Signature Detail

HTTP: Vulnerable Apache Version ( 1.3.26 through 1.3.31)

This signature detects Apache server versions 1.3.26 through 1.3.31. These versions contain a remote buffer overflow vulnerability. Attackers can exploit this vulnerability to crash the server process, enabling them to execute arbitrary code or cause a denial of service.

Extended Description

A remote buffer overflow vulnerability exists in Apache mod_proxy. The source of this issue is that a negative user-specified length value may be used in a memory copy operation, allowing for corruption of memory. This may triggered if a remote server returns a negative Content-Length: HTTP header field to be passed through the proxy. Exploitation will likely result in a denial of service, though there is an unconfirmed potential for execution of arbitrary code on some platforms (such as BSD implementations). Versions that have the optional AP_ENABLE_EXCEPTION_HOOK define enabled may also be exploitable on some platforms. This issue affects Apache servers 1.3.26 through 1.3.32 that have mod_proxy enabled and configured. Apache 2.0.x releases are not affected by this issue.

Affected Products

• Apache Software Foundation Apache 1.3.0
• Apache Software Foundation Apache 1.3.1
• Apache Software Foundation Apache 1.3.11
• Apache Software Foundation Apache 1.3.12
• Apache Software Foundation Apache 1.3.14
• Apache Software Foundation Apache 1.3.17
• Apache Software Foundation Apache 1.3.18
• Apache Software Foundation Apache 1.3.19
• Apache Software Foundation Apache 1.3.20
• Apache Software Foundation Apache 1.3.22
• Apache Software Foundation Apache 1.3.23
• Apache Software Foundation Apache 1.3.24
• Apache Software Foundation Apache 1.3.25
• Apache Software Foundation Apache 1.3.26
• Apache Software Foundation Apache 1.3.27
• Apache Software Foundation Apache 1.3.28
• Apache Software Foundation Apache 1.3.29
• Apache Software Foundation Apache 1.3.3
• Apache Software Foundation Apache 1.3.31
• Apache Software Foundation Apache 1.3.32
• Apache Software Foundation Apache 1.3.4
• Apache Software Foundation Apache 1.3.6
• Apache Software Foundation Apache 1.3.7 -Dev
• Apache Software Foundation Apache 1.3.9
• HP HP-UX 11.0.0
• HP HP-UX 11.11.0
• HP HP-UX 11.20.0
• HP HP-UX 11.22.0
• HP HP-UX B.11.00
• HP HP-UX B.11.11
• HP HP-UX B.11.22
• HP HP-UX (VVOS) 11.0.0 4
• HP OpenVMS Secure Web Server 1.1
• HP OpenVMS Secure Web Server 1.1.0 -1
• HP OpenVMS Secure Web Server 1.2.0
• HP OpenVMS Secure Web Server 2.1-1
• HP VirtualVault 11.0.4
• HP VirtualVault A.04.50
• HP VirtualVault A.04.60
• HP VirtualVault A.04.70
• HP Webproxy 2.0.0
• HP Webproxy 2.1.0
• HP Webproxy A.02.00
• HP Webproxy A.02.10
• IBM HTTP Server 1.3.26
• IBM HTTP Server 1.3.26 .1
• IBM HTTP Server 1.3.26 .2
• IBM HTTP Server 1.3.28
• OpenBSD 3.4
• OpenBSD 3.5
• OpenBSD -Current
• Red Hat Advanced Workstation for the Itanium Processor 2.1.0
• Red Hat Advanced Workstation for the Itanium Processor 2.1.0 IA64
• Red Hat Enterprise Linux AS 2.1
• Red Hat Enterprise Linux AS 2.1 IA64
• Red Hat Enterprise Linux ES 2.1
• Red Hat Enterprise Linux ES 2.1 IA64
• Red Hat Enterprise Linux WS 2.1
• Red Hat Enterprise Linux WS 2.1 IA64
• Red Hat Linux 7.3.0
• SGI ProPack 2.4.0
• Slackware Linux 10.0.0
• Slackware Linux 8.1.0
• Slackware Linux 9.0.0
• Slackware Linux 9.1.0
• Sun Solaris 8 Sparc
• Sun Solaris 8 X86
• Sun Solaris 9 Sparc
• Sun Solaris 9 X86
• Trustix Secure Linux 1.5.0

References

• BugTraq: 10508
• CVE: CVE-2004-0492
• URL: http://www.debian.org/security/2004/dsa-525
• URL: http://www.guninski.com/modproxy1.html