalert@redhathttp://marc.info/?l=apache-httpd-dev&m=117511568709063&w=2
secalert@redhathttp://marc.info/?l=apache-httpd-dev&m=117511834512138&w=2
secalert@redhathttp://osvdb.org/38639
secalert@redhathttp://www.securityfocus.com/bid/23438
secalert@redhathttp://www.securitytracker.com/id?1017904
secalert@redhathttps://exchange.xforce.ibmcloud.com/vulnerabilities/33584
af854a3a-2127-422b-91ae-364da2661108http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=511
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=apache-httpd-dev&m=117511568709063&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=apache-httpd-dev&m=117511834512138&w=2
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/38639
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/23438
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1017904
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/33584

Is Your Infrastructure Affected by CVE-2007-1741?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2007-1741

📅 Published

🔄 Last Modified

🔗 References (14)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2007-1741?