OSVDB ID: 27588

Title: Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow

Info

Disclosure
Jul 28, 2006

Discovery
Unknown

Dates

Exploit
Aug 20, 2006

Solution
Unknown

Description

 A remote overflow exists in Apache HTTP Server's 'mod_rewrite' module when using LDAP scheme handling and specific rules (see technical desc). The Apache Server fails to check input boundaries resulting in an off-by-one overflow. With a specially crafted request, an attacker can cause a denial of service or possibly execute arbitrary code resulting in a loss of integrity and/or availability.

Classification

 Location: Remote / Network Access
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Integrity, Loss of Availability
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

 Upgrade to version 1.3.37, 2.0.59, 2.2.3 or higher, as it has been reported to fix this vulnerability. Alternatively, users can disable mod_rewrite engine (by setting "RewriteEngine off") as a workaround.

Products

Apache Software Foundation

Apache

 2.2.0
2.2.1
2.2.2
1.3.28
1.3.29
1.3.30
1.3.31
1.3.32
1.3.33
1.3.34
1.3.35
1.3.36
2.0.46
2.0.47
2.0.48
2.0.49
2.0.50
2.0.51
2.0.52
2.0.53
2.0.54
2.0.55
2.0.56
2.0.57
2.0.58

References

Credit
  • Mark Dowd - Avertavertlabs.com - McAfee Avert(tm) Labs


Direct URL: http://osvdb.org/36218