CVE-2004-0747

Name of the Vulnerable Software and Affected Versions Apache versions 2.0.50 and earlier

Description A buffer overflow occurs during the expansion of environment variables in configuration file parsing, allowing a local user to gain the privileges of an httpd child by forcing the server to parse a carefully crafted .htaccess file. This issue was reported by the Swedish IT Incident Centre (SITIC).

Recommendations For Apache versions 2.0.50 and earlier, consider disabling the use of .htaccess files or restricting access to them until a fix is available. As a temporary workaround, limit the privileges of the httpd child process to minimize potential damage. At the moment, there is no information about a newer version that contains a fix for this vulnerability.