Apache Chunked Encoding Remote Overflow

This script is Copyright (C) 2002-2012 Tenable Network Security, Inc.


Synopsis :

The remote web server is vulnerable to a remote code execution attack.

Description :

The remote Apache web server is affected by the Apache web server
chunk handling vulnerability.

If safe checks are enabled, this may be a false positive since it is
based on the version of Apache. Although unpatched Apache versions
1.2.2 and above, 1.3 through 1.3.24, and 2.0 through 2.0.36 are
affected, the remote server may be running a patched version of
Apache.

See also :

http://httpd.apache.org/info/security_bulletin_20020617.txt
http://httpd.apache.org/info/security_bulletin_20020620.txt

Solution :

Upgrade to Apache web server version 1.3.26 or 2.0.39 or newer.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 11030 (apache_chunked_encoding.nasl)

Bugtraq ID: 5033

CVE ID: CVE-2002-0392