Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability Network Vulnerability

Summary

According to its version number, the remote version of Apache Web Server is prone to a local buffer-overflow vulnerability that affects a configuration file environment variable. This occurs because the application fails to validate user-supplied string lengths before copying them into finite process buffers. An attacker may leverage this issue to execute arbitrary code on the affected computer with the privileges of the Apache webserver process.

Solution

The vendor has released an upgrade. Please see http://www.apache.org/dist/httpd/Announcement2.html for more information.

References

http://www.securityfocus.com/bid/11182

Updated on 2015-03-25

Severity

Classification

CVE CVE-2004-0747

CVSS	Base Score: 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache ActiveMQ 'Cron Jobs' Cross Site Scripting Vulnerability
Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
Apache ActiveMQ Multiple Vulnerabilities
Apache ActiveMQ Source Code Information Disclosure Vulnerability
Apache Tomcat source.jsp malformed request information disclosure

Take action and discover your vulnerabilities