CVE-2006-3747 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2006-3747
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-3747

Description: Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/28063 UBUNTU http://www.ubuntu.com/usn/usn-328-1 TRUSTIX http://lwn.net/Alerts/194228/ SUSE http://www.novell.com/linux/security/advisories/2006_43_apache.html SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-102663-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102662-1 ST 1016601 SREASON http://securityreason.com/securityalert/1312 SAID Secunia Advisory: SA21346 Secunia Advisory: SA23260 Secunia Advisory: SA23028 Secunia Advisory: SA22523 Secunia Advisory: SA22388 Secunia Advisory: SA22368 Secunia Advisory: SA22262 Secunia Advisory: SA21509 Secunia Advisory: SA21478 Secunia Advisory: SA21247 Secunia Advisory: SA21315 Secunia Advisory: SA21307 Secunia Advisory: SA21313 Secunia Advisory: SA21284 Secunia Advisory: SA21273 Secunia Advisory: SA21241 Secunia Advisory: SA21245 Secunia Advisory: SA21266 Secunia Advisory: SA21197 Secunia Advisory: SA26329 Secunia Advisory: SA29420 Secunia Advisory: SA29849 Secunia Advisory: SA30430 OSVDB 27588 OPENPKG http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.015-apache.html MISC http://svn.apache.org/viewvc?view=rev&revision=426144 http://kbase.redhat.com/faq/FAQ_68_8653.shtm MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2006:133 HP http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01428449 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771 http://www.securityfocus.com/archive/1/archive/1/450321/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/445206/100/0/threaded GENTOO http://security.gentoo.org/glsa/glsa-200608-01.xml FULLDISC http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048271.html http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048267.html DEBIAN http://www.debian.org/security/2006/dsa-1132 http://www.debian.org/security/2006/dsa-1131 CONFIRM http://www.apache.org/dist/httpd/Announcement2.0.html http://docs.info.apple.com/article.html?artnum=307562 http://www-1.ibm.com/support/docview.wss?uid=swg27007951 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117 CERT-VN 395412 CERT http://www.us-cert.gov/cas/techalerts/TA08-150A.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/443870/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/441526/100/200/threaded http://www.securityfocus.com/archive/1/archive/1/441485/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/441487/100/0/threaded BID 19204 APPLE http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html AIXAPAR http://www-1.ibm.com/support/docview.wss?uid=swg1PK29156 http://www-1.ibm.com/support/docview.wss?uid=swg24013080 http://www-1.ibm.com/support/docview.wss?uid=swg1PK29154

Return to the previous page.