This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
FTP:EXPLOIT:MOD-INCLUDE-BOF
|
Severity |
Minor
|
Recommended |
No
|
Category |
FTP
|
Keywords |
Apache mod_include SSL Buffer Overflow
|
Release Date |
2013/07/03
|
Update Number |
2278
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
FTP: Apache mod_include SSL Buffer Overflow
This signature detects attempts to exploit a known vulnerability in Apache web server. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the targeted server.
Extended Description
The problem presents itself when the affected module attempts to parse mod_include-specific tag values. A failure to properly validate the lengths of user-supplied tag strings before copying them into finite buffers facilitates the overflow.
A local attacker may leverage this issue to execute arbitrary code on the affected computer with the privileges of the affected Apache server.
Affected Products
- Apache_software_foundation apache 1.3.0
- Apache_software_foundation apache 1.3.1
- Apache_software_foundation apache 1.3.11
- Apache_software_foundation apache 1.3.12
- Apache_software_foundation apache 1.3.14
- Apache_software_foundation apache 1.3.17
- Apache_software_foundation apache 1.3.18
- Apache_software_foundation apache 1.3.19
- Apache_software_foundation apache 1.3.20
- Apache_software_foundation apache 1.3.22
- Apache_software_foundation apache 1.3.23
- Apache_software_foundation apache 1.3.24
- Apache_software_foundation apache 1.3.25
- Apache_software_foundation apache 1.3.26
- Apache_software_foundation apache 1.3.27
- Apache_software_foundation apache 1.3.28
- Apache_software_foundation apache 1.3.29
- Apache_software_foundation apache 1.3.3
- Apache_software_foundation apache 1.3.31
- Apache_software_foundation apache 1.3.32
- Apache_software_foundation apache 1.3.4
- Apache_software_foundation apache 1.3.6
- Apache_software_foundation apache 1.3.7 -Dev
- Apache_software_foundation apache 1.3.9
- Avaya communication_manager 1.1.0
- Avaya communication_manager 1.3.1
- Avaya communication_manager 2.0.0
- Avaya communication_manager 2.0.1
- Avaya intuity LX
- Avaya mn100
- Avaya modular_messaging_(mss) 1.1.0
- Avaya modular_messaging_(mss) 2.0.0
- Avaya network_routing
- Hp hp-ux 11.0.0
- Hp hp-ux 11.11.0
- Hp hp-ux 11.20.0
- Hp hp-ux 11.22.0
- Hp hp-ux B.11.00
- Hp hp-ux B.11.11
- Hp hp-ux B.11.22
- Hp virtualvault A.04.50
- Hp virtualvault A.04.60
- Hp virtualvault A.04.70
- Hp webproxy A.02.00
- Hp webproxy A.02.10
- Ibm hardware_management_console_(hmc)_for_iseries 3.3.2
- Ibm hardware_management_console_(hmc)_for_iseries 4.0.0 R2.0
- Ibm hardware_management_console_(hmc)_for_pseries 3.3.2
- Ibm hardware_management_console_(hmc)_for_pseries 4.0.0 R2.0
- Ibm http_server 1.3.12
- Ibm http_server 1.3.12 .1
- Ibm http_server 1.3.12 .2
- Ibm http_server 1.3.12 .3
- Ibm http_server 1.3.12 .4
- Ibm http_server 1.3.12 .5
- Ibm http_server 1.3.12 .6
- Ibm http_server 1.3.12 .7
- Ibm http_server 1.3.19
- Ibm http_server 1.3.19 .1
- Ibm http_server 1.3.19 .2
- Ibm http_server 1.3.19 .3
- Ibm http_server 1.3.19 .4
- Ibm http_server 1.3.19 .5
- Ibm http_server 1.3.26
- Ibm http_server 1.3.26 .1
- Ibm http_server 1.3.26 .2
- Ibm http_server 1.3.28
- Ibm http_server 1.3.28 .1
- Ibm http_server 1.3.3 Win32
- Ibm http_server 1.3.6 .2 Unix
- Ibm http_server 1.3.6 .2 Win32
- Ibm http_server 1.3.6 .3
- Ibm http_server 1.3.6 .4 Win32
- Ibm http_server 1.3.6 Win32
- Openpkg openpkg 2.0.0
- Openpkg openpkg 2.1.0
- Openpkg openpkg 2.2.0
- Openpkg openpkg Current
- Red_hat stronghold 4.0.0
- Slackware linux 10.0.0
- Slackware linux 8.0.0
- Slackware linux 8.1.0
- Slackware linux 9.0.0
- Slackware linux 9.1.0
- Slackware linux -Current
- Sun solaris 8 Sparc
- Sun solaris 8 X86
- Sun solaris 9 Sparc
- Sun solaris 9 X86
- Suse linux 8.0.0
- Suse linux 8.1.0
- Suse linux_personal 8.2.0
- Suse linux_personal 9.0.0
- Suse linux_personal 9.0.0 X86 64
- Suse linux_personal 9.1.0
- Suse linux_personal 9.2.0
- Trustix secure_linux 1.5.0
References