7.6

CVE-2006-3747

Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheHTTP Server Version >= 1.3.28 < 1.3.37
ApacheHTTP Server Version >= 2.0.46 < 2.0.59
ApacheHTTP Server Version >= 2.2.0 < 2.2.3
CanonicalUbuntu Linux Version5.04
CanonicalUbuntu Linux Version5.10
CanonicalUbuntu Linux Version6.06
DebianDebian Linux Version3.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 96.44% 0.999
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.6 4.9 10
AV:N/AC:H/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
http://marc.info/?l=bugtraq&m=130497311408250&w=2
Third Party Advisory
Mailing List
https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E
http://secunia.com/advisories/22523
Broken Link
http://www.vupen.com/english/advisories/2006/4207
Permissions Required
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117
Third Party Advisory
http://docs.info.apple.com/article.html?artnum=307562
Third Party Advisory
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
Third Party Advisory
Mailing List
http://www.vupen.com/english/advisories/2008/0924/references
Permissions Required
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01428449
Third Party Advisory
http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/22368
Broken Link
http://secunia.com/advisories/22388
Broken Link
http://secunia.com/advisories/23260
Broken Link
http://secunia.com/advisories/29420
Broken Link
http://secunia.com/advisories/29849
Broken Link
http://secunia.com/advisories/30430
Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102662-1
Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102663-1
Broken Link
http://www.novell.com/linux/security/advisories/2006_43_apache.html
Third Party Advisory
http://www.securityfocus.com/archive/1/445206/100/0/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/450321/100/0/threaded
Third Party Advisory
VDB Entry
http://www.us-cert.gov/cas/techalerts/TA08-150A.html
Third Party Advisory
US Government Resource
http://www.vupen.com/english/advisories/2006/3995
Permissions Required
http://www.vupen.com/english/advisories/2006/4015
Permissions Required
http://www.vupen.com/english/advisories/2006/4300
Permissions Required
http://www.vupen.com/english/advisories/2006/4868
Permissions Required
http://www.vupen.com/english/advisories/2008/1246/references
Permissions Required
http://www.vupen.com/english/advisories/2008/1697
Permissions Required
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
http://secunia.com/advisories/21478
Broken Link
http://www-1.ibm.com/support/docview.wss?uid=swg24013080
Third Party Advisory
http://www.vupen.com/english/advisories/2006/3264
Permissions Required
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771
Third Party Advisory
http://kbase.redhat.com/faq/FAQ_68_8653.shtm
Third Party Advisory
http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048267.html
Third Party Advisory
http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048271.html
Third Party Advisory
Mailing List
http://lwn.net/Alerts/194228/
Third Party Advisory
Mailing List
http://secunia.com/advisories/21197
Broken Link
http://secunia.com/advisories/21241
Broken Link
http://secunia.com/advisories/21245
Broken Link
http://secunia.com/advisories/21247
Broken Link
http://secunia.com/advisories/21266
Broken Link
http://secunia.com/advisories/21273
Broken Link
http://secunia.com/advisories/21284
Broken Link
http://secunia.com/advisories/21307
Broken Link
http://secunia.com/advisories/21313
Broken Link
http://secunia.com/advisories/21315
Broken Link
http://secunia.com/advisories/21346
Broken Link
http://secunia.com/advisories/21509
Broken Link
http://secunia.com/advisories/22262
Broken Link
http://secunia.com/advisories/23028
Broken Link
http://secunia.com/advisories/26329
Broken Link
http://security.gentoo.org/glsa/glsa-200608-01.xml
Third Party Advisory
http://securityreason.com/securityalert/1312
Third Party Advisory
http://securitytracker.com/id?1016601
Third Party Advisory
VDB Entry
http://svn.apache.org/viewvc?view=rev&revision=426144
Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg1PK29154
Third Party Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg1PK29156
Third Party Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg27007951
Third Party Advisory
http://www.apache.org/dist/httpd/Announcement2.0.html
Patch
Vendor Advisory
http://www.debian.org/security/2006/dsa-1131
Patch
Third Party Advisory
http://www.debian.org/security/2006/dsa-1132
Patch
Third Party Advisory
http://www.kb.cert.org/vuls/id/395412
Third Party Advisory
US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2006:133
Broken Link
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.015-apache.html
Third Party Advisory
http://www.osvdb.org/27588
Broken Link
http://www.securityfocus.com/archive/1/441485/100/0/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/441487/100/0/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/441526/100/200/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/443870/100/0/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/19204
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/usn-328-1
Third Party Advisory
http://www.vupen.com/english/advisories/2006/3017
Permissions Required
http://www.vupen.com/english/advisories/2006/3282
Permissions Required
http://www.vupen.com/english/advisories/2006/3884
Permissions Required
http://www.vupen.com/english/advisories/2007/2783
Permissions Required
https://exchange.xforce.ibmcloud.com/vulnerabilities/28063
Third Party Advisory
VDB Entry
https://issues.rpath.com/browse/RPL-538
Broken Link