CVE Vulnerabilities

CVE-2006-3747

Published: Jul 28, 2006 | Modified: Feb 13, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.6 HIGH
AV:N/AC:H/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.

Affected Software

Name Vendor Start Version End Version
Http_server Apache 2.2.0 *
Http_server Apache 1.3.28 *
Http_server Apache 2.0.46 *

References