CVE-2006-3747
published 2006-07-28CVE-2006-3747: Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2…
high7.6CVSS 3.1
AVNACHAuNCCICAC
EXPLOIT
Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | http_server | >= 1.3.28 < 1.3.37 | 1.3.37 |
| apache | http_server | >= 2.0.46 < 2.0.59 | 2.0.59 |
| apache | http_server | >= 2.2.0 < 2.2.3 | 2.2.3 |
| apache | httpd | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | apache2 | < apache2 2.0.55-4.1 (bookworm) | apache2 2.0.55-4.1 (bookworm) |
| debian | debian_linux | — | — |
CVSS provenance
nvd7.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
ghsa5.0MEDIUM
osv7.6HIGH