Apache 2.2.14 mod_isapi Dangling Pointer

Description
This alert was generated using only banner information. It may be a false positive.


By sending a specially crafted request followed by a reset packet it is possible to trigger a vulnerability in Apache mod_isapi that will unload the target ISAPI module from memory. However function pointers still remain in memory and are called when published ISAPI functions are referenced. This results in a dangling pointer vulnerability.

Affected Apache versions (up to 2.2.14 on Windows platform).

ShareShare on FacebookTweet about this on TwitterShare on Google+

Impact
Successful exploitation results in the execution of arbitrary code with SYSTEM privileges.

Recommendation
Upgrade Apache to the latest version.

References
Apache 2.2.14 mod_isapi Dangling Pointer
Apache homepage