CVE-2006-3747 - CVE Reference - Advisories

Software Inspectors

	Scan Online

	Personal (PSI)

	Network (NSI 2.0) - NEW -

Solutions For

	Security Professionals

	Security Vendors

Free Solutions For

	Open Communities

	Journalists & Media

Secunia Advisories

	Search

	Historic Advisories

	Listed By Product

	Listed By Vendor

	Statistics / Graphs

	Secunia Research

	Report Vulnerability

	About Advisories

Virus Information

	Chronological List

	Last 10 Virus Alerts

	About Virus Information

Secunia Customers

	Customer Area

CVE Reference: CVE-2006-3747

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-3747

Description: Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/28063 UBUNTU http://www.ubuntu.com/usn/usn-328-1 TRUSTIX http://lwn.net/Alerts/194228/ SUSE http://www.novell.com/linux/security/advisories/2006_43_apache.html SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-102663-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102662-1 ST 1016601 SREASON http://securityreason.com/securityalert/1312 SAID Secunia Advisory: SA22262 Secunia Advisory: SA21509 Secunia Advisory: SA21478 Secunia Advisory: SA21247 Secunia Advisory: SA21315 Secunia Advisory: SA21307 Secunia Advisory: SA21313 Secunia Advisory: SA21284 Secunia Advisory: SA21273 Secunia Advisory: SA21266 Secunia Advisory: SA21245 Secunia Advisory: SA21241 Secunia Advisory: SA21197 Secunia Advisory: SA22368 Secunia Advisory: SA22388 Secunia Advisory: SA22523 Secunia Advisory: SA23028 Secunia Advisory: SA23260 Secunia Advisory: SA21346 Secunia Advisory: SA26329 Secunia Advisory: SA29420 Secunia Advisory: SA29849 OSVDB 27588 OPENPKG http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.015-apache.html MISC http://svn.apache.org/viewvc?view=rev&revision=426144 http://kbase.redhat.com/faq/FAQ_68_8653.shtm MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2006:133 HP http://www.securityfocus.com/archive/1/archive/1/450321/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/445206/100/0/threaded http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01428449 GENTOO http://security.gentoo.org/glsa/glsa-200608-01.xml FULLDISC http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048271.html http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048267.html DEBIAN http://www.debian.org/security/2006/dsa-1132 http://www.debian.org/security/2006/dsa-1131 CONFIRM http://www.apache.org/dist/httpd/Announcement2.0.html http://www-1.ibm.com/support/docview.wss?uid=swg27007951 http://docs.info.apple.com/article.html?artnum=307562 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117 CERT-VN 395412 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/441526/100/200/threaded http://www.securityfocus.com/archive/1/archive/1/443870/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/441485/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/441487/100/0/threaded BID 19204 APPLE http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html AIXAPAR http://www-1.ibm.com/support/docview.wss?uid=swg1PK29156 http://www-1.ibm.com/support/docview.wss?uid=swg1PK29154 http://www-1.ibm.com/support/docview.wss?uid=swg24013080

Return to the previous page.

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	Yahoo! Assistant yNotifier.dll ActiveX Control Code Execution

2.	Cyberfolio "rep" File Inclusion Vulnerability

3.	OpenKM Document Export Security Issue

4.	Zarafa Script Insertion Vulnerabilities

5.	Slackware update for thunderbird

6.	TFTP Server SP Long Error Message Buffer Overflow

7.	Maian Search Cross-Site Scripting and SQL Injection Vulnerabilities

8.	SazCart Multiple File Inclusion Vulnerabilities

9.	Slackware update for php

10.	InfoBiz Server "keywords" Cross-Site Scripting Vulnerability