FTP: Apache mod_include SSL Buffer Overflow
This signature detects attempts to exploit a known vulnerability in Apache web server. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the targeted server.
Extended Description
The problem presents itself when the affected module attempts to parse mod_include-specific tag values. A failure to properly validate the lengths of user-supplied tag strings before copying them into finite buffers facilitates the overflow. A local attacker may leverage this issue to execute arbitrary code on the affected computer with the privileges of the affected Apache server.
Affected Products
Slackware linux
Short Name
FTP:EXPLOIT:MOD-INCLUDE-BOF
Severity
Minor
Recommended
False
Recommended Action
None
Category
FTP
Keywords
Apache Buffer CVE-2004-0940 Overflow SSL bid:11471 mod_include
Release Date
07/03/2013
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Apache_software_foundation
Red_hat
Suse
Ibm
Trustix
Sun
Hp
Avaya
Slackware
Openpkg
CVSS Score
6.9