Overview
Apache Web Server contains a buffer overflow vulnerability in the mod_proxy module that may allow a remote attacker to execute arbitrary code or launch a denial of service (DoS) attack.
Description
The Apache Server is an open-source web server offered by The Apache Software Foundation. The Apache Server uses the mod_proxy module to implement proxying for various common protocols such as FTP and HTTP. In versions of Apache prior to and including 1.3.31-r2, the mod_proxy module contains a buffer overflow vulnerability located in the file proxy_util.c. To exploit this vulnerability an attacker must persuade an Apache server with mod_proxy enabled to connect to a malicious server configured to return an invalid content-length header. |
Impact
A remote attacker may be able to execute arbitrary code with the privileges of an Apache child process. Exploitation of this vulnerability may completely disable the Apache server resulting in a denial-of-service condition. |
Solution
Upgrade Apache |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
This vulnerability was reported by Georgi Guninski.
This document was written by Jeff Gennari.
Other Information
| CVE IDs: | CVE-2004-0492 |
| Severity Metric: | 4.02 |
| Date Public: | 2004-06-10 |
| Date First Published: | 2004-10-19 |
| Date Last Updated: | 2004-10-19 17:55 UTC |
| Document Revision: | 108 |