CVE-2004-2343

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.0.47 and earlier

Description: The issue allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. It is noted that the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.

Recommendations: For Apache HTTP Server versions 2.0.47 and earlier, consider restricting access to the ErrorDocument directive to prevent local users from bypassing .htaccess file restrictions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.