Apache 2.2.14 mod_isapi Dangling Pointer

Description
This alert was generated using only banner information. It may be a false positive.


By sending a specially crafted request followed by a reset packet it is possible to trigger a vulnerability in Apache mod_isapi that will unload the target ISAPI module from memory. However function pointers still remain in memory and are called when published ISAPI functions are referenced. This results in a dangling pointer vulnerability.

Affected Apache versions (up to 2.2.14 on Windows platform).

Impact
Successful exploitation results in the execution of arbitrary code with SYSTEM privileges.

Recommendation
Upgrade Apache to the latest version.

References
Apache 2.2.14 mod_isapi Dangling Pointer
Apache homepage