Apache 2.2.x < 2.2.13 APR apr_palloc Heap Overflow

This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.

Synopsis :

The remote web server is affected by a buffer overflow

Description :

According to its self-reported banner, the version of Apache 2.2.x
running on the remote host is prior to 2.2.13. As such, it includes a
bundled version of the Apache Portable Runtime (APR) library that
contains a flaw in 'apr_palloc()' that could cause a heap overflow.

Note that the Apache HTTP server itself does not pass unsanitized,
user-provided sizes to this function so it could only be triggered
through some other application that uses it in a vulnerable way.

See also :


Solution :

Upgrade to Apache 2.2.13 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.7
Public Exploit Available : false

Family: Web Servers

Nessus Plugin ID: 57603 ()

Bugtraq ID: 35949

CVE ID: CVE-2009-2412

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now