CVE-2007-1742

NONECVSS 0.0

0.0

suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."

🔗 References (10)

secalert@redhathttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=511
secalert@redhathttp://marc.info/?l=apache-httpd-dev&m=117511568709063&w=2
secalert@redhathttp://marc.info/?l=apache-httpd-dev&m=117511834512138&w=2
secalert@redhathttp://osvdb.org/38640
secalert@redhathttp://www.securitytracker.com/id?1017904
af854a3a-2127-422b-91ae-364da2661108http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=511
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=apache-httpd-dev&m=117511568709063&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=apache-httpd-dev&m=117511834512138&w=2
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/38640
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1017904

Is Your Infrastructure Affected by CVE-2007-1742?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2007-1742

📅 Published

🔄 Last Modified

🔗 References (10)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2007-1742?