logo
DATABASE RESOURCES PRICING ABOUT US

Apache 2.4.x < 2.4.52 mod_lua Buffer Overflow

Description

The version of Apache httpd installed on the remote host is prior to 2.4.52. It is, therefore, affected by a flaw related to mod_lua when handling multipart content. A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerability though it might be possible to craft one. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.


Related