CVE-2011-3607

Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.

Affected Software

Name	Vendor	Start Version	End Version
Http_server	Apache	2.0.42	2.0.42
Http_server	Apache	2.0.64	2.0.64
Http_server	Apache	2.0.58	2.0.58
Http_server	Apache	2.0.47	2.0.47
Http_server	Apache	2.0.56	2.0.56
Http_server	Apache	2.0.50	2.0.50
Http_server	Apache	2.0.35	2.0.35
Http_server	Apache	2.0.37	2.0.37
Http_server	Apache	2.0.55	2.0.55
Http_server	Apache	2.0.44	2.0.44
Http_server	Apache	2.0.39	2.0.39
Http_server	Apache	2.0.52	2.0.52
Http_server	Apache	2.0.53	2.0.53
Http_server	Apache	2.0.57	2.0.57
Http_server	Apache	2.0.51	2.0.51
Http_server	Apache	2.0.28	2.0.28
Http_server	Apache	2.0.63	2.0.63
Http_server	Apache	2.0.41	2.0.41
Http_server	Apache	2.0.49	2.0.49
Http_server	Apache	2.0.9	2.0.9
Http_server	Apache	2.0.34	2.0.34
Http_server	Apache	2.0.61	2.0.61
Http_server	Apache	2.0.32	2.0.32
Http_server	Apache	2.0.38	2.0.38
Http_server	Apache	2.0.48	2.0.48
Http_server	Apache	2.0.45	2.0.45
Http_server	Apache	2.0.40	2.0.40
Http_server	Apache	2.0.36	2.0.36
Http_server	Apache	2.0.46	2.0.46
Http_server	Apache	2.0.54	2.0.54
Http_server	Apache	2.0.43	2.0.43
Http_server	Apache	2.0.59	2.0.59
Http_server	Apache	2.0.28	2.0.28
Http_server	Apache	2.0	2.0
Http_server	Apache	2.0.32	2.0.32
Http_server	Apache	2.0.60	2.0.60

NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-3607
CWE	https://cwe.mitre.org/data/definitions/189.html

Affected Software

References