The remote web server appears to be running a version of Apache that is older than version 1.3.33. This version is vulnerable to a local buffer overflow in the get_tag() function of the module 'mod_include' when a specially crafted document with malformed server-side includes is requested though an HTTP session. Successful exploitation can lead to execution of arbitrary code with escalated privileges, but requires that server-side includes (SSI) is enabled.
Disable SSI or upgrade to a newer version when available.
- HTTP File Server Security Bypass and Denial of Service Vulnerabilities
- IOServer Trailing Backslash Multiple Directory Traversal Vulnerabilities
- bozohttpd Security Bypass Vulnerability
- HttpBlitz Server HTTP Request Remote Denial of Service Vulnerability
- Apache Tomcat HTTP NIO Denial Of Service Vulnerability (Windows)