Apache HTTP Server mod_remoteip Stack Buffer Overflow Vulnerability
A vulnerability in the mod_remoteip module of the Apache HTTP Server could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on a targeted system.
The vulnerability is due to a stack buffer overflow condition or NULL pointer deference condition that could occur when processing user-supplied input when the mod_remoteip module of the affected software is configured to use a trusted intermediary proxy server. An attacker could exploit this vulnerability by sending a request that submits a malicious PROXY header to a proxy server that is trusted by the targeted system. A successful exploit could cause a stack buffer overflow condition or NULL pointer deference condition that the attacker could use to execute arbitrary code or cause a DoS condition.
Apache has confirmed the vulnerability and released software updates.
Security Impact Rating: High