Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-3747Sensitive Information Exposure in Apache Http Server

CWE-189CWE-200Sensitive Information ExposureCWE-22Path Traversal17 documents11 sources
Severity
7.6HIGHNVD
GHSA5.0
EPSS
92.6%
top 0.26%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Apache Http ServerCanonical Ubuntu LinuxDebian Linux
Timeline
PublishedJul 28
Latest updateMay 1

Description

Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages1 packages

NVDapache/http_server1.3.281.3.37+2

Also affects: Debian Linux 3.1, Ubuntu Linux 5.04, 5.10, 6.06

Patches

Patch: www.apache.orgPatch: www.debian.orgPatch: www.debian.org

🔴Vulnerability Details

5
GHSA
GHSA-47q7-qpgp-938j: Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 12022-05-01
GHSA
Mortbay Jetty Discloses JSP Source Code2022-05-01
GHSA
Jetty Directory Traversal Vulnerability2022-05-01
CVEList
CVE-2006-3747: Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 12006-07-28
OSV
CVE-2006-3747: Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 12006-07-28

💥Exploits & PoCs

4
Exploit-DB
Apache mod_rewrite - LDAP protocol Buffer Overflow (Metasploit)2010-02-15
Exploit-DB
Apache 2.0.58 mod_rewrite (Windows 2003) - Remote Overflow2007-05-26
Exploit-DB
Apache mod_rewrite (Windows x86) - Off-by-One Remote Overflow2007-04-07
Exploit-DB
Apache < 1.3.37/2.0.59/2.2.3 mod_rewrite - Remote Overflow2006-08-21

📋Vendor Advisories

5
Ubuntu
Apache vulnerability2006-07-28
Debian
CVE-2006-3747: apache2 - Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite)...2006
Red Hat
jetty: Jetty URL encoded format directory traversal2005-11-18
Red Hat
CVE-2006-3747: Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1
Apache
Apache httpd: CVE-2006-3747

💬Community

2
Bugzilla
CVE-2006-3747 needs fixing in httpd for FC62006-08-15
Bugzilla
CVE-2006-3747 mod_rewrite off-by-one2006-07-26
CVE-2006-3747 — Sensitive Information Exposure | cvebase