Family: Web Servers --> Category: infos
Apache mod_include Privilege Escalation Vulnerability Scan
Vulnerability Scan Summary
Checks for version of Apache
Detailed Explanation for this Vulnerability Test
The remote web server appears to be running a version of Apache that is older
than version 1.3.33.
This version is vulnerable to a local buffer overflow in the get_tag()
function of the module 'mod_include' when a specially crafted document
with malformed server-side includes is requested though an HTTP session.
Successful exploitation can lead to execution of arbitrary code with
escalated rights, but requires that server-side includes (SSI) is enabled.
Solution: Disable SSI or upgrade to a newer version when available.
Risk factor: Medium
Click HERE for more information and discussions on this network vulnerability scan.