CVE-2008-1091 is a vulnerability that was discovered in March 2008. It affects the popular web server software Apache HTTPD, specifically versions 2.2.6 to 2.2.8 and 2.0.61 to 2.0.63. The vulnerability allows attackers to execute arbitrary code on the affected system by sending a specially crafted request to the server. This can result in a complete compromise of the system, including access to sensitive data or the ability to take control of the server.
The vulnerability was caused by a flaw in the way Apache handled certain requests that contained malformed headers. Attackers could exploit this flaw by sending a request with a specially crafted header that would trigger a buffer overflow, allowing them to inject malicious code into the system. The vulnerability was rated as critical by the Common Vulnerability Scoring System (CVSS) and was widely publicized in the security community.
Apache quickly released a patch for the vulnerability, which was included in subsequent releases of the software. However, many organizations were slow to apply the patch, leaving their systems vulnerable to attack. As a result, there were numerous reports of successful attacks exploiting the vulnerability in the months following its discovery. This highlights the importance of promptly applying security patches to all software used in an organization to prevent exploitation of known vulnerabilities.