| VID |
22298 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Apache HTTP server, according to its banner, has a Local Buffer Overflow Vulnerability in 'mod_include' module.
Apache HTTP Server version 1.3.x are vulnerable to a buffer overflow in the get_tag() function of the 'mod_include' module, caused by a failure to properly validate the lengths of user-supplied tag strings prior to copying them. By issuing a specially-crafted URL to the 'get_tag' function in the 'mod_include' module, a local attacker could overflow a buffer and possibly execute arbitrary code on the system with the privileges of the Apache server.
* Note: This check solely relied on the banner of the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://www.securitytracker.com/alerts/2004/Oct/1011783.html
* Platforms Affected:
Apache Software Foundation, Apache HTTP Server 1.3.x prior to 1.3.33
Linux Any version
Unix Any version |
| Recommendation |
No upgrade or patch available as of October 2004.
Upgrade to the new version of Apache, when new version fixed this problem becomes available from the Apache Software Foundation Web site at http://httpd.apache.org/ |
| Related URL |
CVE-2004-0940 (CVE) |
| Related URL |
11471 (SecurityFocus) |
| Related URL |
17785 (ISS) |
|
