|
|
Info |
Last Modified |
| 5 months ago |
|
|
|
|
Description |
Apache Web Server contains a flaw that allows a remote attacker to execute arbitrary code. The issue is due to the mechanism that calculates the size of "chunked" encoding not properly interpreting the buffer size of data being transferred. By sending a specially crafted chunk of data, an attacker can possibly execute arbitrary code or crash the server.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Input Manipulation
Impact:
Loss of Integrity
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
OSVDB:
Web Related
|
|
Solution |
Upgrade to version 1.3.26, 2.0.39 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
|
|
Products |
|
Web Server
 |
1.2.x |
1.3.0 |
1.3.1 |
1.3.11 |
1.3.12 |
1.3.14 |
1.3.17 |
1.3.19 |
1.3.2 |
1.3.20 |
1.3.22 |
1.3.23 |
1.3.24 |
1.3.3 |
1.3.4 |
1.3.6 |
1.3.9 |
2.0.15 |
2.0.16 |
2.0.18 |
2.0.28 |
2.0.32 |
2.0.35 |
2.0.36 |
|
|
|
|
|
|
Credit |
Unknown or Incomplete
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
