| VID |
22267 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
Apache HTTP Server is vulnerable to a heap-based buffer overflow in the mod_proxy module.
The versions 1.3.26 through 1.3.31 of Apache HTTP Server contains a buffer overflow vulnerability that can allow a remote attacker to cause a denial of service attack or possibly execute arbitrary code. It's caused by a lack of verification on the Content-Length field.
By supplying a specially-crafted negative Content-Length value, a remote attacker could a denial of service or execute arbitrary code on the remote system via mod_proxy connect to a malicious server, which will return a invalid Content-Length value.
* Note: This check solely relied on the version number of the remote Apache server to assess this vulnerability, so this might be a false positive. If the Apache server has not loaded the mod_proxy module, please ignore this alert.
* References:
http://marc.theaimsgroup.com/?l=apache-httpd-dev&m=108687304202140
http://www.guninski.com/modproxy1.html
* Platforms Affected:
Apache HTTP Server 1.3.26 to 1.3.31
Debian Linux 3.0
Gentoo Linux Any version
OpenPKG 1.3, 2.0, CURRENT
Red Hat Advanced Workstation 2.1AS, Enterprise Linux 2.1AS, 2.1ES, 2.1WS
Any operating system Any version |
| Recommendation |
For Red Hat Linux:
Upgrade to the latest Apache package, as listed in Red Hat Security Advisory RHSA-2004:245-14 at https://rhn.redhat.com/errata/RHSA-2004-245.html
For OpenPKG:
Upgrade to the latest Apache package, as listed in OpenPKG Security Advisory OpenPKG-SA-2004.029-apache at http://www-1.ibm.com/services/continuity/recover1.nsf/mss/MSS-OAR-E01-2004.0808.1
For Debian GNU/Linux 3.0 (woody):
Upgrade to the latest Apache package (1.3.26-0woody5 or later), as listed in Debian Security Advisory DSA-525-1 at http://www.debian.org/security/2004/dsa-525
For Gentoo Linux Security:
Upgrade to the latest version of Apache (1.3.31-r2 or later), as listed in Gentoo Linux Security Advisory GLSA 200406-16 at http://www.linuxsecurity.com/advisories/gentoo_advisory-4515.html
For other distributions:
Contact your vendor for upgrade or patch information. |
| Related URL |
CVE-2004-0492 (CVE) |
| Related URL |
10508 (SecurityFocus) |
| Related URL |
16387 (ISS) |
|
