Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
Get an AI-powered plain-language explanation of this vulnerability and remediation steps.
Login to generate AI explanation2 reference(s) from NVD