Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2011-3607 — Integer Overflow or Wraparound in Apache Http Server
Severity
4.4MEDIUMNVD
EPSS
0.2%
top 52.49%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedNov 8
Latest updateMay 13
Description
Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
CVSS vector
AV:L/AC:M/C:P/I:P/A:PExploitability: 3.4 | Impact: 6.4
Affected Packages1 packages
🔴Vulnerability Details
3💥Exploits & PoCs
1📋Vendor Advisories
4Debianâ–¶
CVE-2011-3607: apache2 - Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP ...↗2011
💬Community
3Bugzillaâ–¶
CVE-2011-3368 CVE-2012-0053 CVE-2012-0031 CVE-2012-0021 CVE-2011-3607 httpd: multiple vulnerabilities [fedora-all]↗2012-01-27
Bugzilla
â–¶