|
|
Info |
Last Modified |
| 4 months ago |
|
|
|
|
Description |
A remote overflow exists in Apache HTTP Server's 'mod_rewrite' module when using LDAP scheme handling and specific rules (see technical desc). The Apache Server fails to check input boundaries resulting in an off-by-one overflow. With a specially crafted request, an attacker can cause a denial of service or possibly execute arbitrary code resulting in a loss of integrity and/or availability.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Denial of Service,
Input Manipulation
Impact:
Loss of Integrity,
Loss of Availability
Exploit:
Exploit Unavailable
Disclosure:
OSVDB Verified
|
|
Technical |
Some RewriteRules, specifically those where the remote user can influence the beginning of a rewritten URL and that do not include any of the following flags: Forbidden (F), Gone (G), or NoEscape (NE) could expose the vulnerability.
For example, this type of rule is vulnerable:
RewriteRule fred/(.*)
While this one is not :
RewriteRule fred/(.*) joe/
|
|
Solution |
Upgrade to version 1.3.37, 2.0.59, 2.2.3 or higher, as it has been reported to fix this vulnerability. Alternatively, users can disable mod_rewrite engine (by setting "RewriteEngine off") as a workaround.
|
|
Products |
|
Apache
 |
2.0.46 |
2.0.47 |
2.0.48 |
2.0.49 |
1.3.28 |
1.3.29 |
1.3.30 |
1.3.31 |
1.3.33 |
2.0.52 |
1.3.32 |
2.0.50 |
2.0.51 |
2.0.53 |
2.0.54 |
2.2.0 |
2.2.1 |
2.2.2 |
1.3.34 |
1.3.35 |
1.3.36 |
2.0.55 |
2.0.56 |
2.0.57 |
2.0.58 |
|
|
|
|
|
|
Credit |
- Mark Dowd - Avert
 avertlabs.com - McAfee Avert(tm) Labs
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
