HTTP: Apache HTTP Server mod_tcl Module Format String Vulnerability
This signature detects attempts to exploit a known format string vulnerability in the mod_tcl module used with the Apache HTTP server. It is due to the failure of the application in verifying string arguments that are passed to a formatting function, resulting in a memory corruption condition. A remote attacker can exploit this to inject and execute arbitrary code with the privileges of the httpd process. In a successful simple attack, the httpd process serving the attacker terminates, closing the connection as a result. This might also reset other connections served by the affected httpd process, in the case the HTTP server is configured to run in multiple-threading mode. In a successful sophisticated attack, the injected arbitrary code is executed with the privileges of the httpd process. The behavior of the target system is dependent on the malicious code.
Extended Description
Apache mod_tcl is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function. Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of webserver processes running the affected Apache module. This facilitates the remote compromise of affected computers. Apache mod_tcl version 1.0 is vulnerable to this issue.
Affected Products
Apache_software_foundation mod_tcl
Short Name
HTTP:APACHE:MOD-TCL-FS
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Apache CVE-2006-4154 Format HTTP Module Server String Vulnerability bid:20527 mod_tcl
Release Date
10/25/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Apache_software_foundation
Gentoo
CVSS Score
6.8