CVE-2006-3747

Опубликовано: 28 июл. 2006

Источник: nvd

CVSS2: 7.6

EPSS Критический

Описание

Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.

Ссылки

http://docs.info.apple.com/article.html?artnum=307562
Third Party Advisory
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771
Third Party Advisory
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771
Third Party Advisory
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01428449
Third Party Advisory
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01428449
Third Party Advisory
http://kbase.redhat.com/faq/FAQ_68_8653.shtm
Third Party Advisory
http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
Mailing List
Third Party Advisory
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
Mailing List
Third Party Advisory
http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048267.html
Third Party Advisory
http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048271.html
Mailing List
Third Party Advisory
http://lwn.net/Alerts/194228/
Mailing List
Third Party Advisory
http://marc.info/?l=bugtraq&m=130497311408250&w=2
Mailing List
Third Party Advisory
http://marc.info/?l=bugtraq&m=130497311408250&w=2
Mailing List
Third Party Advisory
http://secunia.com/advisories/21197
Broken Link
http://secunia.com/advisories/21241
Broken Link
http://secunia.com/advisories/21245
Broken Link
http://secunia.com/advisories/21247
Broken Link
http://secunia.com/advisories/21266
Broken Link
http://secunia.com/advisories/21273
Broken Link
http://secunia.com/advisories/21284
Broken Link

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*

Версия от 1.3.28 (включая) до 1.3.37 (исключая)

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*

Версия от 2.0.46 (включая) до 2.0.59 (исключая)

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*

Версия от 2.2.0 (включая) до 2.2.3 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*

EPSS

Процентиль: 100%

0.92418

Критический

7.6 High

CVSS2

Дефекты

CWE-189

Связанные уязвимости

CVE-2006-3747

ubuntu

около 19 лет назад

CVE-2006-3747

debian

около 19 лет назад

Off-by-one error in the ldap scheme handling in the Rewrite module (mo ...

GHSA-47q7-qpgp-938j

github

больше 3 лет назад

BDU:2015-03047

fstec

больше 10 лет назад

Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

BDU:2015-03046

fstec

около 19 лет назад

EPSS

Процентиль: 100%

0.92418

Критический

7.6 High

CVSS2

Дефекты

CWE-189