FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2006-3747

This CVE name corresponds to:

Entered Topic
2006-07-28 apache -- mod_rewrite buffer overflow vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2006-3747 at cve.mitre.org

Details

Type Candidate
Name CVE-2006-3747
Phase Assigned(20060720)

Description

Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.

References

Source Reference
BUGTRAQ 20060728 Apache mod_rewrite Buffer Overflow Vulnerability
BUGTRAQ 20060728 [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released
BUGTRAQ 20060728 rPSA-2006-0139-1 httpd mod_ssl
BUGTRAQ 20060820 POC & exploit for Apache mod_rewrite off-by-one
FULLDISC 20060728 Apache 1.3.29/2.X mod_rewrite Buffer Overflow Vulnerability CVE-2006-3747
FULLDISC 20060728 [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released
MISC http://kbase.redhat.com/faq/FAQ_68_8653.shtm
MISC http://svn.apache.org/viewvc?view=rev&revision=426144
CONFIRM http://www.apache.org/dist/httpd/Announcement2.0.html
CONFIRM https://issues.rpath.com/browse/RPL-538
CONFIRM http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117
CONFIRM http://www-1.ibm.com/support/docview.wss?uid=swg27007951
CONFIRM http://docs.info.apple.com/article.html?artnum=307562
APPLE APPLE-SA-2008-03-18
APPLE APPLE-SA-2008-05-28
HP HPSBMA02250
HP SSRT061275
HP HPSBMA02328
HP SSRT071293
HP HPSBOV02683
HP SSRT090208
CERT TA08-150A
CERT-VN VU#395412
AIXAPAR PK27875
AIXAPAR PK29154
AIXAPAR PK29156
DEBIAN DSA-1131
DEBIAN DSA-1132
GENTOO GLSA-200608-01
HP HPSBUX02145
HP SSRT061202
HP HPSBUX02164
HP SSRT061265
MANDRIVA MDKSA-2006:133
OPENPKG OpenPKG-SA-2006.015
SUNALERT 102662
SUNALERT 102663
SUSE SUSE-SA:2006:043
TRUSTIX 2006-0044
UBUNTU USN-328-1
BID 19204
VUPEN ADV-2006-3017
VUPEN ADV-2006-3264
VUPEN ADV-2006-3282
VUPEN ADV-2006-3884
VUPEN ADV-2006-3995
VUPEN ADV-2006-4015
VUPEN ADV-2006-4207
VUPEN ADV-2006-4300
VUPEN ADV-2006-4868
VUPEN ADV-2007-2783
VUPEN ADV-2008-0924
VUPEN ADV-2008-1246
VUPEN ADV-2008-1697
OSVDB 27588
SECTRACK 1016601
SECUNIA 21197
SECUNIA 21241
SECUNIA 21245
SECUNIA 21266
SECUNIA 21273
SECUNIA 21284
SECUNIA 21313
SECUNIA 21307
SECUNIA 21315
SECUNIA 21247
SECUNIA 21478
SECUNIA 21509
SECUNIA 22262
SECUNIA 22368
SECUNIA 22388
SECUNIA 22523
SECUNIA 23028
SECUNIA 23260
SECUNIA 21346
SECUNIA 26329
SECUNIA 29420
SECUNIA 29849
SECUNIA 30430
SREASON 1312
XF apache-modrewrite-offbyone-bo(28063)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.