7.6
CVE-2006-3747
- EPSS 96.44%
- Veröffentlicht 28.07.2006 18:02:00
- Zuletzt bearbeitet 16.06.2026 22:27:43
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Apache ≫ HTTP Server Version >= 1.3.28 < 1.3.37
Apache ≫ HTTP Server Version >= 2.0.46 < 2.0.59
Apache ≫ HTTP Server Version >= 2.2.0 < 2.2.3
Canonical ≫ Ubuntu Linux Version5.04
Canonical ≫ Ubuntu Linux Version5.10
Canonical ≫ Ubuntu Linux Version6.06
Debian ≫ Debian Linux Version3.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 96.44% | 0.999 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.6 | 4.9 | 10 |
AV:N/AC:H/Au:N/C:C/I:C/A:C
|
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
http://marc.info/?l=bugtraq&m=130497311408250&w=2
https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E
http://secunia.com/advisories/22523
http://www.vupen.com/english/advisories/2006/4207
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117
http://docs.info.apple.com/article.html?artnum=307562
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
http://www.vupen.com/english/advisories/2008/0924/references
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01428449
http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
http://secunia.com/advisories/22368
http://secunia.com/advisories/22388
http://secunia.com/advisories/23260
http://secunia.com/advisories/29420
http://secunia.com/advisories/29849
http://secunia.com/advisories/30430
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102662-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102663-1
http://www.novell.com/linux/security/advisories/2006_43_apache.html
http://www.securityfocus.com/archive/1/445206/100/0/threaded
http://www.securityfocus.com/archive/1/450321/100/0/threaded
http://www.us-cert.gov/cas/techalerts/TA08-150A.html
http://www.vupen.com/english/advisories/2006/3995
http://www.vupen.com/english/advisories/2006/4015
http://www.vupen.com/english/advisories/2006/4300
http://www.vupen.com/english/advisories/2006/4868
http://www.vupen.com/english/advisories/2008/1246/references
http://www.vupen.com/english/advisories/2008/1697
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
http://secunia.com/advisories/21478
http://www-1.ibm.com/support/docview.wss?uid=swg24013080
http://www.vupen.com/english/advisories/2006/3264
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771
http://kbase.redhat.com/faq/FAQ_68_8653.shtm
http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048267.html
http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048271.html
http://lwn.net/Alerts/194228/
http://secunia.com/advisories/21197
http://secunia.com/advisories/21241
http://secunia.com/advisories/21245
http://secunia.com/advisories/21247
http://secunia.com/advisories/21266
http://secunia.com/advisories/21273
http://secunia.com/advisories/21284
http://secunia.com/advisories/21307
http://secunia.com/advisories/21313
http://secunia.com/advisories/21315
http://secunia.com/advisories/21346
http://secunia.com/advisories/21509
http://secunia.com/advisories/22262
http://secunia.com/advisories/23028
http://secunia.com/advisories/26329
http://security.gentoo.org/glsa/glsa-200608-01.xml
http://securityreason.com/securityalert/1312
http://securitytracker.com/id?1016601
http://svn.apache.org/viewvc?view=rev&revision=426144
http://www-1.ibm.com/support/docview.wss?uid=swg1PK29154
http://www-1.ibm.com/support/docview.wss?uid=swg1PK29156
http://www-1.ibm.com/support/docview.wss?uid=swg27007951
http://www.apache.org/dist/httpd/Announcement2.0.html
http://www.debian.org/security/2006/dsa-1131
http://www.debian.org/security/2006/dsa-1132
http://www.kb.cert.org/vuls/id/395412
http://www.mandriva.com/security/advisories?name=MDKSA-2006:133
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.015-apache.html
http://www.osvdb.org/27588
http://www.securityfocus.com/archive/1/441485/100/0/threaded
http://www.securityfocus.com/archive/1/441487/100/0/threaded
http://www.securityfocus.com/archive/1/441526/100/200/threaded
http://www.securityfocus.com/archive/1/443870/100/0/threaded
http://www.securityfocus.com/bid/19204
http://www.ubuntu.com/usn/usn-328-1
http://www.vupen.com/english/advisories/2006/3017
http://www.vupen.com/english/advisories/2006/3282
http://www.vupen.com/english/advisories/2006/3884
http://www.vupen.com/english/advisories/2007/2783
https://exchange.xforce.ibmcloud.com/vulnerabilities/28063
https://issues.rpath.com/browse/RPL-538