Apache chunked encoding buffer overflow

Added: 05/08/2006
CVE: CVE-2002-0392
BID: 5033
OSVDB: 838

Background

Apache web servers support chunked encoding, which is used by a web client to send data to the server in parts, or chunks.

Problem

A flaw in the calculation of the size of chunked encoding leads to a buffer overflow, allowing remote command execution.

Resolution

Upgrade to the latest version of Apache.

References

http://www.cert.org/advisories/CA-2002-17.html

Limitations

Due to the nature of this vulnerability, this exploit may not always be reliable.

Platforms

Windows

Back to exploit index