HTTP: Apache auth_ldap Username Format String
This signature detects attempts to exploit a known vulnerability against Apache. Attackers can cause a denial-of-service attack or execute arbitrary code.
Extended Description
The Apache Software Foundation has released version 2.0.46, which addresses a vulnerability in the web server. This is due to a potential memory management issue in the apr_psprintf() Apache Portable Runtime (APR) library. Exploitation could occur through mod_dav or other components. It has also been conjectured that exploitation could allow for execution of arbitrary code. Further details regarding this issue are pending from the vendor.
Affected Products
Apache_software_foundation apache
Short Name
HTTP:APACHE:LDAPFS
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Apache CVE-2003-0245 CVE-2005-3656 CVE-2006-0150 Format String Username auth_ldap bid:16153 bid:7723
Release Date
04/27/2009
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3729
False Positive
Unknown
Vendors
Red_hat
Apache_software_foundation
Hp
CVSS Score
7.5
10.0
5.0