Mod_NTLM Authorization Heap Overflow Vulnerability
Gravité: : Élevé
Date du conseil: 21 juillet 2015
Description
The mod_ntlm Apache module has been reported prone to a heap overflow vulnerability.
The vulnerability occurs due to a lack of sufficient bounds checking performed on user-supplied data, stored in heap memory. By supplying excessive data an attacker may trigger a buffer overflow and corrupt crucial memory management structures. This may result in the execution of arbitrary code in the context of the Apache server.
Information Exposure Rating:
Apply associated Trend Micro DPI Rules.
Solutions
Trend Micro Deep Security DPI Rule Number: 1000457
Trend Micro Deep Security DPI Rule Name: 1000457 - Mod_NTLM Authorization Heap Overflow Vulnerability
Affected software and version:
- Apache Software Foundation Apache 1.3
- Apache Software Foundation Apache 1.3.1
- Apache Software Foundation Apache 1.3.11
- Apache Software Foundation Apache 1.3.12
- Apache Software Foundation Apache 1.3.14
- Apache Software Foundation Apache 1.3.17
- Apache Software Foundation Apache 1.3.18
- Apache Software Foundation Apache 1.3.19
- Apache Software Foundation Apache 1.3.20
- Apache Software Foundation Apache 1.3.22
- Apache Software Foundation Apache 1.3.23
- Apache Software Foundation Apache 1.3.24
- Apache Software Foundation Apache 1.3.25
- Apache Software Foundation Apache 1.3.26
- Apache Software Foundation Apache 1.3.27
- Apache Software Foundation Apache 1.3.3
- Apache Software Foundation Apache 1.3.4
- Apache Software Foundation Apache 1.3.6
- Apache Software Foundation Apache 1.3.9
- Apache Software Foundation Apache 2.0
- Apache Software Foundation Apache 2.0.28
- Apache Software Foundation Apache 2.0.32
- Apache Software Foundation Apache 2.0.35
- Apache Software Foundation Apache 2.0.36
- Apache Software Foundation Apache 2.0.37
- Apache Software Foundation Apache 2.0.38
- Apache Software Foundation Apache 2.0.39
- Apache Software Foundation Apache 2.0.40
- Apache Software Foundation Apache 2.0.41
- Apache Software Foundation Apache 2.0.42
- Apache Software Foundation Apache 2.0.43
- Apache Software Foundation Apache 2.0.44
- Apache Software Foundation Apache 2.0.45