Apache HTTP Server Out-of-Bounds Read Vulnerability in mod_proxy_ajp

A memory corruption vulnerability allowing for out-of-bounds read has been identified in the AJP (Apache JServ Protocol) handling of Apache HTTP Server. This vulnerability affects versions through 2.4.66 and arises from improper validation of AJP messages, which can be exploited by a malicious AJP server to read memory beyond the intended buffer limits. The issue is particularly relevant in environments where mod_proxy_ajp is used to connect to untrusted AJP servers.

Impact

Exploitation of this vulnerability leads to a heap-based buffer over-read, causing memory to be read beyond the allocated bounds. This type of vulnerability can potentially be exploited to disclose sensitive information or manipulate memory in a way that could be used for arbitrary code execution.

Reproduction

To reproduce this vulnerability, configure Apache HTTP Server to use mod_proxy_ajp and connect to a malicious AJP server. The malicious server can send crafted AJP messages that exploit the lack of proper header validation in mod_proxy_ajp, causing the server to read memory beyond the intended buffer limits.

Remediation

Users are advised to upgrade to Apache HTTP Server version 2.4.67, which addresses this vulnerability.