CVE-2003-0016 — Apache before 2
Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
Published
2004-09-01T04:00:00.000Z
Last modified
2024-08-08T01:36:25.436Z
01What is this vulnerability?
Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
02Affected products
| Vendor | Product | Versions |
|---|
| n | a / n/a | n/a |
03Active exploitation status
Not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog. EPSS is the best forward-looking signal — see the EPSS row above.
04Recommended remediation
- Patch to a fixed version listed in the vendor advisory (see references below).
- Mitigate with WAF rules, network egress filters, or feature flags where the patch is not yet available.
- Hunt historical logs for exploitation indicators — see Detection signatures below.
05Technical details
For the full vendor write-up, exploit chains, and reference implementations, see the references list in section 09.
06Detection signatures
Open the Sigma generator with a pre-filled prompt for this CVE to draft a starting detection in your stack of choice:
Open in Sigma generator →
07Related CVEs
No directly-cited follow-up CVEs in the KB record for this advisory. The references list in section 09 carries the vendor cross-references.
08Timeline
- Published: 2004-09-01T04:00:00.000Z
- Last modified: 2024-08-08T01:36:25.436Z
09References
- exchange.xforce.ibmcloud.com — https://exchange.xforce.ibmcloud.com/vulnerabilities/11125
- marc.info — http://marc.info/?l=apache-httpd-announce&m=104313442901017&w=2
- www.kb.cert.org — http://www.kb.cert.org/vuls/id/979793
- www.kb.cert.org — http://www.kb.cert.org/vuls/id/825177
- www.securityfocus.com — http://www.securityfocus.com/bid/6659
- www.apacheweek.com — http://www.apacheweek.com/issues/03-01-24#security
- exchange.xforce.ibmcloud.com — https://exchange.xforce.ibmcloud.com/vulnerabilities/11124
- lists.apache.org — https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e0593…
- lists.apache.org — https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181e…
- lists.apache.org — https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0…
- lists.apache.org — https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426…
- lists.apache.org — https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90b…
- lists.apache.org — https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1e…
- lists.apache.org — https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125…
- lists.apache.org — https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b21…
- lists.apache.org — https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f08…
- lists.apache.org — https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e33…
- lists.apache.org — https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f8…
- lists.apache.org — https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390…
Want this in your SOAR or SIEM?
SARA's API returns EPSS, CVSS, KEV, and an analyst-grade summary in one call.
Read the API reference →