SecurityTeam US Contribute  :  Advanced Search  :  Web Resources  :  Polls  :  File Repository  
 
advanced search  
Poll
What would you like to see on SecurityTeamUS?
More News
Product Reviews
HowTo's
Custom RPM/Packages/Tools
Other (Please leave comment)
Results
96 votes | 0 comments
Topics
Home
Apache
Apple
Application Software
Cisco Systems
Database Servers
Internet Explorer
Linux
Macromedia
Microsoft
Mozilla/Firefox
Phishing/ID Theft
Real Networks
Security News
Sun Microsystems
Web Appliances/Devices
Web Scripts
Wi-Fi
Virus Alerts
Events
There are no upcoming events
 Welcome to SecurityTeam US
 Monday, February 06 2012 @ 12:00 PM EST

Apache "mod_include" Privilege Escalation Vulnerability

    
Friday, October 22 2004 @ 07:48 AM EDT

ApacheCrazy Einstein has discovered a vulnerability in Apache, which can be exploited by malicious, local users to gain escalated privileges.

The vulnerability is caused due to a boundary error in the "get_tag()" function of the "mod_include" module. This can be exploited to cause a buffer overflow when a specially crafted document with malformed server-side includes is requested through a HTTP session.

Successful exploitation can lead to execution of arbitrary code with escalated privileges, but requires that server-side includes (SSI) is enabled.

The vulnerability has been confirmed on version 1.3.31. Other versions may also be affected.

SOFTWARE:
Apache 1.3.x

SOLUTION:
Disable server-side includes (SSI).

PROVIDED AND/OR DISCOVERED BY:
Crazy Einstein

 
What's Related

Story Options

Apache "mod_include" Privilege Escalation Vulnerability | 0 comments | Create New Account
The following comments are owned by whomever posted them. This site is not responsible for what they say.
 Copyright © 2012 SecurityTeam US
 All trademarks and copyrights on this page are owned by their respective owners.		   Get Firefox!
Dedicated Servers
Created this page in 0.15 seconds