Apache Mod_include Priviledge Escalation Network Vulnerability

Summary

The remote web server appears to be running a version of Apache that is older than version 1.3.33. This version is vulnerable to a local buffer overflow in the get_tag() function of the module 'mod_include' when a specially crafted document with malformed server-side includes is requested though an HTTP session. Successful exploitation can lead to execution of arbitrary code with escalated privileges, but requires that server-side includes (SSI) is enabled.

Solution

Disable SSI or upgrade to a newer version when available.

Severity

Classification

CVE CVE-2004-0940
CVSS Base Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Apache Directory Listing
IIS IDA/IDQ Path Disclosure
IBM WebSphere Application Server Hash Collisions DOS Vulnerability
Arbor Networks Peakflow SP 'index/' Cross Site Scripting Vulnerability
IMail account hijack

Apache mod_include priviledge escalation

Take action and discover your vulnerabilities