Matthew Murphy

**Name of the Vulnerable Software and Affected Versions** mod gzip versions 1.3.26.1a and earlier **Description** The issue is a stack-based buffer overflow in the mod gzip printf function for mod gzip when running in debug mode. This allows remote attackers to execute arbitrary code via a long filename in a GET request with an "Accept-Encoding: gzip" header. **Recommendations** For mod gzip versions 1.3.26.1a and earlier, consider disabling the mod gzip module or restricting access to it until a fix is available. As a temporary workaround, avoid using the debug mode in mod gzip to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** mod gzip versions 1.3.26.1a and earlier **Description** The issue allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header, when mod gzip is running in debug mode and using the Apache log. **Recommendations** For mod gzip versions 1.3.26.1a and earlier, consider disabling the debug mode as a temporary workaround until a patch is available. Restrict access to the Apache log to minimize the risk of exploitation. Avoid using format string characters in HTTP GET requests with an "Accept-Encoding: gzip" header until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** mod gzip versions 1.3.26.1a and earlier **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on predictable temporary filenames on Unix systems, or an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled. This occurs when mod gzip is running in debug mode without the Apache log. **Recommendations** For mod gzip versions 1.3.26.1a and earlier, consider disabling debug mode or ensuring the Apache log is enabled to prevent exploitation. Additionally, enabling the "Strengthen default permissions of internal system objects" policy on Windows systems can help mitigate the risk.

Name of the Vulnerable Software and Affected Versions: Monkey HTTP Daemon (monkeyd) versions 0.6.1 and earlier Description: The issue is related to a buffer overflow in the PostMethod() function, allowing remote attackers to execute arbitrary code via a POST request with a large body. Recommendations: For Monkey HTTP Daemon (monkeyd) versions 0.6.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.