Apache Mod_include Priviledge Escalation Network Vulnerability

Summary

The remote web server appears to be running a version of Apache that is older than version 1.3.33. This version is vulnerable to a local buffer overflow in the get_tag() function of the module 'mod_include' when a specially crafted document with malformed server-side includes is requested though an HTTP session. Successful exploitation can lead to execution of arbitrary code with escalated privileges, but requires that server-side includes (SSI) is enabled.

Solution

Disable SSI or upgrade to a newer version when available.

Severity

Classification

CVE CVE-2004-0940

CVSS	Base Score: 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

IBM WebSphere Application Server (WAS) Security Bypass Vulnerability
CUPS Information Disclosure Vulnerability
IBM WebSphere Application Server IVT Cross Site Scripting Vulnerability
Apache Directory Listing
Acritum Femitter Server URI Directory Traversal Vulnerability

Apache mod_include priviledge escalation

Take action and discover your vulnerabilities