CVE Vulnerabilities

CVE-2006-4154

Published: Oct 16, 2006 | Modified: Jul 20, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.

Affected Software

Name Vendor Start Version End Version
Http_server Apache 2.0.42 2.0.42
Http_server Apache 2.2 2.2
Http_server Apache 2.0.58 2.0.58
Http_server Apache 2.0.58 2.0.58
Http_server Apache 2.0.47 2.0.47
Http_server Apache 2.1 2.1
Http_server Apache 2.0.28 2.0.28
Http_server Apache 2.0.56 2.0.56
Http_server Apache 2.0.50 2.0.50
Http_server Apache 2.1.3 2.1.3
Http_server Apache 2.0.35 2.0.35
Http_server Apache 2.0.37 2.0.37
Http_server Apache 2.0.55 2.0.55
Http_server Apache 2.1.2 2.1.2
Http_server Apache 2.2.2 2.2.2
Http_server Apache 2.1.1 2.1.1
Http_server Apache 2.0.32 2.0.32
Http_server Apache 2.0.44 2.0.44
Http_server Apache 2.0.34 2.0.34
Http_server Apache 2.0.39 2.0.39
Http_server Apache 2.0.52 2.0.52
Http_server Apache 2.0.53 2.0.53
Http_server Apache 2.0.57 2.0.57
Http_server Apache 2.0.51 2.0.51
Http_server Apache 2.0.28 2.0.28
Http_server Apache 2.0.41 2.0.41
Http_server Apache 2.0.49 2.0.49
Http_server Apache 2.1.6 2.1.6
Http_server Apache 2.0.9 2.0.9
Http_server Apache 2.0.32 2.0.32
Http_server Apache 2.0.38 2.0.38
Http_server Apache 2.1.4 2.1.4
Http_server Apache 2.0.48 2.0.48
Http_server Apache 2.0.45 2.0.45
Http_server Apache 2.0.40 2.0.40
Http_server Apache 2.1.5 2.1.5
Http_server Apache 2.0.36 2.0.36
Http_server Apache 2.0.46 2.0.46
Http_server Apache 2.0.54 2.0.54
Http_server Apache 2.0.43 2.0.43
Http_server Apache 2.2.3 2.2.3
Http_server Apache 2.0.28 2.0.28
Http_server Apache 2.0 2.0
Http_server Apache 2.2.1 2.2.1

References