Update: Apache web server chunk handling vulnerability

SGI Security Advisory has updated its information on the Apache web server vulnerability to include 32-bit platforms.

It has been reported that versions of the Apache web server up to and including 1.3.24 and 2.0 up to and including 2.0.36 contain a bug in the routines which deal with invalid requests which are encoded using chunked encoding. This bug can be triggered remotely by sending a carefully crafted invalid request. This functionality is enabled by default.

See here for the updated advisory.

Join the newsletter!

Error: Please check your email address.

More about ApacheSGI Australia

Show Comments