Apache Web Server Multiple Module Local Buffer Overflow Vulnerability

A vulnerability has been reported in Apache that may allow a local attacker to execute arbitrary code on vulnerable host. The issue is reported to exist due to a lack of bounds checking by the software, leading to a buffer overflow condition. The problem is reported to exist in the mod_alias and mod_rewrite modules when a regular expression is configured with more the 9 captures using parenthesis.

This issue may allow an attacker to gain unauthorized access to a vulnerable host. Successful exploitation of this issue may allow an attacker to execute arbitrary code in the context of the web server in order to gain unauthorized access to a vulnerable system.


 

Privacy Statement
Copyright 2010, SecurityFocus