HTTP: Chunk Overflow
This protocol anomaly triggers when an invalid data chunk length in an HTTP request that uses chunked encoding is detected. The chunked encoding transfer method sends data length requests followed by data chunks that match the negotiated data lengths. Attackers can cause a stack overflow and execute arbitrary code on the server.
Extended Description
When processing requests coded with the 'Chunked Encoding' mechanism, Apache fails to properly calculate required buffer sizes. This is believed to be due to improper (signed) interpretation of an unsigned integer value. Consequently, several conditions that have security implications may occur. Reportedly, a buffer overrun and signal race condition occur. Exploiting these conditions may allow arbitrary code to run. **Update**: Reportedly, at least one worm is exploiting this vulnerability to propagate in the wild. The worm targets FreeBSD 4.5 systems running Apache 1.3.22-24 and 1.3.20. Other versions may also be affected.
Affected Products
Oracle oracle_http_server
Short Name
HTTP:OVERFLOW:CHUNK-OVERFLOW
Severity
Major
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CA-2002-17 CVE-2002-0079 CVE-2002-0392 CVE-2005-2922 bid:17202 bid:37966 bid:5033 sans top20
Release Date
08/27/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3785
False Positive
Rarely
Vendors
Apache_software_foundation
Red_hat
Ibm
Hp
Macromedia
Oracle
CVSS Score
7.5