CVE-2003-1307
First published: Wed Dec 31 2003(Updated: )
** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Http Server | =2.0 | |
| Apache Http Server | =2.0.9 | |
| Apache Http Server | =2.0.28 | |
| Apache Http Server | =2.0.28-beta | |
| Apache Http Server | =2.0.28-beta | |
| Apache Http Server | =2.0.32 | |
| Apache Http Server | =2.0.32-beta | |
| Apache Http Server | =2.0.34-beta | |
| Apache Http Server | =2.0.35 | |
| Apache Http Server | =2.0.36 | |
| Apache Http Server | =2.0.37 | |
| Apache Http Server | =2.0.38 | |
| Apache Http Server | =2.0.39 | |
| Apache Http Server | =2.0.40 | |
| Apache Http Server | =2.0.41 | |
| Apache Http Server | =2.0.42 | |
| Apache Http Server | =2.0.43 | |
| Apache Http Server | =2.0.44 | |
| Apache Http Server | =2.0.45 | |
| Apache Http Server | =2.0.46 | |
| Apache Http Server | =2.0.46 | |
| Apache Http Server | =2.0.47 | |
| Apache Http Server | =2.0.48 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2003-1307?
CVE-2003-1307 is considered a local security vulnerability that could allow local users to interfere with the Apache HTTP Server process.
How do I fix CVE-2003-1307?
To mitigate CVE-2003-1307, restrict write access to PHP scripts for local users and consider upgrading to a patched version of the Apache HTTP Server.
What versions of Apache HTTP Server are affected by CVE-2003-1307?
CVE-2003-1307 affects several versions of Apache HTTP Server including 2.0.9 to 2.0.48.
Who is at risk with CVE-2003-1307?
Local users who have write access to PHP scripts on the server pose a risk with CVE-2003-1307.
Is CVE-2003-1307 still relevant today?
While CVE-2003-1307 primarily affects older versions of Apache, it is important for administrators of legacy systems to be aware of this vulnerability.
- agent/references
- agent/author
- agent/type
- agent/first-publish-date
- agent/severity
- agent/weakness
- agent/status
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/event
- agent/last-modified-date
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- collector/nvd-index
- agent/softwarecombine
- agent/tags
- agent/source
- vendor/apache
- canonical/apache http server
- version/apache http server/2.0.42
- version/apache http server/2.0.47
- version/apache http server/2.0.28-beta
- version/apache http server/2.0.35
- version/apache http server/2.0.37
- version/apache http server/2.0.32-beta
- version/apache http server/2.0.44
- version/apache http server/2.0.34-beta
- version/apache http server/2.0.39
- version/apache http server/2.0.28
- version/apache http server/2.0.38
- version/apache http server/2.0.43
- version/apache http server/2.0.9
- version/apache http server/2.0
- version/apache http server/2.0.36
- version/apache http server/2.0.45
- version/apache http server/2.0.46
- version/apache http server/2.0.32
- version/apache http server/2.0.40
- version/apache http server/2.0.41
- version/apache http server/2.0.48
- status/disputed