CVE Vulnerabilities

CVE-2006-3747

Published: Jul 28, 2006 | Modified: Nov 21, 2024
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.6 HIGH
AV:N/AC:H/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu
UNTRIAGED

Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.

Affected Software

Name Vendor Start Version End Version
Http_server Apache 1.3.28 (including) 1.3.37 (excluding)
Http_server Apache 2.0.46 (including) 2.0.59 (excluding)
Http_server Apache 2.2.0 (including) 2.2.3 (excluding)
Apache Ubuntu dapper *
Apache Ubuntu edgy *
Apache Ubuntu feisty *
Apache2 Ubuntu dapper *
Apache2 Ubuntu devel *
Apache2 Ubuntu edgy *
Apache2 Ubuntu feisty *

References