OSVDB ID: 838

Title: Apache HTTP Server Chunked Encoding Remote Overflow

Info

Disclosure
Jun 19, 2002

Discovery
Unknown

Dates

Exploit
Unknown

Solution
Unknown

Description

 Apache Web Server contains a flaw that allows a remote attacker to execute arbitrary code. The issue is due to the mechanism that calculates the size of "chunked" encoding not properly interpreting the buffer size of data being transferred. By sending a specially crafted chunk of data, an attacker can possibly execute arbitrary code or crash the server.

Classification

 Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Public, Exploit Commercial
Disclosure: OSVDB Verified, Vendor Verified
OSVDB: Web Related

Solution

 Upgrade to version 1.3.26, 2.0.39 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Apache Software Foundation

Web Server

 1.2.x
1.3.0
1.3.1
1.3.11
1.3.12
1.3.14
1.3.17
1.3.19
1.3.2
1.3.20
1.3.22
1.3.23
1.3.24
1.3.3
1.3.4
1.3.6
1.3.9
2.0.15
2.0.16
2.0.18
2.0.28
2.0.32
2.0.35
2.0.36

References

Credit

Unknown or Incomplete


Direct URL: http://osvdb.org/838