Urchin WebAnalytics Software is discontinued and is no longer supported. All Urchin documentation applies only to the Urchin product as it was at the time of discontinuation, and does not apply to any Google Analytics products or services.

Buffer overflow in 'mod_proxy' with Apache 1.3.31: Urchin 5 unaffected


Urchin 5 ships with an embedded Apache webserver that provides access to the web-based Urchin administration and reporting functions. As reported in the following security advisory:

Apache HTTP Server versions 1.3.31 and earlier contain a vulnerability due to a boundary error within the Apache mod_proxy module. This can be exploited to cause a heap-based buffer overflow by passing a "Content-Length:" header containing a large negative value, potentially causing a Denial of Service condition or system compromise.

Impact on Urchin Customers

After examination the threat, Urchin Software Corporation's position on this issue is that the Apache server shipped with Urchin is not vulnerable to this exploit, and no action is necessary. Additional notes:

  1. Exploitation of the vulnerability requires the Apache server to be configured as a proxy. Urchin does not provide any means for configuring the embedded Apache server to be a proxy.
  2. The Apache server shipped with Urchin is not built with the mod_proxy module

Clear search
Close search
Google apps
Main menu
Search Help Center