- Jul. 31st, 2006
- 1 comments
Most deployed versions of Apache are potentially exploitable, as mod_rewrite has been found to be vulnerable to a stack smashing attack. It is somewhat muted by the fact that only certain rules cause the problem. The vulnerability is caused by an off-by-one error — the most common programming error known to man. Many SEOs use mod_rewrite, but not all will be affected; I checked my rules, and I am not exploitable (otherwise I wouldn't post this), but I'm upgrading anything I have anyway. This affects all branches of Apache — 1.3 to 2.2. The original report from McAfee is here.