HTTP: Apache APR_PSPrintf Memory Corruption
This signature detects attempts to exploit a known vulnerability against the Apache HTTP service. Attackers can send overly long header lines to an Apache HTTP server attempting to create a denial of service (DoS) and possibly execute arbitrary code through long strings.
Extended Description
The Apache Software Foundation has released version 2.0.46, which addresses a vulnerability in the web server. This is due to a potential memory management issue in the apr_psprintf() Apache Portable Runtime (APR) library. Exploitation could occur through mod_dav or other components. It has also been conjectured that exploitation could allow for execution of arbitrary code. Further details regarding this issue are pending from the vendor.
Affected Products
Apache_software_foundation apache
Short Name
HTTP:APACHE:APR-PSPRINTF-MC
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
APR_PSPrintf Apache CVE-2003-0245 Corruption Memory bid:7723
Release Date
03/03/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Red_hat
Apache_software_foundation
Hp
CVSS Score
5.0