The remote web server appears to be running a version of Apache that is older than version 1.3.33. This version is vulnerable to a local buffer overflow in the get_tag() function of the module 'mod_include' when a specially crafted document with malformed server-side includes is requested though an HTTP session. Successful exploitation can lead to execution of arbitrary code with escalated privileges, but requires that server-side includes (SSI) is enabled.
Disable SSI or upgrade to a newer version when available.
- IOServer Trailing Backslash Multiple Directory Traversal Vulnerabilities
- jHTTPd Directory Traversal Vulnerability
- IBM WebSphere Application Server Cross-Site Request Forgery Vulnerability
- IBM WebSphere Application Server JNDI information disclosure Vulnerability
- Cherokee Terminal Escape Sequence in Logs Command Injection Vulnerability