CESA-2002:126: apache security update
Description
The Apache Web server contains a security vulnerability which can be used to launch a denial of service (DoS) attack or, in some cases, allow remote code execution.
Versions of the Apache Web server up to and including 1.3.24 contain a bug in the routines which deal with requests using "chunked" encoding. A carefully crafted invalid request can cause an Apache child process to call the memcpy() function in a way that will write past the end of its buffer, corrupting the stack. On some platforms this can be remotely exploited -- allowing arbitrary code to be run on the server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0392 to this issue. All users of Apache should update to these errata packages to correct this security issue.
Solution(s)
- centos-upgrade-apache
- centos-upgrade-apache-devel
- centos-upgrade-apache-manual
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center