This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
HTTP:MISC:NEG-CTN-LENGTH
|
Severity |
Major
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
HTTP
|
Keywords |
Negative Content-Length Overflow
|
Release Date |
2005/01/25
|
Update Number |
1213
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
HTTP: Negative Content-Length Overflow
This signature detects a negative Content-Length value. Apache Web servers 1.3.26 through 1.3.32 shipped with mod_proxy, which contains a buffer overflow vulnerability. Attackers can exploit this vulnerability by sending a negative Content-Length value to the server, enabling them to run malicious code or crash the server.
Extended Description
A remote buffer overflow vulnerability exists in Apache mod_proxy.
The source of this issue is that a negative user-specified length value may be used in a memory copy operation, allowing for corruption of memory. This may triggered if a remote server returns a negative Content-Length: HTTP header field to be passed through the proxy.
Exploitation will likely result in a denial of service, though there is an unconfirmed potential for execution of arbitrary code on some platforms (such as BSD implementations). Versions that have the optional AP_ENABLE_EXCEPTION_HOOK define enabled may also be exploitable on some platforms.
This issue affects Apache servers 1.3.26 through 1.3.32 that have mod_proxy enabled and configured. Apache 2.0.x releases are not affected by this issue.
Affected Products
- Apache_software_foundation apache 1.3.0
- Apache_software_foundation apache 1.3.1
- Apache_software_foundation apache 1.3.11
- Apache_software_foundation apache 1.3.12
- Apache_software_foundation apache 1.3.14
- Apache_software_foundation apache 1.3.17
- Apache_software_foundation apache 1.3.18
- Apache_software_foundation apache 1.3.19
- Apache_software_foundation apache 1.3.20
- Apache_software_foundation apache 1.3.22
- Apache_software_foundation apache 1.3.23
- Apache_software_foundation apache 1.3.24
- Apache_software_foundation apache 1.3.25
- Apache_software_foundation apache 1.3.26
- Apache_software_foundation apache 1.3.27
- Apache_software_foundation apache 1.3.28
- Apache_software_foundation apache 1.3.29
- Apache_software_foundation apache 1.3.3
- Apache_software_foundation apache 1.3.31
- Apache_software_foundation apache 1.3.32
- Apache_software_foundation apache 1.3.4
- Apache_software_foundation apache 1.3.6
- Apache_software_foundation apache 1.3.7 -Dev
- Apache_software_foundation apache 1.3.9
- Hp hp-ux 11.0.0
- Hp hp-ux 11.11.0
- Hp hp-ux 11.20.0
- Hp hp-ux 11.22.0
- Hp hp-ux B.11.00
- Hp hp-ux B.11.11
- Hp hp-ux B.11.22
- Hp hp-ux_(vvos) 11.0.0 4
- Hp openvms_secure_web_server 1.1
- Hp openvms_secure_web_server 1.1.0 -1
- Hp openvms_secure_web_server 1.2.0
- Hp openvms_secure_web_server 2.1-1
- Hp virtualvault 11.0.4
- Hp virtualvault A.04.50
- Hp virtualvault A.04.60
- Hp virtualvault A.04.70
- Hp webproxy 2.0.0
- Hp webproxy 2.1.0
- Hp webproxy A.02.00
- Hp webproxy A.02.10
- Ibm http_server 1.3.26
- Ibm http_server 1.3.26 .1
- Ibm http_server 1.3.26 .2
- Ibm http_server 1.3.28
- Openbsd openbsd 3.4
- Openbsd openbsd 3.5
- Openbsd openbsd -Current
- Red_hat advanced_workstation_for_the_itanium_processor 2.1.0
- Red_hat advanced_workstation_for_the_itanium_processor 2.1.0 IA64
- Red_hat enterprise_linux_as 2.1
- Red_hat enterprise_linux_as 2.1 IA64
- Red_hat enterprise_linux_es 2.1
- Red_hat enterprise_linux_es 2.1 IA64
- Red_hat enterprise_linux_ws 2.1
- Red_hat enterprise_linux_ws 2.1 IA64
- Red_hat linux 7.3.0
- Sgi propack 2.4.0
- Slackware linux 10.0.0
- Slackware linux 8.1.0
- Slackware linux 9.0.0
- Slackware linux 9.1.0
- Sun solaris 8 Sparc
- Sun solaris 8 X86
- Sun solaris 9 Sparc
- Sun solaris 9 X86
- Trustix secure_linux 1.5.0
References