Apache mod_fcgid Module < 2.3.9 fcgid_header_bucket_read() Function Heap-Based Buffer Overflow
Medium Nessus Plugin ID 70682
SynopsisThe remote web server is affected by a buffer overflow vulnerability.
DescriptionAccording to its self-reported banner, the Apache web server listening on this port includes a version of the mod_fcgid module earlier than 2.3.9. That reportedly has a heap-based buffer overflow vulnerability because of an error in the pointer arithmetic used in the 'fcgid_header_bucket_read()' function.
SolutionUpdate to version 2.3.9 or later.