Apache HTTP Server
Moderate fix1 remedy
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*
Moderate fix1 remedy
- <= 2.4.52
Apache HTTP Server Integer Overflow Vulnerability Leading to Buffer Overflow
Vulnerability
Patched
An integer overflow vulnerability has been identified in Apache HTTP Server in versions prior to 2.4.53. This vulnerability occurs when the 'LimitXMLRequestBody' directive is set to allow request bodies larger than 350MB, which is above the default limit of 1MB, on 32-bit systems. The integer overflow can be exploited to write data outside the bounds of allocated memory, potentially leading to arbitrary code execution.
Impact
Exploitation of this vulnerability causes a buffer overflow, which can be exploited to execute arbitrary code.
Reproduction
To reproduce this vulnerability, configure the Apache HTTP Server to allow request bodies larger than 350MB. This can be done by setting the 'LimitXMLRequestBody' directive to a value greater than 350MB. Once this is set, send a request with a body larger than 350MB. The server will process the request, and the integer overflow will occur, leading to out-of-bounds writes.
Remediation
Users are advised to upgrade to Apache HTTP Server version 2.4.53 or later.
Added: May 15, 2026, 11:48 AM
Updated: May 15, 2026, 11:48 AM
Vulnerability Rating
Custom Algorithm
spread
9.4impact
0.6exploitability
8.2remediation
7.7relevance
0.0threat
1.9urgency
2.9incentive
8.3Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.