This module exploits a vulnerability in the OpenSSL library, which is used by Apache if HTTPS support is provided. OpenSSL versions 0.9.7-beta, 0.9.7, 0.9.7a and 0.9.7b are affected. The corresponding OpenSSL advisory states: "Certain ASN.1 encodings that are rejected as invalid by the parser can trigger a bug in the deallocation of the corresponding data structure". This module triggers this deallocation and abuses the dynamic memory allocator of vulnerable Linux systems in order to execute arbitrary code. This module can not be launched from an agent.
CVE Link
Exploit Platform
Product Name