Apache HTTP Server mod_Proxy Remote Negative Content-Length Buffer Overflow
Gravità: : Critico
Identificatori CVE: CVE-2004-0492
Data notifica: 21 luglio 2015
Descrizione
Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
Informazioni esposizione:
Apply associated Trend Micro DPI Rules.
Soluzioni
Trend Micro Deep Security DPI Rule Number: 1004740
Trend Micro Deep Security DPI Rule Name: 1004740 - Apache HTTP Server Mod_Proxy Remote Negative Content-Length Buffer Overflow
Software e versione interessati:
- Apache Software Foundation Apache 1.3.26
- Apache Software Foundation Apache 1.3.27
- Apache Software Foundation Apache 1.3.28
- Apache Software Foundation Apache 1.3.29
- Apache Software Foundation Apache 1.3.31
- HP HP-UX (VVOS) 11.0 4
- HP VirtualVault 11.0.4
- HP Webproxy 2.0
- HP Webproxy 2.1
- IBM HTTP Server 1.3.26
- IBM HTTP Server 1.3.26 .1
- IBM HTTP Server 1.3.26 .2
- IBM HTTP Server 1.3.28
- IBM IBM HTTP Server 1.3.26
- IBM IBM HTTP Server 1.3.26 .1
- IBM IBM HTTP Server 1.3.26 .2
- IBM IBM HTTP Server 1.3.28
- OpenBSD OpenBSD
- OpenBSD OpenBSD 3.4
- OpenBSD OpenBSD 3.5
- SGI ProPack 2.4