The remote web server appears to be running a version of Apache that is older than version 1.3.33. This version is vulnerable to a local buffer overflow in the get_tag() function of the module 'mod_include' when a specially crafted document with malformed server-side includes is requested though an HTTP session. Successful exploitation can lead to execution of arbitrary code with escalated privileges, but requires that server-side includes (SSI) is enabled.
Disable SSI or upgrade to a newer version when available.
- IBM WebSphere Application Server Administration Console DoS vulnerability
- IBM WebSphere Application Server Admin Console Cross-site Scripting Vulnerability
- F*EX (Frams's Fast File EXchange) Multiple XSS Vulnerabilities
- HttpBlitz Server HTTP Request Remote Denial of Service Vulnerability
- Apache HTTP Server mod_proxy_ajp Process Timeout DoS Vulnerability (Windows)