CVE-2004-2343

high Apache
CVSS v3 Base Score
7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS Score
0.2%
Exploitation probability in 30 days
Top 62% most likely to be exploited
Attack Characteristics
Attack Vector
Local
Attack Complexity
Low
Confidentiality
C
Integrity
C
Availability
C
Published: December 31, 2004 (7804 days ago)
Last Modified: April 16, 2026
Vendor: Apache
Source: NVD

Description

Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument

CWE

NVD-CWE-Other

Affected Products

apache http server

References

🔗 archives.neohapsis.com 🔗 archives.neohapsis.com 🔗 archives.neohapsis.com 🔗 exchange.xforce.ibmcloud.com 🔗 archives.neohapsis.com