The remote web server appears to be running a version of Apache that is older than version 1.3.33. This version is vulnerable to a local buffer overflow in the get_tag() function of the module 'mod_include' when a specially crafted document with malformed server-side includes is requested though an HTTP session. Successful exploitation can lead to execution of arbitrary code with escalated privileges, but requires that server-side includes (SSI) is enabled.
Disable SSI or upgrade to a newer version when available.
- IBM WebSphere Application Server Admin Console Cross-site Scripting Vulnerability
- Lighttpd Trailing Slash Information Disclosure Vulnerability
- HTTP File Server Security Bypass and Denial of Service Vulnerabilities
- IBM WebSphere Application Server WS-Security XML Encryption Weakness Vulnerability
- Apache Tomcat Session Fixation Vulnerability (Windows)