search for: new_cookie

...1.1.1 and earlier, which makes it possible for remote individuals to obtain access to systems running the Apache httpd. Only sites which enabled mod_cookies, a nondefault option, are vulnerable. Technical Details ~~~~~~~~~~~~~~~~~ The function make_cookie, in mod_cookies.c uses a 100 byte buffer, new_cookie to store information used to track web site users. The hostname, which with even the most cautious of resolver libraries, can be up to 255 characters long, is stuffed into this buffer, along with the string "apache=" and a number. The offending code reads: void make_cookie(request_rec...