Apache Httpd < 2.2.29: mod_status buffer overflow

2014-05-30T00:00:00
ID HTTPD:E3EA50E892151D4F57BF7B9A57DDA94D
Type httpd
Reporter Marek Kroemeke, AKAT-1 and 22733db72ab3ed94b5f8a1ffcde850251fe6f466 via HP ZDI
Modified 2014-09-03T00:00:00

Description

A race condition was found in mod_status. An attacker able to access a public server status page on a server using a threaded MPM could send a carefully crafted request which could lead to a heap buffer overflow. Note that it is not a default or recommended configuration to have a public accessible server status page.