Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Http_server | Apache | 1.3.26 (including) | 1.3.26 (including) |
| Http_server | Apache | 1.3.27 (including) | 1.3.27 (including) |
| Http_server | Apache | 1.3.28 (including) | 1.3.28 (including) |
| Http_server | Apache | 1.3.29 (including) | 1.3.29 (including) |
| Http_server | Apache | 1.3.31 (including) | 1.3.31 (including) |
| Virtualvault | Hp | 11.0.4 (including) | 11.0.4 (including) |
| Webproxy | Hp | 2.0 (including) | 2.0 (including) |
| Webproxy | Hp | 2.1 (including) | 2.1 (including) |
| Http_server | Ibm | 1.3.26 (including) | 1.3.26 (including) |
| Http_server | Ibm | 1.3.26.1 (including) | 1.3.26.1 (including) |
| Http_server | Ibm | 1.3.26.2 (including) | 1.3.26.2 (including) |
| Http_server | Ibm | 1.3.28 (including) | 1.3.28 (including) |
| Propack | Sgi | 2.4 (including) | 2.4 (including) |
| Red Hat Enterprise Linux AS (Advanced Server) version 2.1 | RedHat | * | |
| Red Hat Enterprise Linux ES version 2.1 | RedHat | * | |
| Red Hat Enterprise Linux WS version 2.1 | RedHat | * | |
| Red Hat Linux Advanced Workstation 2.1 | RedHat | * | |
| Apache | Ubuntu | dapper | * |
| Apache | Ubuntu | edgy | * |
| Apache | Ubuntu | feisty | * |