NVD

Id
53921  
Name
CVE-2007-1741  
Description
Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."  
Reject
 
CVSS Version
2  
CVSS Score
6.2  
Severity
Medium  
CVSS Base Score
6.2  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
1.9  
CVSS Vector
(AV:L/AC:H/Au:N/C:C/I:C/A:C)  
Pub Date
2017-01-07  
Published
2007-04-13  
Modified Date
2008-11-13  
Seq
2007-1741  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
273400 53921 CVE-2007-1741 20070411 Apache HTTPD suEXEC Multiple Vulnerabilities  View
273401 53921 CVE-2007-1741 [apache-http-dev] 20070328 [Fwd: iDefense Final Notice [IDEF1445]]  View
273402 53921 CVE-2007-1741 [apache-http-dev] 20070328 Re: [Fwd: iDefense Final Notice [IDEF1445]]  View
273403 53921 CVE-2007-1741 23438  View
273404 53921 CVE-2007-1741 1017904  View
273405 53921 CVE-2007-1741 apache-suexec-privilege-escalation(33584)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
53065 JVNDB-2007-001757 Apache httpd の suexec における任意のコードを実行される脆弱性 Apache HTTP Server (httpd) の suexec は、競合状態が発生するため、権限を昇格され、任意のコードを実行される脆弱性が存在します。 CVE-2007-1741 25096 CVE-2007-1741 53921 6.2 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-001757.html 2007-04-13 2012-06-26 View