Name of the Vulnerable Software and Affected Versions:

Apache versions 1.3.x through 1.3.32

Description:

The issue is related to a buffer overflow in the get tag function in mod include, which allows local users who can create SSI documents to execute arbitrary code as the apache user. This can be achieved via SSI (XSSI) documents that trigger a length calculation error, potentially allowing a local user to gain the privileges of an httpd child.

Recommendations:

For Apache versions 1.3.x through 1.3.32, consider disabling the mod include module until a patch is available to prevent exploitation of the buffer overflow vulnerability. Restrict access to creating SSI documents to minimize the risk of arbitrary code execution.