The remote web server appears to be running a version of Apache that is older than version 1.3.33. This version is vulnerable to a local buffer overflow in the get_tag() function of the module 'mod_include' when a specially crafted document with malformed server-side includes is requested though an HTTP session. Successful exploitation can lead to execution of arbitrary code with escalated privileges, but requires that server-side includes (SSI) is enabled.
Disable SSI or upgrade to a newer version when available.
- Lighttpd Trailing Slash Information Disclosure Vulnerability
- AOLServer Terminal Escape Sequence in Logs Command Injection Vulnerability
- Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
- Home Web Server Graphical User Interface Remote Denial Of Service Vulnerability
- Check for dangerous IIS default files