CVE-2006-4154Use of Externally-Controlled Format String in Apache Http Server

3 documents3 sources
Severity
6.8MEDIUMNVD
EPSS
32.8%
top 3.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Http Server
Timeline
PublishedOct 16
Latest updateMay 1

Description

Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDapache/http_server40 versions+39

Patches

Patch: labs.idefense.comPatch: labs.idefense.com

🔴Vulnerability Details

2
GHSA
GHSA-49w2-rrxr-3cwq: Format string vulnerability in the mod_tcl module 12022-05-01
CVEList
CVE-2006-4154: Format string vulnerability in the mod_tcl module 12006-10-16
CVE-2006-4154 — Apache Http Server vulnerability | cvebase