Search for vulnerabilities
Vulnerability details: VCID-9rrd-gxq4-aaab
Vulnerability ID VCID-9rrd-gxq4-aaab
Aliases CVE-2007-1741
Summary Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
Status Published
Exploitability 0.5
Weighted Severity 5.6
Risk 2.8
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
System Score Found at
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.0006 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.0006 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.0006 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.0006 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.0006 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.0006 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2007-1741
cvssv2 6.2 https://nvd.nist.gov/vuln/detail/CVE-2007-1741
Reference id Reference type URL
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=511
http://marc.info/?l=apache-httpd-dev&m=117511568709063&w=2
http://marc.info/?l=apache-httpd-dev&m=117511834512138&w=2
http://osvdb.org/38639
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1741.json
https://api.first.org/data/v1/epss?cve=CVE-2007-1741
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1741
https://exchange.xforce.ibmcloud.com/vulnerabilities/33584
http://www.securityfocus.com/bid/23438
http://www.securitytracker.com/id?1017904
cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*
CVE-2007-1741 https://nvd.nist.gov/vuln/detail/CVE-2007-1741
No exploits are available.
Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2007-1741
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.04980
EPSS Score 0.00042
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.