Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
BID:12181
Info
Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
| Bugtraq ID: | 12181 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Jan 06 2005 12:00AM |
| Updated: | Jan 06 2005 12:00AM |
| Credit: | This vulnerability was disclosed by the LSS Security Team <[email protected]>. |
| Vulnerable: |
mod_dosevasive mod_dosevasive 1.9 mod_dosevasive mod_dosevasive 1.8 |
| Not Vulnerable: | |
Discussion
Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
A local temporary file creation vulnerability reportedly affects mod_dosevasive. This issue is due to a failure of the module to create and write to temporary files in a secure manner.
An attacker may leverage this issue to write to arbitrary files on the affected computer with the privileges of the web server utilizing the affected module.
A local temporary file creation vulnerability reportedly affects mod_dosevasive. This issue is due to a failure of the module to create and write to temporary files in a secure manner.
An attacker may leverage this issue to write to arbitrary files on the affected computer with the privileges of the web server utilizing the affected module.
Exploit / POC
Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
An exploit is not required.
An exploit is not required.
Solution / Fix
Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
References:
References:
- LSS Security Advisory #LSS-2005-01-01 (LSS Security)
- mod_dosevasive Home Page (mod_dosevasive)