Apache Web Server contains a buffer overflow vulnerability in the mod_proxy module that may allow a remote attacker to execute arbitrary code or launch a denial of service (DoS) attack.
The Apache Server is an open-source web server offered by The Apache Software Foundation. The Apache Server uses the mod_proxy module to implement proxying for various common protocols such as FTP and HTTP. In versions of Apache prior to and including 1.3.31-r2, the mod_proxy module contains a buffer overflow vulnerability located in the file proxy_util.c. To exploit this vulnerability an attacker must persuade an Apache server with mod_proxy enabled to connect to a malicious server configured to return an invalid content-length header.
A remote attacker may be able to execute arbitrary code with the privileges of an Apache child process. Exploitation of this vulnerability may completely disable the Apache
server resulting in a denial-of-service condition.
This vulnerability was reported by Georgi Guninski.
This document was written by Jeff Gennari.
|Date First Published:||2004-10-19|
|Date Last Updated:||2004-10-19 17:55 UTC|