Remote Apache Vulnerability Announced

By N-Stalker Team on June 17, 2002

A remote vulnerability has been discovered in the Apache HTTP server, versions up to 1.3.24 and 2.0 through 2.0.36 for both Windows and *nix. The hole is in routines which deal with invalid requests encoded using chunked encoding, which is enabled by default. A maliciously crafted request could lead to denial of service or possibly a remote exploit. Apache’s official advisory has more information, and keep an eye on their source distribution page for a patch.

This entry was posted in Previous Security Advisories. Bookmark the permalink.