Apache HTTP Server mod_Proxy Remote Negative Content-Length Buffer Overflow
Gravedad: Crítico
Identificadores de CVE : CVE-2004-0492
Fecha recomendada: 21 de julio de 2015
Descripción
Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
Revelación de la información
Apply associated Trend Micro DPI Rules.
Soluciones
Trend Micro Deep Security DPI Rule Number: 1004740
Trend Micro Deep Security DPI Rule Name: 1004740 - Apache HTTP Server Mod_Proxy Remote Negative Content-Length Buffer Overflow
Software y versión afectados
- Apache Software Foundation Apache 1.3.26
- Apache Software Foundation Apache 1.3.27
- Apache Software Foundation Apache 1.3.28
- Apache Software Foundation Apache 1.3.29
- Apache Software Foundation Apache 1.3.31
- HP HP-UX (VVOS) 11.0 4
- HP VirtualVault 11.0.4
- HP Webproxy 2.0
- HP Webproxy 2.1
- IBM HTTP Server 1.3.26
- IBM HTTP Server 1.3.26 .1
- IBM HTTP Server 1.3.26 .2
- IBM HTTP Server 1.3.28
- IBM IBM HTTP Server 1.3.26
- IBM IBM HTTP Server 1.3.26 .1
- IBM IBM HTTP Server 1.3.26 .2
- IBM IBM HTTP Server 1.3.28
- OpenBSD OpenBSD
- OpenBSD OpenBSD 3.4
- OpenBSD OpenBSD 3.5
- SGI ProPack 2.4