Reported
June 17, 2002, by CERT.
VERSIONS AFFECTED
Apache
2, all versions up to 2.0.36
Apache
1.3, all versions including 1.3.24
Apache
1.2, all versions 1.2.2 and later
DESCRIPTION
A vulnerability exists in Apache Web servers that can lead
to arbitrary code execution on the vulnerable system. This vulnerability stems
from a flaw in the handling of certain chunk-encoded HTTP
requests that lets a remote attacker execute arbitrary code or cause a Denial of
Service (DoS) attack.
VENDOR RESPONSE
The vendor, Apache,
has released a detailed
advisory about this vulnerability and recommends that affected users either
apply a patch supplied by an OEM or upgrade immediately to a newer version of
Apache software available from Apache's Web
site.
CREDIT
Discovered by Mark
Litchfield of Next Generation Security
Software.
Apache Web Server Chunk Handling Vulnerability
0 comments
Hide comments