Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Http_server | Apache | 1.3.26 (including) | 1.3.26 (including) |
Http_server | Apache | 1.3.27 (including) | 1.3.27 (including) |
Http_server | Apache | 1.3.28 (including) | 1.3.28 (including) |
Http_server | Apache | 1.3.29 (including) | 1.3.29 (including) |
Http_server | Apache | 1.3.31 (including) | 1.3.31 (including) |
Virtualvault | Hp | 11.0.4 (including) | 11.0.4 (including) |
Webproxy | Hp | 2.0 (including) | 2.0 (including) |
Webproxy | Hp | 2.1 (including) | 2.1 (including) |
Http_server | Ibm | 1.3.26 (including) | 1.3.26 (including) |
Http_server | Ibm | 1.3.26.1 (including) | 1.3.26.1 (including) |
Http_server | Ibm | 1.3.26.2 (including) | 1.3.26.2 (including) |
Http_server | Ibm | 1.3.28 (including) | 1.3.28 (including) |
Propack | Sgi | 2.4 (including) | 2.4 (including) |
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 | RedHat | * | |
Red Hat Enterprise Linux ES version 2.1 | RedHat | * | |
Red Hat Enterprise Linux WS version 2.1 | RedHat | * | |
Red Hat Linux Advanced Workstation 2.1 | RedHat | * | |
Apache | Ubuntu | dapper | * |
Apache | Ubuntu | edgy | * |
Apache | Ubuntu | feisty | * |