Check or Attack Name: Apache cookie

The Apache web server has an optional module mod_cookies that contains a vulnerability allowing a remote attacker to overflow an internal buffer in the web server and execute arbitrary bytecode on the web server machine. The mod_cookies module is compiled into the web server, and is not installed by default in any versions of Apache. Apache web servers up to v1.1.1 may be vulnerable to this overflow, if this module has been compiled into the server.

This vulnerability only affects sites running Apache 1.1.1 or below with the cookies modules compiled into the server. This hole was fixed in Apache 1.1.3 and later versions, and users should upgrade to the latest release available.

Apache Server Project Web Site, Security Release: Apache 1.1.3, http://www.apache.org/113announce.html

Network Associates, Inc. Security Advisory #2, Vulnerabilities in the Apache httpd, http://www.nai.com/nai_labs/asp_set/advisory/02_apachemod_adv.asp