[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

95906

 
 

909

 
 

77986

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2006-3747

Date: (C)2006-07-28   (M)2017-07-21
 
CVSS Score: 7.6Access Vector: NETWORK
Exploitability Subscore: 4.9Access Complexity: HIGH
Impact Subscore: 10.0Authentication: NONE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE











Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.

Reference:
SECTRACK-1016601
SUNALERT-102662
SUNALERT-102663
SREASON-1312
BID-19204
2006-0044
http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048267.html
http://www.securityfocus.com/archive/1/archive/1/441487/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/441485/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/441526/100/200/threaded
http://www.securityfocus.com/archive/1/archive/1/443870/100/0/threaded
SECUNIA-21197
SECUNIA-21241
SECUNIA-21245
SECUNIA-21247
SECUNIA-21266
SECUNIA-21273
SECUNIA-21284
SECUNIA-21307
SECUNIA-21313
SECUNIA-21315
SECUNIA-21346
SECUNIA-21478
SECUNIA-21509
SECUNIA-22262
SECUNIA-22368
SECUNIA-22388
SECUNIA-22523
SECUNIA-23028
SECUNIA-23260
SECUNIA-26329
OSVDB-27588
SECUNIA-29420
SECUNIA-29849
SECUNIA-30430
ADV-2006-3017
ADV-2006-3264
ADV-2006-3282
ADV-2006-3884
ADV-2006-3995
ADV-2006-4015
ADV-2006-4207
ADV-2006-4300
ADV-2006-4868
ADV-2007-2783
ADV-2008-0924
ADV-2008-1246
ADV-2008-1697
APPLE-SA-2008-03-18
APPLE-SA-2008-05-28
DSA-1131
DSA-1132
GLSA-200608-01
HPSBMA02250
HPSBMA02328
HPSBOV02683
HPSBUX02145
MDKSA-2006:133
OpenPKG-SA-2006.015
PK27875
PK29154
PK29156
SSRT061202
SSRT061265
SSRT061275
SSRT090208
SUSE-SA:2006:043
TA08-150A
USN-328-1
VU#395412
apache-modrewrite-offbyone-bo(28063)
http://docs.info.apple.com/article.html?artnum=307562
http://kbase.redhat.com/faq/FAQ_68_8653.shtm
http://svn.apache.org/viewvc?view=rev&revision=426144
http://www-1.ibm.com/support/docview.wss?uid=swg27007951
http://www.apache.org/dist/httpd/Announcement2.0.html
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117
https://issues.rpath.com/browse/RPL-538

CPE    26
cpe:/a:apache:http_server:2.0.56
cpe:/a:apache:http_server:2.0.58
cpe:/a:apache:http_server:1.3.29
cpe:/a:apache:http_server:1.3.28
...
CWE    1
CWE-189

© 2013 SecPod Technologies