Apache 'mod_fcgid' Module Heap Buffer Overflow Vulnerability

High

Synopsis

The remote host is running the Apache server with a vulnerable version of the 'mod_fcgid' module.

Description

Versions of Apache 'mod_fcgid' module earlier than 2.3.9 are vulnerable to a heap overflow vulnerability due to insufficient user input boundary validation, specifically to the 'fcgid_header_bucket_read()' function as called from the modules/fcgid/fcgid_bucket.c source file. An attacker may leverage this to execute arbitrary code in the context of the server application, or cause denial of service.

Solution

Upgrade the 'mod_fcgid' module to version 2.3.9 or later.