THE CENZIC BLOG
Subscribe to the "Cenzic Detects an Apache Integer Overflow Vulnerability" web feed.Subscription options
Read more articles in  Cenzic SmartAttack Updates for Web Vulnerabilities
.
February 05, 2010

Cenzic Detects an Apache Integer Overflow Vulnerability

Weekly product update – Cenzic detects an Apache Integer Overflow Vulnerability

As of February 5, 2010 Cenzic now detects an Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability (BugtraqID 37966).  An attacker can exploit the Apache remote integer overflow vulnerability and execute arbitrary code.  Successful exploits will compromise affected computers.  Failed exploit attempts will result in a denial-of-service condition.  Note that this issue affects platforms on which 'sizeof(int)' is less than 'sizeof(long)'.  In particular, this occurs on some 64-bit architectures.  Versions prior to Apache 1.3.42 are vulnerable.
                  
Background on Cenzic’s SmartAttacks
Every week, Cenzic’s suite of products is updated with the latest vulnerabilities (custom, commercial, and open-source) to better detect "holes" in Web applications.  These Web application vulnerabilities include (but not limited to) cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types.

by
Erin Swanson
Eswanson@cenzic.com

.
PermalinkApache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
.Learn more about this vulnerability on Security Focus
.http://www.securityfocus.com/bid/37966/info
Topic Tags:  
by Erin Swanson | ↑top | link to this#
Syndication OptionsRSS (Rich Site Summary) Feed Atom Feed OPML (Outline Processor Language) Feed MYST-ML (MyST Markup Language) Content Feed MS-Office Smart Tag Subscription