[原文]Format string vulnerability in mod_gzip_printf for mod_gzip 18.104.22.168a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
mod_gzip Debug Mode mod_gzip_printf Remote Format String
Remote / Network Access,
Local / Remote,
Loss of Integrity
A remote format string vulnerablity exists in mod_gzip. The issue is due to an error of mod_gzip_printf() for Apache logging machanism. By sending a specially crafted HTTP GET request with an "Accept-Encoding: gzip" header, a remote attacker can cause a denial of service or execute arbitrary code with the priviledges of webserver, resulting in a loss of integrity.
Currently, there are no known workarounds or upgrades to correct this issue. However, Zone-H has released a patch to address this vulnerability.