Apache web servers support chunked encoding, which is part of the HTTP protocol specification. Chunked encoding is used by a web client to send data to the server in parts, or chunks. After a chunk is received, the server indicates that it is ready to receive the next chunk, until all of the data has been received.
Multiple vulnerabilities in Apache 2.0 prior to 2.0.45 could allow a remote attacker to cause a denial of service, retrieve arbitrary files, or execute commands.
6/18/02
CVE 2002-0392
Apache 1.2.2 through 1.3.24 and Apache 2.0.x prior to 2.0.37
contain a flaw in the implementation of chunked encoding.
A remote attacker could cause the server to misinterpret
the chunk size, leading to a heap overflow. In the worst
case, with Apache 1.x this could allow the attacker to
execute arbitrary commands on most platforms. In other cases,
an attacker could cause the web
server child process to terminate, leading to an
interruption in service while the child process is replaced.
This effect is especially significant on Windows and Netware
platforms.
10/15/02
CAN 2002-0839
CAN 2002-0840
CAN 2002-0843
Apache 1.3.27 fixed several potential vulnerabilities. On
System V platforms using shared memory based scoreboards,
an attacker who is able to execute commands using the Apache
user ID could send arbitrary signals to other processes with
root privileges, or cause a local denial of service. A web
server in a domain that allows wildcard DNS lookups is
susceptible to cross-site scripting in the default 404 error
page. Finally, the ab.c program, which is
one of the support programs bundled with Apache but not
part of Apache itself,
contains a buffer overflow which could be exploited by
a malicious server.
3/26/02
CVE 2002-0061
When it receives a request for a batch (.bat
or .cmd) file,
the Windows version of Apache uses cmd.exe to
process the batch file with the given input parameters. Due to
insufficient checking of the input parameters, it is possible for
a remote attacker to execute arbitrary commands by appending them
to the request using a pipe character (|). This vulnerability
is especially easy to exploit on Apache version 2 prior to 2.0.34 due
to the presence of a sample batch file on the web server,
/cgi-bin/test-cgi.bat. However, it is also exploitable
on Apache version 1 prior to 1.3.24 using any .bat or
.cmd files which happen to be present on the
web server. This vulnerability affects Windows systems only.
5/18/01
CVE 2001-1342
A vulnerability in the Windows and OS/2 versions of Apache could
allow a remote attacker to cause the web server to
perform an illegal operation. This attack would cause
the server to remain unresponsive until an administrator
is able to clear the fault and restart the server.
The Windows and OS/2 versions of Apache 1.3.19 and earlier are affected by this vulnerability unless the patch has been applied.
8/20/02
The directory traversal vulnerability affecting Apache 2.0 - 2.0.39 can be
fixed by a simple one-line modification of the httpd.conf
file. Prior to the first 'Alias' or 'Redirect' directive, add the following
directive to the Global Environment section:
RedirectMatch 400 "\\\.\."However, it is preferable to upgrade to the latest version of Apache, as this will fix two minor path-revealing exposures.