FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2011-3607

This CVE name corresponds to:

Entered Topic
2012-01-31 apache -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2011-3607 at cve.mitre.org

Details

Type Candidate
Name CVE-2011-3607
Phase Assigned(20110921)

Description

Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.

References

Source Reference
FULLDISC 20111102 Integer Overflow in Apache ap_pregsub via mod-setenvif
MISC http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/
MISC http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/DemoExploit.html
CONFIRM https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/811422
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=750935
CONFIRM http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
CONFIRM http://support.apple.com/kb/HT5501
CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
APPLE APPLE-SA-2012-09-19-2
HP HPSBMU02786
HP SSRT100877
HP HPSBOV02822
HP SSRT100966
MANDRIVA MDVSA-2012:003
MANDRIVA MDVSA-2013:150
REDHAT RHSA-2012:0128
BID 50494
OSVDB 76744
SECTRACK 1026267
SECUNIA 45793
SECUNIA 48551
XF apache-http-appregsub-bo(71093)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.