Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:APACHE:MOD_PROXY-CHUNKED

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 mod_proxy chunked 37966

Release Date

 2010/02/01

Update Number

 1597

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+

HTTP: Apache mod_proxy Chunked Encoding Integer Overflow


This signature detects attempts to exploit a known vulnerability in Apache mod_proxy. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Extended Description

Apache is prone to a remote integer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code. Successful exploits will compromise affected computers. Failed exploit attempts will result in a denial-of-service condition. Note that this issue affects platforms on which 'sizeof(int)' is less than 'sizeof(long)'. In particular, this occurs on some 64-bit architectures. Versions prior to Apache 1.3.42 are vulnerable.

Affected Products

  • Apache Software Foundation Apache 1.3.0
  • Apache Software Foundation Apache 1.3.1
  • Apache Software Foundation Apache 1.3.11
  • Apache Software Foundation Apache 1.3.12
  • Apache Software Foundation Apache 1.3.13
  • Apache Software Foundation Apache 1.3.14
  • Apache Software Foundation Apache 1.3.14 Mac
  • Apache Software Foundation Apache 1.3.15
  • Apache Software Foundation Apache 1.3.16
  • Apache Software Foundation Apache 1.3.17
  • Apache Software Foundation Apache 1.3.18
  • Apache Software Foundation Apache 1.3.19
  • Apache Software Foundation Apache 1.3.20
  • Apache Software Foundation Apache 1.3.22
  • Apache Software Foundation Apache 1.3.23
  • Apache Software Foundation Apache 1.3.24
  • Apache Software Foundation Apache 1.3.25
  • Apache Software Foundation Apache 1.3.26
  • Apache Software Foundation Apache 1.3.27
  • Apache Software Foundation Apache 1.3.28
  • Apache Software Foundation Apache 1.3.29
  • Apache Software Foundation Apache 1.3.3
  • Apache Software Foundation Apache 1.3.31
  • Apache Software Foundation Apache 1.3.32
  • Apache Software Foundation Apache 1.3.33
  • Apache Software Foundation Apache 1.3.34
  • Apache Software Foundation Apache 1.3.35
  • Apache Software Foundation Apache 1.3.35 -Dev
  • Apache Software Foundation Apache 1.3.36
  • Apache Software Foundation Apache 1.3.37
  • Apache Software Foundation Apache 1.3.39
  • Apache Software Foundation Apache 1.3.4
  • Apache Software Foundation Apache 1.3.40-Dev
  • Apache Software Foundation Apache 1.3.41
  • Apache Software Foundation Apache 1.3.6
  • Apache Software Foundation Apache 1.3.7 -Dev
  • Apache Software Foundation Apache 1.3.9
  • HP OpenVMS Secure Web Server 1.1
  • HP OpenVMS Secure Web Server 1.1.0 -1
  • HP OpenVMS Secure Web Server 1.2.0
  • HP OpenVMS Secure Web Server 2.1-1
  • SuSE openSUSE 11.2

References

  • BugTraq: 37966
  • CVE: CVE-2010-0010

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy & Policy
Legal Notices
Copyright© 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out