| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.9 | $0-$5k | 0.00 |
Summary
A vulnerability categorized as problematic has been discovered in Apache HTTP Server up to 2.0.46. This affects an unknown function of the component Prefork MPM. The manipulation results in denial of service. This vulnerability is reported as CVE-2003-0253. The attack requires a local approach. No exploit exists. It is advisable to upgrade the affected component.
Details
A vulnerability classified as problematic has been found in Apache HTTP Server up to 2.0.46 (Web Server). Affected is an unknown functionality of the component Prefork MPM. The manipulation with an unknown input leads to a denial of service vulnerability. CWE is classifying the issue as CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use. This is going to have an impact on availability. CVE summarizes:
The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
The weakness was disclosed 07/09/2003 by Saheed Akhtar (Website). The advisory is available at apache.org. This vulnerability is traded as CVE-2003-0253 since 05/06/2003. Local access is required to approach this attack. The exploitation doesn't require any form of authentication. The technical details are unknown and an exploit is not available.
The vulnerability scanner Nessus provides a plugin with the ID 14058 (Mandrake Linux Security Advisory : apache2 (MDKSA-2003:075-1)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Mandriva Local Security Checks. The commercial vulnerability scanner Qualys is able to test this issue with plugin 86562 (Miscellaneous Apache Vulnerabilities (2.0.46 and earlier)).
Upgrading eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at httpd.apache.org. The best possible mitigation is suggested to be upgrading to the latest version.
The vulnerability is also documented in the databases at X-Force (12551), Tenable (14058), SecurityFocus (BID 8137†) and Vulnerability Center (SBV-1923†). The entries VDB-161 and VDB-163 are pretty similar. If you want to get best quality of vulnerability data, you may have to visit VulDB.
Product
Type
Vendor
Name
Version
- 2.0.0
- 2.0.1
- 2.0.2
- 2.0.3
- 2.0.4
- 2.0.5
- 2.0.6
- 2.0.7
- 2.0.8
- 2.0.9
- 2.0.10
- 2.0.11
- 2.0.12
- 2.0.13
- 2.0.14
- 2.0.15
- 2.0.16
- 2.0.17
- 2.0.18
- 2.0.19
- 2.0.20
- 2.0.21
- 2.0.22
- 2.0.23
- 2.0.24
- 2.0.25
- 2.0.26
- 2.0.27
- 2.0.28
- 2.0.29
- 2.0.30
- 2.0.31
- 2.0.32
- 2.0.33
- 2.0.34
- 2.0.35
- 2.0.36
- 2.0.37
- 2.0.38
- 2.0.39
- 2.0.40
- 2.0.41
- 2.0.42
- 2.0.43
- 2.0.44
- 2.0.45
- 2.0.46
License
Support
- end of life (old version)
Website
- Vendor: https://www.apache.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.2VulDB Meta Temp Score: 5.9
VulDB Base Score: 6.2
VulDB Temp Score: 5.9
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Denial of serviceCWE: CWE-404
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 14058
Nessus Name: Mandrake Linux Security Advisory : apache2 (MDKSA-2003:075-1)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Patch: httpd.apache.org
Timeline
05/06/2003 🔍07/08/2003 🔍
07/09/2003 🔍
07/09/2003 🔍
08/18/2003 🔍
08/18/2003 🔍
09/04/2003 🔍
08/23/2025 🔍
Sources
Vendor: apache.orgAdvisory: apache.org
Researcher: Saheed Akhtar
Status: Confirmed
CVE: CVE-2003-0253 (🔍)
GCVE (CVE): GCVE-0-2003-0253
GCVE (VulDB): GCVE-100-162
OVAL: 🔍
X-Force: 12551
SecurityFocus: 8137
Vulnerability Center: 1923 - DoS in Apache 2.0-2.0.46 via Wrong Handling of Errors from Accept Function, High
See also: 🔍
Entry
Created: 07/09/2003 02:00Updated: 08/23/2025 21:28
Changes: 07/09/2003 02:00 (66), 04/16/2019 15:10 (7), 10/09/2020 10:52 (1), 10/09/2020 10:53 (1), 03/08/2021 13:52 (3), 03/08/2021 13:57 (1), 08/23/2025 21:28 (18)
Complete: 🔍
Cache ID: 216::103
If you want to get best quality of vulnerability data, you may have to visit VulDB.

No comments yet. Languages: en.
Please log in to comment.