Apache HTTP Server allows remote attackers to obtain sensitive information (CVE 2003-1418)

Mar 28, 2023

Apache HTTP Server allows remote attackers to obtain sensitive information

Summary

This vulnerability applies to functionality when the system uses Apache HTTP Server in certain versions. No Supported TeraStations use these versions. Some scanning tools have reported a false positive.

TeraStation Series	Apache Version
TS7010	Web Access: 2.4.23
TS6000 / TS5020	Web Access: 2.4.23; Trend Micro AV: 1.3.42
TS5010 / TS3010 / TS3020	Web Access: 2.4.23; Trend Micro AV: 1.3.42

Vulnerability ID	Vulnerability Overview
CVE 2003-1418	Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child process IDs (PID).

Affected Supported TeraStations

None

Back to Security Notices

Date	Description
3/16/2022	Initial release

Network Attached Storage

Portable Solid State Drive (SSD)

External Hard Drives

While Supplies Last

Optical Drives

Multi-Gigabit Switches

Accessories

View All

Case Studies

Blog & Helpful Tips

White Papers

Data Security

Webinars

Latest Article

Buffalo Americas Announces FIPS 140 CAVP Validation for Cryptographic Security on TeraStation 5020 and 7010 Series Network Storage

Get Support

Forums

Knowledge Base

Data Recovery

Security Notices

Warranty Information

Apache HTTP Server allows remote attackers to obtain sensitive information (CVE 2003-1418)

Apache HTTP Server allows remote attackers to obtain sensitive information