Apache chunked encoding exploit v1.53 Vulnerability exploited: CVE-2002-0392 - BID-5033 Category: Exploits/Remote Takes advantage of a bug in Apache's chunking encode mechanism. After successful exploitation a level 0 agent will be installed. Usually Apache is ran as the user nobody, or some other low privileged user. After exploitation, the level 0 agent will be running as this user.Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allow remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size. Supported Systems: OpenBSD 2.8 (i386) OpenBSD 2.9 (i386) OpenBSD 3.0 (i386) OpenBSD 3.1 (i386) Windows 2000 Server - sp0 (i386) Windows 2000 Server - sp1 (i386) Windows 2000 Server - sp2 (i386) Windows 2000 Server - sp3 (i386) Apache 1.3.23, 1.3.24 under Microsoft Windows 2000 Server SP 0 Apache 1.3.23, 1.3.24 under Microsoft Windows 2000 Server SP 1 Apache 1.3.23, 1.3.24 under Microsoft Windows 2000 Server SP 2 Apache 1.3.17, 1.3.19, 1.3.20, 1.3.22, 1.3.23, 1.3.24 under Microsoft Windows 2000 Server SP 3 This module is included in the latest version of CORE IMPACT, the first automated comprehensive penetration testing product for accurately identifying information security risks. Click here to learn more about the product.