A format string vulnerability exists in the mod_tcl Apache module. This vulnerability may allow a remote attacker to execute arbitrary code.
The Apache HTTP Server, also known as httpd, is an open-source HTTP server that runs on Microsoft Windows, Linux, Unix, and Apple OS X Operating Systems. Apache modules can be used to extend the functionality of the Apache web server. The mod_tcl module is a scripting module that allows Apache to run TCL scripts natively.
There is a format string vulnerability in the mod_tcl module that may allow an attacker to execute arbitrary code.
A remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the httpd process.
Thanks to the mod_tcl and Gentoo teams for providing information about this vulnerability.
This document was written by Ryan Giobbi.
|Date First Published:||2006-11-07|
|Date Last Updated:||2006-11-07 18:56 UTC|