Technical Description
A vulnerability has been identified in Apache, which could be exploitedby remote attackers to compromise a vulnerable server or cause a denialof service. This flaw is due to an off-by-one buffer overflow error inthe "escape_absolute_uri()" function when processing a speciallycrafted LDAP URI, which could be exploited by remote attackers toexecute arbitrary commands on a web server configured with certainRewrite rules (the attacker must be able to control the initial part ofthe rewritten URL, and the rule must not contain a forbidden [F], gone[G], or NoEscape [NE] flag).
Affected Products
Apache versions 1.3.28 through 1.3.36
Apache versions 2.0.46 through 2.0.58
Apache versions 2.2.0 through 2.2.2
Solution
Upgrade to Apache version 1.3.37, 2.0.59, or 2.2.3 :
http://httpd.apache.org/download.cgi
