Apache AB.C Web Benchmarking Buffer Overflow Vulnerability

Apache AB.C Web Benchmarking Buffer Overflow Vulnerability

A buffer-overflow condition has been reported in the ab.c web-benchmarking utility provided with Apache webserver.

A malicious attacker may be able to exploit this overflow condition. The vulnerability is the result of improper bounds-checking when processing command-line options to 'ab'.

Since the program is not setuid, this vulnerability does not have a local impact. However, this may be an issue if the program is called from a CGI script. An attacker may be able to supply malformed command-line parameters to the program and cause the overflow to occur.

NOTE: This vulnerability was originally discussed in BugTraq ID 5887. It is now being assigned an individual BID.