Apache MS-DOS Device Name Vulnerability
Publish date: July 21, 2015
Severity: HIGH
CVE Identifier: CVE-2003-0016
Advisory Date: JUL 21, 2015
DESCRIPTION
Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
TREND MICRO PROTECTION INFORMATION
Apply associated Trend Micro DPI Rules.
SOLUTION
Trend Micro Deep Security DPI Rule Number: 1000632
Trend Micro Deep Security DPI Rule Name: 1000632 - Apache MS-DOS Device Name Vulnerability
AFFECTED SOFTWARE AND VERSION
- Apache Software Foundation Apache 2.0.36
- Apache Software Foundation Apache 2.0.37
- Apache Software Foundation Apache 2.0.38
- Apache Software Foundation Apache 2.0.39
- Apache Software Foundation Apache 2.0.40
- Apache Software Foundation Apache 2.0.41
- Apache Software Foundation Apache 2.0.42
- Apache Software Foundation Apache 2.0.43
Featured Stories
One Flaw too Many: Vulnerabilities in SCADA SystemsWhat is the current state of SCADA vulnerabilities? Staying informed is essential in the fight against exploits and cyberattacks with real-world consequences.Read more
Drilling Deep: A Look at Cyberattacks on the Oil and Gas IndustryWe break down the digital attacks against the oil and gas industry and its supply chain.Read more
Halloween Exploits Scare: BlueKeep, Chrome’s Zero-Days in the WildPatch now: Two Chrome zero-days were reported, one of them actively exploited in a campaign. Meanwhile, BlueKeep was initially reported seen in the wild to install a malicious Monero miner.Read more
PHP-FPM Vulnerability (CVE-2019-11043) can Lead to Remote Code Execution in NGINX Web ServersAdministrators of NGINX web servers running PHP-FPM are advised to patch a vulnerability (CVE-2019-11043) that can let threat actors execute remote code on vulnerable, NGINX-enabled web servers. Here’s what you need to know.Read more