6.8

CVE-2006-4154

Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheHTTP Server Version2.0
ApacheHTTP Server Version2.0.9
ApacheHTTP Server Version2.0.28
ApacheHTTP Server Version2.0.28 Updatebeta
ApacheHTTP Server Version2.0.28 Updatebeta Editionwin32
ApacheHTTP Server Version2.0.32
ApacheHTTP Server Version2.0.32 Updatebeta Editionwin32
ApacheHTTP Server Version2.0.34 Updatebeta Editionwin32
ApacheHTTP Server Version2.0.35
ApacheHTTP Server Version2.0.36
ApacheHTTP Server Version2.0.37
ApacheHTTP Server Version2.0.38
ApacheHTTP Server Version2.0.39
ApacheHTTP Server Version2.0.40
ApacheHTTP Server Version2.0.41
ApacheHTTP Server Version2.0.42
ApacheHTTP Server Version2.0.43
ApacheHTTP Server Version2.0.44
ApacheHTTP Server Version2.0.45
ApacheHTTP Server Version2.0.46
ApacheHTTP Server Version2.0.47
ApacheHTTP Server Version2.0.48
ApacheHTTP Server Version2.0.49
ApacheHTTP Server Version2.0.50
ApacheHTTP Server Version2.0.51
ApacheHTTP Server Version2.0.52
ApacheHTTP Server Version2.0.53
ApacheHTTP Server Version2.0.54
ApacheHTTP Server Version2.0.55
ApacheHTTP Server Version2.0.56
ApacheHTTP Server Version2.0.57
ApacheHTTP Server Version2.0.58
ApacheHTTP Server Version2.0.58 Editionwin32
ApacheHTTP Server Version2.1
ApacheHTTP Server Version2.1.1
ApacheHTTP Server Version2.1.2
ApacheHTTP Server Version2.1.3
ApacheHTTP Server Version2.1.4
ApacheHTTP Server Version2.1.5
ApacheHTTP Server Version2.1.6
ApacheHTTP Server Version2.2
ApacheHTTP Server Version2.2.1
ApacheHTTP Server Version2.2.2 Editionwindows
ApacheHTTP Server Version2.2.3 Editionwindows
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 15.86% 0.965
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=421
Patch
Vendor Advisory
http://secunia.com/advisories/22458
http://secunia.com/advisories/22549
http://security.gentoo.org/glsa/glsa-200610-12.xml
http://securitytracker.com/id?1017062
http://www.kb.cert.org/vuls/id/366020
US Government Resource
http://www.osvdb.org/29536
http://www.securityfocus.com/bid/20527
http://www.vupen.com/english/advisories/2006/4033
https://exchange.xforce.ibmcloud.com/vulnerabilities/29550