CVE-2003-1307

medium

Apache

CVSS v3 Base Score

4.3

AV:L/AC:L/Au:S/C:P/I:P/A:P

EPSS Score

1.2%

Exploitation probability in 30 days

Top 21% most likely to be exploited

Attack Characteristics

Attack Vector

Local

Attack Complexity

Low

Confidentiality

Integrity

Availability

Published: December 31, 2003 (8170 days ago)

Last Modified: April 16, 2026

Vendor: Apache

Source: NVD

Description

The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP.

CWE

NVD-CWE-Other

Affected Products

apache http server

References

🔗 bugs.php.net 🔗 hackerdom.ru 🔗 www.securityfocus.com 🔗 www.securityfocus.com 🔗 www.securityfocus.com

CVE-2003-1307

Vulnerability Report

Description

CWE

Affected Products

References