CVE-2006-3747

Severity

76%

Complexity

49%

Confidentiality

165%

Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.

Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.

CVSS 2.0 Base Score 7.6. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C).

Overview

Type

Apache Software Foundation Apache HTTP Server

First reported 18 years ago

2006-07-28 18:02:00

Last updated 6 years ago

2018-10-17 21:29:00

Affected Software

Apache Software Foundation Apache HTTP Server 1.3.3

1.3.3

Apache Software Foundation Apache HTTP Server 1.3.4

1.3.4

Apache Software Foundation Apache HTTP Server 1.3.5

1.3.5

Apache Software Foundation Apache HTTP Server 1.3.6

1.3.6

Apache Software Foundation Apache HTTP Server 1.3.7

1.3.7

Apache Software Foundation Apache HTTP Server 1.3.8

1.3.8

Apache Software Foundation Apache HTTP Server 1.3.9

1.3.9

Apache Software Foundation Apache HTTP Server 1.3.28

1.3.28

Apache Software Foundation Apache HTTP Server 1.3.29

1.3.29

Apache Software Foundation Apache HTTP Server 1.3.30

1.3.30

Apache Software Foundation Apache HTTP Server 1.3.31

1.3.31

Apache Software Foundation Apache HTTP Server 1.3.32

1.3.32

Apache Software Foundation Apache HTTP Server 1.3.33

1.3.33

Apache Software Foundation Apache HTTP Server 2.0.46

2.0.46

Apache Software Foundation Apache HTTP Server 2.0.47

2.0.47

Apache Software Foundation Apache HTTP Server 2.0.48

2.0.48

Apache Software Foundation Apache HTTP Server 2.0.49

2.0.49

Apache Software Foundation Apache HTTP Server 2.0.50

2.0.50

Apache Software Foundation Apache HTTP Server 2.0.51

2.0.51

Apache Software Foundation Apache HTTP Server 2.0.52

2.0.52

Apache Software Foundation Apache HTTP Server 2.0.53

2.0.53

Apache Software Foundation Apache HTTP Server 2.0.54

2.0.54

Apache Software Foundation Apache HTTP Server 2.0.55

2.0.55

Apache Software Foundation Apache HTTP Server 2.0.56

2.0.56

Apache Software Foundation Apache HTTP Server 2.0.57

2.0.57

Apache Software Foundation Apache HTTP Server 2.0.58

2.0.58

References

http://docs.info.apple.com/article.html?artnum=307562

HPSBMA02250

SSRT071293

http://kbase.redhat.com/faq/FAQ_68_8653.shtm

APPLE-SA-2008-05-28

APPLE-SA-2008-03-18

20060728 Apache 1.3.29/2.X mod_rewrite Buffer Overflow Vulnerability CVE-2006-3747

20060728 [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released

2006-0044

SSRT090208

21197

Vendor Advisory

21241

Vendor Advisory

21245

Vendor Advisory

21247

Vendor Advisory

21266

Vendor Advisory

21273

Vendor Advisory

21284

Vendor Advisory

21307

Vendor Advisory

21313

Vendor Advisory

21315

Vendor Advisory

21346

Vendor Advisory

21478

Vendor Advisory

21509

Vendor Advisory

22262

Vendor Advisory

22368

Vendor Advisory

22388

Vendor Advisory

22523

Vendor Advisory

23028

Vendor Advisory

23260

Vendor Advisory

26329

29420

29849

30430

GLSA-200608-01

1312

1016601

102662

102663

http://svn.apache.org/viewvc?view=rev&revision=426144

http://www.apache.org/dist/httpd/Announcement2.0.html

Patch, Vendor Advisory

DSA-1131

Patch

DSA-1132

Patch

VU#395412

US Government Resource

MDKSA-2006:133

SUSE-SA:2006:043

OpenPKG-SA-2006.015

27588

20060728 [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released

20060728 Apache mod_rewrite Buffer Overflow Vulnerability

20060728 rPSA-2006-0139-1 httpd mod_ssl

20060820 POC & exploit for Apache mod_rewrite off-by-one

HPSBUX02145

SSRT061265

19204

USN-328-1

TA08-150A

US Government Resource

ADV-2006-3017

ADV-2006-3264

ADV-2006-3282

ADV-2006-3884

ADV-2006-3995

ADV-2006-4015

ADV-2006-4207

ADV-2006-4300

ADV-2006-4868

ADV-2007-2783

ADV-2008-0924

ADV-2008-1246

ADV-2008-1697

PK29154

PK29156

PK27875

http://www-1.ibm.com/support/docview.wss?uid=swg27007951

http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117

apache-modrewrite-offbyone-bo(28063)

https://issues.rpath.com/browse/RPL-538

[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.