icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons

Apache 'mod_fcgid' Module Heap Buffer Overflow Vulnerability

High

Synopsis

The remote host is running the Apache server with a vulnerable version of the 'mod_fcgid' module.

Description

Versions of Apache 'mod_fcgid' module earlier than 2.3.9 are vulnerable to a heap overflow vulnerability due to insufficient user input boundary validation, specifically to the 'fcgid_header_bucket_read()' function as called from the modules/fcgid/fcgid_bucket.c source file. An attacker may leverage this to execute arbitrary code in the context of the server application, or cause denial of service.

Solution

Upgrade the 'mod_fcgid' module to version 2.3.9 or later.