Apache chunked encoding buffer overflow

2006-05-08T00:00:00
ID SAINT:399EF180849727C5C8C2DB4378F050B0
Type saint
Reporter SAINT Corporation
Modified 2006-05-08T00:00:00

Description

Added: 05/08/2006
CVE: CVE-2002-0392
BID: 5033
OSVDB: 838

Background

Apache web servers support chunked encoding, which is used by a web client to send data to the server in parts, or chunks.

Problem

A flaw in the calculation of the size of chunked encoding leads to a buffer overflow, allowing remote command execution.

Resolution

Upgrade to the latest version of Apache.

References

<http://www.cert.org/advisories/CA-2002-17.html>

Limitations

Due to the nature of this vulnerability, this exploit may not always be reliable.

Platforms

Windows