CVE-2004-2343
First published: Fri Dec 31 2004(Updated: )
** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Http Server | <=2.0.47 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2004-2343?
CVE-2004-2343 has been classified as a moderate severity vulnerability.
How do I fix CVE-2004-2343?
To mitigate CVE-2004-2343, update your Apache HTTP Server to version 2.0.48 or later.
What systems are affected by CVE-2004-2343?
CVE-2004-2343 affects Apache HTTP Server versions up to and including 2.0.47.
What does CVE-2004-2343 allow attackers to do?
CVE-2004-2343 allows local users to bypass .htaccess file restrictions using ErrorDocument directives.
Is CVE-2004-2343 still relevant today?
While CVE-2004-2343 was identified nearly two decades ago, it may still be relevant for systems using outdated versions of Apache.
- agent/references
- agent/author
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/severity
- agent/status
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/event
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/softwarecombine
- status/disputed
- vendor/apache
- canonical/apache http server
- version/apache http server/2.0.47