Apache HTTP Server mod_Proxy Remote Negative Content-Length Buffer Overflow
2015年7月21日
危険度: : 緊急
CVE識別番号: CVE-2004-0492
概要
Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
トレンドマイクロの対策
Apply associated Trend Micro DPI Rules.
対応方法
Trend Micro Deep Security DPI Rule Number: 1004740
Trend Micro Deep Security DPI Rule Name: 1004740 - Apache HTTP Server Mod_Proxy Remote Negative Content-Length Buffer Overflow
影響を受けるソフトウェア
- Apache Software Foundation Apache 1.3.26
- Apache Software Foundation Apache 1.3.27
- Apache Software Foundation Apache 1.3.28
- Apache Software Foundation Apache 1.3.29
- Apache Software Foundation Apache 1.3.31
- HP HP-UX (VVOS) 11.0 4
- HP VirtualVault 11.0.4
- HP Webproxy 2.0
- HP Webproxy 2.1
- IBM HTTP Server 1.3.26
- IBM HTTP Server 1.3.26 .1
- IBM HTTP Server 1.3.26 .2
- IBM HTTP Server 1.3.28
- IBM IBM HTTP Server 1.3.26
- IBM IBM HTTP Server 1.3.26 .1
- IBM IBM HTTP Server 1.3.26 .2
- IBM IBM HTTP Server 1.3.28
- OpenBSD OpenBSD
- OpenBSD OpenBSD 3.4
- OpenBSD OpenBSD 3.5
- SGI ProPack 2.4