CVE-2003-0843

Name of the Vulnerable Software and Affected Versions mod gzip versions 1.3.26.1a and earlier

Description The issue allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header, when mod gzip is running in debug mode and using the Apache log.

Recommendations For mod gzip versions 1.3.26.1a and earlier, consider disabling the debug mode as a temporary workaround until a patch is available. Restrict access to the Apache log to minimize the risk of exploitation. Avoid using format string characters in HTTP GET requests with an "Accept-Encoding: gzip" header until the issue is resolved.