Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:24962
HistoryApr 10, 2020 - 1:10 a.m.

Arbitrary Code Execution

2020-04-1001:10:15
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12

0.001 Low

EPSS

Percentile

26.5%

httpd is vulnerable to arbitrary code execution. The vulnerability exists as an integer overflow flaw, leading to a heap-based buffer overflow, was found in the way httpd performed substitutions in regular expressions. An attacker able to set certain httpd settings, such as a user permitted to override the httpd configuration for a specific directory using a “.htaccess” file, could use this flaw to crash the httpd child process or, possibly, execute arbitrary code with the privileges of the “apache” user.

References