Vulnerability Note VU#541310
Apache HTTP Server contains a buffer overflow in the mod_proxy module
Apache Web Server contains a buffer overflow vulnerability in the mod_proxy module that may allow a remote attacker to execute arbitrary code or launch a denial of service (DoS) attack.
The Apache Server is an open-source web server offered by The Apache Software Foundation. The Apache Server uses the mod_proxy module to implement proxying for various common protocols such as FTP and HTTP. In versions of Apache prior to and including 1.3.31-r2, the mod_proxy module contains a buffer overflow vulnerability located in the file proxy_util.c. To exploit this vulnerability an attacker must persuade an Apache server with mod_proxy enabled to connect to a malicious server configured to return an invalid content-length header.
A remote attacker may be able to execute arbitrary code with the privileges of an Apache child process. Exploitation of this vulnerability may completely disable the Apache
server resulting in a denial-of-service condition.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Apache||Affected||-||20 Aug 2004|
CVSS Metrics (Learn More)
This vulnerability was reported by Georgi Guninski.
This document was written by Jeff Gennari.
- CVE IDs: CAN-2004-0492
- Date Public: 10 Jun 2004
- Date First Published: 19 Oct 2004
- Date Last Updated: 19 Oct 2004
- Severity Metric: 4.02
- Document Revision: 106
If you have feedback, comments, or additional information about this vulnerability, please send us email.