Skip to main content

Apache mod_proxy "ap_proxy_send_fb()" Integer Overflow Vulnerability

Last Update Date: 28 Jan 2011 Release Date: 29 Jan 2010 5548 Views

RISK: Medium Risk

A vulnerability has been identified in Apache, which could be exploited by remote attackers to cause a denial of service or compromise a vulnerable web server. This issue is caused by an integer overflow error in the "ap_proxy_send_fb()" [modules/proxy/proxy_util.c] function within the "mod_proxy" module when processing malformed responses, which could be exploited by remote attackers to crash an affected server or execute arbitrary code.

Note: This vulnerability only affects 64-bit systems.


Impact

  • Denial of Service
  • Remote Code Execution

System / Technologies affected

  • Apache version 1.3.41 and prior

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Upgrade to Apache version 1.3.42 :
http://httpd.apache.org/


Vulnerability Identifier


Source


Related Link