|
|
Info |
Last Modified |
| 7 months ago |
|
|
|
|
Description |
A local overflow exists in Apache. The mod_alias module fails to handle regular expressions containing more than 9 captures (stored strings matching a particular pattern) resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code or cause a denial of service resulting in a loss of integrity and/or confidentiality.
|
|
Classification |
Location:
Local Access Required
Attack Type:
Denial of Service,
Input Manipulation
Impact:
Loss of Integrity,
Loss of Availability
Exploit:
Exploit Unknown
Disclosure:
OSVDB Verified
|
|
Solution |
Upgrade to version 1.3.29 or higher or 2.048 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
|
|
Products |
|
HTTP Server
 |
1.2x |
1.3.0 |
1.3.1 |
1.3.10 |
1.3.11 |
1.3.12 |
1.3.14 |
1.3.17 |
1.3.19 |
1.3.2 |
1.3.20 |
1.3.21 |
1.3.22 |
1.3.23 |
1.3.24 |
1.3.25 |
1.3.26 |
1.3.27 |
1.3.28 |
1.3.3 |
1.3.4 |
1.3.6 |
1.3.9 |
1.3ax |
1.3bx |
2.0.1x |
2.0.2x |
2.0.3x |
2.0.40 |
2.0.41 |
2.0.42 |
2.0.43 |
2.0.44 |
2.0.45 |
2.0.46 |
2.0.47 |
2.0ax |
|
|
|
|
|
|
Credit |
- André Malo -
- Jeff Trawick -
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
