Lucene search

K
saintSAINT CorporationSAINT:B6E89161F5A85A6F227960760297B726
HistoryMay 08, 2006 - 12:00 a.m.

Apache chunked encoding buffer overflow

2006-05-0800:00:00
SAINT Corporation
www.saintcorporation.com
124

0.753 High

EPSS

Percentile

98.2%

Added: 05/08/2006
CVE: CVE-2002-0392
BID: 5033
OSVDB: 838

Background

Apache web servers support chunked encoding, which is used by a web client to send data to the server in parts, or chunks.

Problem

A flaw in the calculation of the size of chunked encoding leads to a buffer overflow, allowing remote command execution.

Resolution

Upgrade to the latest version of Apache.

References

<http://www.cert.org/advisories/CA-2002-17.html&gt;

Limitations

Due to the nature of this vulnerability, this exploit may not always be reliable.

Platforms

Windows