Apache 1.3.x < 1.3.42 mod_proxy Integer Overflow
Critical Nessus Plugin ID 44589
SynopsisThe remote web server may be affected by an integer overflow vulnerability.
DescriptionAccording to its banner, the version of Apache 1.3.x running on the remote host is prior 1.3.42. It is, therefore, potentially affected by an integer overflow vulnerability in the mod_proxy Apache module.
A remote attacker can exploit this to cause a denial of service condition or to execute arbitrary code.
Note that successful exploitation is possible only on platforms where sizeof(int) < sizeof(long), such as 64-bit architectures.
Also note that version 1.3.42 is the final release of Apache 1.3.
SolutionUpgrade to Apache version 1.3.42 or later. Alternatively, disable mod_proxy.