CVE-2006-4154

Severity

68%

Complexity

86%

Confidentiality

106%

This vulnerability is addressed in the following Apache module update: mod_tcl 1.0.1

Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.

This vulnerability is addressed in the following Apache module update: mod_tcl 1.0.1

CVSS 2.0 Base Score 6.8. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P).

Overview

Type

Apache Software Foundation Apache HTTP Server

First reported 18 years ago

2006-10-16 19:07:00

Last updated 7 years ago

2017-07-20 01:32:00

Affected Software

Apache Software Foundation Apache HTTP Server 2.0

2.0

Apache Software Foundation Apache HTTP Server 2.0.9a

2.0.9

Apache Software Foundation Apache HTTP Server 2.0.28

2.0.28

Apache Software Foundation Apache HTTP Server 2.0.28 Beta

2.0.28

Apache Software Foundation Apache HTTP Server 2.0.32

2.0.32

Apache Software Foundation Apache HTTP Server 2.0.35

2.0.35

Apache Software Foundation Apache HTTP Server 2.0.36

2.0.36

Apache Software Foundation Apache HTTP Server 2.0.37

2.0.37

Apache Software Foundation Apache HTTP Server 2.0.38

2.0.38

Apache Software Foundation Apache HTTP Server 2.0.39

2.0.39

Apache Software Foundation Apache HTTP Server 2.0.40

2.0.40

Apache Software Foundation Apache HTTP Server 2.0.41

2.0.41

Apache Software Foundation Apache HTTP Server 2.0.42

2.0.42

Apache Software Foundation Apache HTTP Server 2.0.43

2.0.43

Apache Software Foundation Apache HTTP Server 2.0.44

2.0.44

Apache Software Foundation Apache HTTP Server 2.0.45

2.0.45

Apache Software Foundation Apache HTTP Server 2.0.46

2.0.46

Apache Software Foundation Apache HTTP Server 2.0.47

2.0.47

Apache Software Foundation Apache HTTP Server 2.0.48

2.0.48

Apache Software Foundation Apache HTTP Server 2.0.49

2.0.49

Apache Software Foundation Apache HTTP Server 2.0.50

2.0.50

Apache Software Foundation Apache HTTP Server 2.0.51

2.0.51

Apache Software Foundation Apache HTTP Server 2.0.52

2.0.52

Apache Software Foundation Apache HTTP Server 2.0.53

2.0.53

Apache Software Foundation Apache HTTP Server 2.0.54

2.0.54

Apache Software Foundation Apache HTTP Server 2.0.55

2.0.55

Apache Software Foundation Apache HTTP Server 2.0.56

2.0.56

Apache Software Foundation Apache HTTP Server 2.0.57

2.0.57

Apache Software Foundation Apache HTTP Server 2.0.58

2.0.58

Apache Software Foundation Apache HTTP Server 2.1

2.1

Apache Software Foundation Apache HTTP Server 2.1.1

2.1.1

Apache Software Foundation Apache HTTP Server 2.1.2

2.1.2

Apache Software Foundation Apache HTTP Server 2.1.3

2.1.3

Apache Software Foundation Apache HTTP Server 2.1.4

2.1.4

Apache Software Foundation Apache HTTP Server 2.1.5

2.1.5

Apache Software Foundation Apache HTTP Server 2.1.6

2.1.6

Apache Software Foundation Apache HTTP Server 2.2

2.2

Apache Software Foundation Apache HTTP Server 2.2.1

2.2.1

References

20061013 Apache HTTP Server mod_tcl set_var Format String Vulnerability

Patch, Vendor Advisory

22458

22549

GLSA-200610-12

1017062

VU#366020

US Government Resource

29536

20527

ADV-2006-4033

modtcl-setvar-format-string(29550)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.