This Metasploit module exploits the chunked transfer integer wrap vulnerability in Apache version 1.2.x to 1.3.24. This particular module has been tested with all versions of the official Win32 build between 1.3.9 and 1.3.24. Additionally, it should work against most co-branded and bundled versions of Apache (Oracle 8i, 9i, IBM HTTPD, etc). You will need to use the Check() functionality to determine the exact target version prior to launching the exploit. The version of Apache bundled with Oracle 8.1.7 will not automatically restart, so if you use the wrong target value, the server will crash.
02caca0c3ef84c379c6053e31707b4b6389939755466b8435f5f2edee463d9f2Apache Advisory - A vulnerability found in the chucked encoding implementation of the Apache 1.3.24 and 2.0.36 and below servers can under some conditions be used to remotely execute code on systems running this software.
3576dbeaf81b78b50b61214cbe4d286dbbfd04b6af6a433d492bc3bd471c2dfcISS reported a vulnerability found in the chucked encoding implementation of the Apache 1.3.24 and 2.0.36 and below servers that under some conditions can be used to remotely execute code on systems running this software. Note that the by ISS supplied patch, which is included in this advisory, does not fix this vulnerability.
eda6ad9d37711b41b271339dd3102eebcf86b868e4acbe53efdd0b47ba875df1Apache is the most popular webserver on the Internet, quite possibly the best in terms of security, functionality, efficiency, and speed. Changelog available here.
5f2d4a7c51fa8824cf1f95fbecbc07656d4da08eb4757f885239745a762ccc70
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed