| VID |
22228 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The version of the Apache Web server is older than 1.3.29. Apache 1.x versions before 1.0.29 contain multiple buffer overflows in mod_alias and mod_rewrite, related to a regular expression with more than 9 captures.
The significant change in 1.3.29 as compared to 1.3.28 is that 1.3.29 addresses and fixes 1 potential security issue which allows local attackers to possibly execute arbitrary code through mod_alias and mod_rewrite.
* Note: This check solely relied on the version number of the remote Apache server to assess this vulnerability, so this might be a false positive.
* References:
http://apache.secsup.org/dist/httpd/Announcement.html
* Platforms Affected:
Apache HTTP Server 1.x before 1.3.29
Windows Any version
UNIX/Linux Any version |
| Recommendation |
Upgrade to the latest version of Apache HTTP Server (1.3.29 later), available from the Apache Software Foundation download site, http://httpd.apache.org/download.cgi |
| Related URL |
CVE-2003-0542 (CVE) |
| Related URL |
8911 (SecurityFocus) |
| Related URL |
(ISS) |
|
