vendor:
Apache HTTP Server
by:
Unknown
5.5
CVSS
MEDIUM
Integer Overflow
190
CWE
Product Name: Apache HTTP Server
Affected Version From: 2.0.x
Affected Version To: 2.0.64 and 2.2.x to 2.2.21
Patch Exists: YES
Related CWE: CVE-2011-3368
CPE: a:apache:http_server
Metasploit:
https://www.rapid7.com/db/vulnerabilities/f5-big-ip-cve-2012-0053/, https://www.rapid7.com/db/vulnerabilities/f5-big-ip-cve-2012-0021/, https://www.rapid7.com/db/vulnerabilities/f5-big-ip-cve-2012-0031/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2012-0128/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2012-0323/, https://www.rapid7.com/db/vulnerabilities/ibm-http_server-cve-2011-3639/, https://www.rapid7.com/db/vulnerabilities/apple-osx-note-cve-2011-4317/, https://www.rapid7.com/db/vulnerabilities/hpsmh-cve-2011-3639/, https://www.rapid7.com/db/vulnerabilities/hpsmh-cve-2011-4317/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2011-3639/, https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2011-4317/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2011-4317/, https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2011-4317/, https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2011-3639/, https://www.rapid7.com/db/vulnerabilities/oracle-solaris-cve-2011-4317/, https://www.rapid7.com/db/vulnerabilities/apple-osx-apache-cve-2011-4317/, https://www.rapid7.com/db/vulnerabilities/f5-big-ip-cve-2011-4317/, https://www.rapid7.com/db/vulnerabilities/ibm-http_server-cve-2011-4317/, https://www.rapid7.com/db/vulnerabilities/ibm-http_server-cve-2011-3368/, https://www.rapid7.com/db/vulnerabilities/apple-osx-apache-cve-2011-3368/, https://www.rapid7.com/db/?q=CVE-2011-3368&type=&page=2, https://www.rapid7.com/db/?q=CVE-2011-3368&type=&page=2
Platforms Tested: UNIX, Microsoft Windows, Mac OS/X, Netware
2011
Integer Overflow in Apache HTTP Server mod-setenvif
An integer overflow was found in apache2-mpm-worker 2.2.19 in the function ap_pregsub called from mod-setenvif. When a header field is mangled using SetEnvIf, the new environment variable data can be multiples of the size of the submitted header field. This leads to a buffer overflow when filling the buffer with user-supplied data. The issue affects all versions from 2.0.x to 2.0.64 and 2.2.x to 2.2.21.
Mitigation:
Upgrade to a version of Apache HTTP Server that is not affected by this vulnerability. Patching the vulnerable version may also be an option.