Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-q2hz-2qtr-dbht
Vulnerability ID VCID-q2hz-2qtr-dbht
Aliases CVE-2007-1741
Summary Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
Status Published
Exploitability 0.5
Weighted Severity 5.6
Risk 2.8
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
System Score Found at
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
cvssv2 6.2 https://nvd.nist.gov/vuln/detail/CVE-2007-1741
Reference id Reference type URL
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=511
http://marc.info/?l=apache-httpd-dev&m=117511568709063&w=2
http://marc.info/?l=apache-httpd-dev&m=117511834512138&w=2
http://osvdb.org/38639
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1741.json
https://api.first.org/data/v1/epss?cve=CVE-2007-1741
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1741
https://exchange.xforce.ibmcloud.com/vulnerabilities/33584
http://www.securityfocus.com/bid/23438
http://www.securitytracker.com/id?1017904
cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*
CVE-2007-1741 https://nvd.nist.gov/vuln/detail/CVE-2007-1741
No exploits are available.
Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2007-1741
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.26116
EPSS Score 0.00093
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T15:01:16.482722+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1741.json 38.0.0