Apache 2.2.x < 2.2.13 APR apr_palloc Heap Overflow
Critical Nessus Plugin ID 57603
SynopsisThe remote web server is affected by a buffer overflow vulnerability.
DescriptionAccording to its self-reported banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.13. As such, it includes a bundled version of the Apache Portable Runtime (APR) library that contains a flaw in 'apr_palloc()' that could cause a heap overflow.
Note that the Apache HTTP server itself does not pass unsanitized, user-provided sizes to this function so it could only be triggered through some other application that uses it in a vulnerable way.
SolutionUpgrade to Apache 2.2.13 or later.