CVE-2007-1742

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2007-1742

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2007-1742.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2007-1742

Downstream

DEBIAN-CVE-2007-1742

Published

2007-04-13T17:19:00Z

Modified

2025-08-09T19:01:28Z

Summary

[none]

Details

suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."

References

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=511
http://marc.info/?l=apache-httpd-dev&m=117511568709063&w=2
http://marc.info/?l=apache-httpd-dev&m=117511834512138&w=2
http://osvdb.org/38640
http://www.securitytracker.com/id?1017904

CVE-2007-1742

Affected packages