| VID |
22279 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Apache web server, according to its banner, is vulnerable to a htpasswd Buffer Overflow Vulnerability.
The Apache, maintained by the Apache Software Foundation, is an extremely popular open-source Web server. Apache HTTP Server versions 1.3.31 and earlier are vulnerable to a stack-based buffer overflow vulnerability, caused by improper bounds checking of the user and passwd variables in htpasswd.c. This vulnerability could allow a local attacker to overflow a buffer and execute arbitrary code on the system.
* Note: This check solely relied on the banner of the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0547.html
* Platforms Affected:
Apache HTTP Server 1.3.31 and earlier
Any operating system Any version |
| Recommendation |
No upgrade or patch available as of September 2004.
Upgrade to the fixed version of Apache (1.3.31 or later), when new fixed version becomes available from Apache HTTP Server Project Web site at http://httpd.apache.org |
| Related URL |
(CVE) |
| Related URL |
13777,13778 (SecurityFocus) |
| Related URL |
17413 (ISS) |
|
