Apache 'mod_fcgid' Module Heap Buffer Overflow Vulnerability
PVS ID: 8028 FAMILY: Web Servers RISK: HIGH NESSUS ID:70403
Description: Synopsis :\n\nThe remote host is running the Apache server with a vulnerable version of the 'mod_fcgid' module.\n\nVersions of Apache 'mod_fcgid' module earlier than 2.3.9 are vulnerable to a heap overflow vulnerability due to insufficient user input boundary validation, specifically to the 'fcgid_header_bucket_read()' function as called from the modules/fcgid/fcgid_bucket.c source file. An attacker may leverage this to execute arbitrary code in the context of the server application, or cause denial of service. For your information, the observed version of the module is: %L

Solution: Upgrade the 'mod_fcgid' module to version 2.3.9 or later.


Copyright Tenable Network Security Inc. 2013