Lucene search

K
httpdApache Team FoundationHTTPD:186F8E9AD2C9495C370F3BFADE6F3CC4
HistoryJun 08, 2003 - 12:00 a.m.

Apache Httpd < 1.3.32 : mod_proxy buffer overflow

2003-06-0800:00:00
Apache Team Foundation
httpd.apache.org
15

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.012

Percentile

85.5%

A buffer overflow was found in the Apache proxy module, mod_proxy, which can be triggered by receiving an invalid Content-Length header. In order to exploit this issue an attacker would need to get an Apache installation that was configured as a proxy to connect to a malicious site. This would cause the Apache child processing the request to crash, although this does not represent a significant Denial of Service attack as requests will continue to be handled by other Apache child processes. This issue may lead to remote arbitrary code execution on some BSD platforms.

Affected configurations

Vulners
Node
apacheapache_httpdMatch1.3.31
OR
apacheapache_httpdMatch1.3.29
OR
apacheapache_httpdMatch1.3.28
OR
apacheapache_httpdMatch1.3.27
OR
apacheapache_httpdMatch1.3.26

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.012

Percentile

85.5%