FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

apache -- ap_resolve_env buffer overflow

Affected packages
2.0 <= apache < 2.0.50_3


VuXML ID 4d49f4ba-071f-11d9-b45d-000c41e2cdad
Discovery 2004-09-15
Entry 2004-09-15

SITIC discovered a vulnerability in Apache 2's handling of environmental variable settings in the httpd configuration files (the main `httpd.conf' and `.htaccess' files). According to a SITIC advisory:

The buffer overflow occurs when expanding ${ENVVAR} constructs in .htaccess or httpd.conf files. The function ap_resolve_env() in server/util.c copies data from environment variables to the character array tmp with strcat(3), leading to a buffer overflow.


CVE Name CVE-2004-0747