ID CVE-2006-3747
Summary Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
References
Vulnerable Configurations
  • Apache Software Foundation Apache HTTP Server 1.3.3
    cpe:2.3:a:apache:http_server:1.3.3
  • Apache Software Foundation Apache HTTP Server 1.3.4
    cpe:2.3:a:apache:http_server:1.3.4
  • Apache Software Foundation Apache HTTP Server 1.3.5
    cpe:2.3:a:apache:http_server:1.3.5
  • Apache Software Foundation Apache HTTP Server 1.3.6
    cpe:2.3:a:apache:http_server:1.3.6
  • Apache Software Foundation Apache HTTP Server 1.3.7
    cpe:2.3:a:apache:http_server:1.3.7
  • cpe:2.3:a:apache:http_server:1.3.7:-:dev
    cpe:2.3:a:apache:http_server:1.3.7:-:dev
  • Apache Software Foundation Apache HTTP Server 1.3.8
    cpe:2.3:a:apache:http_server:1.3.8
  • Apache Software Foundation Apache HTTP Server 1.3.9
    cpe:2.3:a:apache:http_server:1.3.9
  • Apache Software Foundation Apache HTTP Server 1.3.28
    cpe:2.3:a:apache:http_server:1.3.28
  • Apache Software Foundation Apache HTTP Server 1.3.29
    cpe:2.3:a:apache:http_server:1.3.29
  • Apache Software Foundation Apache HTTP Server 1.3.30
    cpe:2.3:a:apache:http_server:1.3.30
  • Apache Software Foundation Apache HTTP Server 1.3.31
    cpe:2.3:a:apache:http_server:1.3.31
  • Apache Software Foundation Apache HTTP Server 1.3.32
    cpe:2.3:a:apache:http_server:1.3.32
  • Apache Software Foundation Apache HTTP Server 1.3.33
    cpe:2.3:a:apache:http_server:1.3.33
  • Apache Software Foundation Apache HTTP Server 2.0.46
    cpe:2.3:a:apache:http_server:2.0.46
  • Apache Software Foundation Apache HTTP Server 2.0.47
    cpe:2.3:a:apache:http_server:2.0.47
  • Apache Software Foundation Apache HTTP Server 2.0.48
    cpe:2.3:a:apache:http_server:2.0.48
  • Apache Software Foundation Apache HTTP Server 2.0.49
    cpe:2.3:a:apache:http_server:2.0.49
  • Apache Software Foundation Apache HTTP Server 2.0.50
    cpe:2.3:a:apache:http_server:2.0.50
  • Apache Software Foundation Apache HTTP Server 2.0.51
    cpe:2.3:a:apache:http_server:2.0.51
  • Apache Software Foundation Apache HTTP Server 2.0.52
    cpe:2.3:a:apache:http_server:2.0.52
  • Apache Software Foundation Apache HTTP Server 2.0.53
    cpe:2.3:a:apache:http_server:2.0.53
  • Apache Software Foundation Apache HTTP Server 2.0.54
    cpe:2.3:a:apache:http_server:2.0.54
  • Apache Software Foundation Apache HTTP Server 2.0.55
    cpe:2.3:a:apache:http_server:2.0.55
  • Apache Software Foundation Apache HTTP Server 2.0.56
    cpe:2.3:a:apache:http_server:2.0.56
  • Apache Software Foundation Apache HTTP Server 2.0.57
    cpe:2.3:a:apache:http_server:2.0.57
  • Apache Software Foundation Apache HTTP Server 2.0.58
    cpe:2.3:a:apache:http_server:2.0.58
  • cpe:2.3:o:ubuntu:ubuntu_linux:5.04
    cpe:2.3:o:ubuntu:ubuntu_linux:5.04
  • cpe:2.3:o:ubuntu:ubuntu_linux:5.10
    cpe:2.3:o:ubuntu:ubuntu_linux:5.10
  • cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts
    cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts
CVSS
Base: 7.6 (as of 31-07-2006 - 16:54)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
  • description Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC. CVE-2006-3747. Dos exploits for multiple platform
    id EDB-ID:2237
    last seen 2016-01-31
    modified 2006-08-21
    published 2006-08-21
    reporter Jacobo Avariento
    source https://www.exploit-db.com/download/2237/
    title Apache < 1.3.37 / 2.0.59 / 2.2.3 - mod_rewrite Remote Overflow PoC
  • description Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32). CVE-2006-3747. Remote exploit for windows platform
    id EDB-ID:3680
    last seen 2016-01-31
    modified 2007-04-07
    published 2007-04-07
    reporter axis
    source https://www.exploit-db.com/download/3680/
    title Apache Mod_Rewrite Off-by-one Remote Overflow Exploit Win32
  • description Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3). CVE-2006-3747. Remote exploit for windows platform
    id EDB-ID:3996
    last seen 2016-01-31
    modified 2007-05-26
    published 2007-05-26
    reporter fabio/b0x
    source https://www.exploit-db.com/download/3996/
    title Apache 2.0.58 mod_rewrite Remote Overflow Exploit win2k3
  • description Apache module mod_rewrite LDAP protocol Buffer Overflow. CVE-2006-3747. Remote exploit for windows platform
    id EDB-ID:16752
    last seen 2016-02-02
    modified 2010-02-15
    published 2010-02-15
    reporter metasploit
    source https://www.exploit-db.com/download/16752/
    title Apache module mod_rewrite LDAP protocol Buffer Overflow
metasploit via4
description This module exploits the mod_rewrite LDAP protocol scheme handling flaw discovered by Mark Dowd, which produces an off-by-one overflow. Apache versions 1.3.29-36, 2.0.47-58, and 2.2.1-2 are vulnerable. This module requires REWRITEPATH to be set accurately. In addition, the target must have 'RewriteEngine on' configured, with a specific 'RewriteRule' condition enabled to allow for exploitation. The flaw affects multiple platforms, however this module currently only supports Windows based installations.
id MSF:EXPLOIT/WINDOWS/HTTP/APACHE_MOD_REWRITE_LDAP
last seen 2019-03-24
modified 2017-11-08
published 2009-03-10
reliability Great
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/apache_mod_rewrite_ldap.rb
title Apache Module mod_rewrite LDAP Protocol Buffer Overflow
nessus via4
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-328-1.NASL
    description Mark Dowd discovered an off-by-one buffer overflow in the mod_rewrite module's ldap scheme handling. On systems which activate 'RewriteEngine on', a remote attacker could exploit certain rewrite rules to crash Apache, or potentially even execute arbitrary code (this has not been verified). 'RewriteEngine on' is disabled by default. Systems which have this directive disabled are not affected at all. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 27907
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27907
    title Ubuntu 5.04 / 5.10 / 6.06 LTS : apache2 vulnerability (USN-328-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-133.NASL
    description Mark Dowd, of McAffee Avert Labs, discovered a potential remotely exploitable off-by-one flaw in Apache's mod_rewrite ldap scheme handling. In order for this to be exploitable, a number of conditions need to be met including a) running a vulnerable version of Apache (1.3.28+, 2.0.46+, or 2.2.0+), b) enabling mod_rewrite, c) having a rewrite rule that the remote user can influence the beginning of, and d) a particular stack frame layout. By default, RewriteEngine is not enabled in Mandriva Linux Apache packages, and no RewriteRules are defined. Updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 23883
    published 2006-12-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23883
    title Mandrake Linux Security Advisory : apache (MDKSA-2006:133)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2006-209-01.NASL
    description New Apache packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix a security issue with mod_rewrite.
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 22152
    published 2006-08-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22152
    title Slackware 10.0 / 10.1 / 10.2 / 8.1 / 9.0 / 9.1 / current : Apache httpd (SSA:2006-209-01)
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHSS_36773.NASL
    description s700_800 11.X OV NNM7.01 Intermediate Patch 11 : The remote HP-UX host is affected by multiple vulnerabilities : - A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). This vulnerability could by exploited remotely to allow cross site scripting (XSS). (HPSBMA02283 SSRT071319) - A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). This vulnerability could be exploited remotely by an unauthorized user to execute arbitrary code with the permissions of the NNM server. (HPSBMA02281 SSRT061261) - Potential vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). The vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to execute arbitrary code. References: CVE-2008-3536, CVE-2008-3537, CVE-2008-3544 (Bugtraq ID 28668). (HPSBMA02362 SSRT080044, SSRT080045, SSRT080042) - Potential vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM) running Apache. These vulnerabilities could be exploited remotely resulting in cross site scripting (XSS), Denial of Service (DoS), or execution of arbitrary code. (HPSBMA02328 SSRT071293) - A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM) running Shared Trace Service. The vulnerability could be remotely exploited to execute arbitrary code. (HPSBMA02242 SSRT061260) - A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). The vulnerability could be exploited remotely to execute arbitrary code or to create a Denial of Service (DoS). (HPSBMA02348 SSRT080033)
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 26896
    published 2007-10-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26896
    title HP-UX PHSS_36773 : s700_800 11.X OV NNM7.01 Intermediate Patch 11
  • NASL family SuSE Local Security Checks
    NASL id SUSE_APACHE2-1905.NASL
    description This update fixes the following security problem in the Apache webserver : mod_rewrite: Fix an off-by-one security problem in the ldap scheme handling. For some RewriteRules this could lead to a pointer being written out of bounds. (CVE-2006-3747)
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27145
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27145
    title openSUSE 10 Security Update : apache2 (apache2-1905)
  • NASL family Web Servers
    NASL id APACHE_2_2_3.NASL
    description The remote host appears to be running a version of Apache which is older than 2.2.3. This version is vulnerable to an off-by-one buffer overflow attack in the mod_rewrite module.
    last seen 2019-02-21
    modified 2018-06-29
    plugin id 31659
    published 2008-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31659
    title Apache < 2.2.3 mod_rewrite LDAP Protocol URL Handling Overflow
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_5_3.NASL
    description The remote host is running a version of Mac OS X 10.5.x that is prior to 10.5.3. Mac OS X 10.5.3 contains security fixes for a number of programs.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 32477
    published 2008-05-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32477
    title Mac OS X 10.5.x < 10.5.3 Multiple Vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1132.NASL
    description Mark Dowd discovered a buffer overflow in the mod_rewrite component of apache, a versatile high-performance HTTP server. In some situations a remote attacker could exploit this to execute arbitrary code.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 22674
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22674
    title Debian DSA-1132-1 : apache2 - buffer overflow
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200608-01.NASL
    description The remote host is affected by the vulnerability described in GLSA-200608-01 (Apache: Off-by-one flaw in mod_rewrite) An off-by-one flaw has been found in Apache's mod_rewrite module by Mark Dowd of McAfee Avert Labs. This flaw is exploitable depending on the types of rewrite rules being used. Impact : A remote attacker could exploit the flaw to cause a Denial of Service or execution of arbitrary code. Note that Gentoo Linux is not vulnerable in the default configuration. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 22143
    published 2006-08-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22143
    title GLSA-200608-01 : Apache: Off-by-one flaw in mod_rewrite
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_DC8C08C71E7C11DB88CF000C6EC775D9.NASL
    description The Apache Software Foundation and The Apache HTTP Server Project reports : An off-by-one flaw exists in the Rewrite module, mod_rewrite, as shipped with Apache 1.3 since 1.3.28, 2.0 since 2.0.46, and 2.2 since 2.2.0. Depending on the manner in which Apache HTTP Server was compiled, this software defect may result in a vulnerability which, in combination with certain types of Rewrite rules in the web server configuration files, could be triggered remotely. For vulnerable builds, the nature of the vulnerability can be denial of service (crashing of web server processes) or potentially allow arbitrary code execution. This issue has been rated as having important security impact by the Apache HTTP Server Security Team. This flaw does not affect a default installation of Apache HTTP Server. Users who do not use, or have not enabled, the Rewrite module mod_rewrite are not affected by this issue. This issue only affects installations using a Rewrite rule with the following characteristics : - The RewriteRule allows the attacker to control the initial part of the rewritten URL (for example if the substitution URL starts with $1) - The RewriteRule flags do NOT include any of the following flags: Forbidden (F), Gone (G), or NoEscape (NE). Please note that ability to exploit this issue is dependent on the stack layout for a particular compiled version of mod_rewrite. If the compiler used to compile Apache HTTP Server has added padding to the stack immediately after the buffer being overwritten, it will not be possible to exploit this issue, and Apache HTTP Server will continue operating normally. The Apache HTTP Server project thanks Mark Dowd of McAfee Avert Labs for the responsible reporting of this vulnerability.
    last seen 2019-02-21
    modified 2018-11-23
    plugin id 22118
    published 2006-07-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22118
    title FreeBSD : apache -- mod_rewrite buffer overflow vulnerability (dc8c08c7-1e7c-11db-88cf-000c6ec775d9)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1131.NASL
    description Mark Dowd discovered a buffer overflow in the mod_rewrite component of apache, a versatile high-performance HTTP server. In some situations a remote attacker could exploit this to execute arbitrary code.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 22673
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22673
    title Debian DSA-1131-1 : apache - buffer overflow
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2008-003.NASL
    description The remote host is running a version of Mac OS X 10.4 that does not have the security update 2008-003 applied. This update contains security fixes for a number of programs.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 32478
    published 2008-05-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32478
    title Mac OS X Multiple Vulnerabilities (Security Update 2008-003)
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHSS_37141.NASL
    description s700_800 11.X OV NNM6.4x/ET2.0x Intermediate Patch 17 : The remote HP-UX host is affected by multiple vulnerabilities : - Potential vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM) running Apache. These vulnerabilities could be exploited remotely resulting in cross site scripting (XSS), Denial of Service (DoS), or execution of arbitrary code. (HPSBMA02328 SSRT071293) - A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). This vulnerability could be exploited remotely by an unauthorized user to execute arbitrary code with the permissions of the NNM server. (HPSBMA02281 SSRT061261) - A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM) running Shared Trace Service. The vulnerability could be remotely exploited to execute arbitrary code. (HPSBMA02242 SSRT061260) - A potential security vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). The vulnerability could be exploited remotely to create a Denial of Service (DoS). (HPSBMA02307 SSRT071420) - A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). This vulnerability could by exploited remotely to allow cross site scripting (XSS). (HPSBMA02283 SSRT071319)
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 29200
    published 2007-12-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29200
    title HP-UX PHSS_37141 : s700_800 11.X OV NNM6.4x/ET2.0x Intermediate Patch 17
  • NASL family Web Servers
    NASL id APACHE_2_0_59.NASL
    description The remote host appears to be running a version of Apache that is older than 2.0.59. This version contains an off-by-one buffer overflow in the mod_rewrite module.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 31655
    published 2008-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31655
    title Apache < 2.0.59 mod_rewrite LDAP Protocol URL Handling Overflow
  • NASL family Web Servers
    NASL id APACHE_1_3_37.NASL
    description The remote host appears to be running a version of Apache which is older than 1.3.37. This version contains an off-by-one buffer overflow in the mod_rewrite module.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 31654
    published 2008-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31654
    title Apache < 1.3.37 mod_rewrite LDAP Protocol URL Handling Overflow
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHSS_35437.NASL
    description s700_800 11.04 Webproxy server 2.1 (Apache 2.x) update : The remote HP-UX host is affected by multiple vulnerabilities : - A security vulnerability has been identified in OpenSSL used in HP VirtualVault 4.7, 4.6, 4.5 and HP WebProxy that may allow remote unauthorized access. (HPSBUX02165 SSRT061266) - Potential security vulnerabilities have been identified with Apache running on HP-UX VirtualVault. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access. (HPSBUX02172 SSRT061269)
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 23715
    published 2006-11-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23715
    title HP-UX PHSS_35437 : s700_800 11.04 Webproxy server 2.1 (Apache 2.x) update
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHSS_35462.NASL
    description s700_800 11.04 Virtualvault 4.6 OWS update : The remote HP-UX host is affected by multiple vulnerabilities : - Two potential security vulnerabilities have been reported in HP-UX VirtualVault Apache HTTP server versions prior to Apache 1.3.37 that may allow a Denial of Service (DoS) attack and execution of arbitrary code. (HPSBUX02164 SSRT061265) - A security vulnerability has been identified in OpenSSL used in HP VirtualVault 4.7, 4.6, 4.5 and HP WebProxy that may allow remote unauthorized access. (HPSBUX02165 SSRT061266)
    last seen 2019-02-21
    modified 2016-11-18
    plugin id 23720
    published 2006-11-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23720
    title HP-UX PHSS_35462 : s700_800 11.04 Virtualvault 4.6 OWS update
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHSS_36385.NASL
    description s700_800 11.X PA-RISC OV NNM7.51 Intermediate Patch 16 : Potential vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM) running Apache. These vulnerabilities could be exploited remotely resulting in cross site scripting (XSS), Denial of Service (DoS), or execution of arbitrary code.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 26154
    published 2007-09-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26154
    title HP-UX PHSS_36385 : HP OpenView Network Node Manager (OV NNM) Running Apache, Remote Cross Site Scripting (XSS), Denial of Service (DoS), Execute Arbitrary Code (HPSBMA02328 SSRT071293 rev.2)
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHSS_35436.NASL
    description s700_800 11.04 Virtualvault 4.7 OWS (Apache 2.x) update : The remote HP-UX host is affected by multiple vulnerabilities : - Potential security vulnerabilities have been identified with Apache running on HP-UX VirtualVault. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access. (HPSBUX02172 SSRT061269) - A security vulnerability has been identified in OpenSSL used in HP VirtualVault 4.7, 4.6, 4.5 and HP WebProxy that may allow remote unauthorized access. (HPSBUX02165 SSRT061266)
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 23714
    published 2006-11-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23714
    title HP-UX PHSS_35436 : s700_800 11.04 Virtualvault 4.7 OWS (Apache 2.x) update
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHSS_35459.NASL
    description s700_800 11.04 Virtualvault 4.6 IWS update : The remote HP-UX host is affected by multiple vulnerabilities : - Two potential security vulnerabilities have been reported in HP-UX VirtualVault Apache HTTP server versions prior to Apache 1.3.37 that may allow a Denial of Service (DoS) attack and execution of arbitrary code. (HPSBUX02164 SSRT061265) - A security vulnerability has been identified in OpenSSL used in HP VirtualVault 4.7, 4.6, 4.5 and HP WebProxy that may allow remote unauthorized access. (HPSBUX02165 SSRT061266)
    last seen 2019-02-21
    modified 2016-11-18
    plugin id 23717
    published 2006-11-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23717
    title HP-UX PHSS_35459 : s700_800 11.04 Virtualvault 4.6 IWS update
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHSS_35458.NASL
    description s700_800 11.04 Virtualvault 4.5 IWS Update : The remote HP-UX host is affected by multiple vulnerabilities : - A security vulnerability has been identified in OpenSSL used in HP VirtualVault 4.7, 4.6, 4.5 and HP WebProxy that may allow remote unauthorized access. (HPSBUX02165 SSRT061266) - Two potential security vulnerabilities have been reported in HP-UX VirtualVault Apache HTTP server versions prior to Apache 1.3.37 that may allow a Denial of Service (DoS) attack and execution of arbitrary code. (HPSBUX02164 SSRT061265)
    last seen 2019-02-21
    modified 2016-11-18
    plugin id 23716
    published 2006-11-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23716
    title HP-UX PHSS_35458 : s700_800 11.04 Virtualvault 4.5 IWS Update
  • NASL family SuSE Local Security Checks
    NASL id SUSE_APACHE2-1906.NASL
    description This update fixes security problems in the Apache2 webserver : mod_rewrite: Fixed an off-by-one security problem in the ldap scheme handling. For some RewriteRules this could lead to a pointer being written out of bounds. (CVE-2006-3747) For SUSE Linux Enterprise Server 10 additionally an old security problem was fixed: mod_imap: Fixes a cross-site scripting bug in the imagemap module. (CVE-2005-3352)
    last seen 2019-02-21
    modified 2014-10-28
    plugin id 29372
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29372
    title SuSE 10 Security Update : Apache2 (ZYPP Patch Number 1906)
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHSS_35460.NASL
    description s700_800 11.04 Virtualvault 4.7 IWS update : The remote HP-UX host is affected by multiple vulnerabilities : - Two potential security vulnerabilities have been reported in HP-UX VirtualVault Apache HTTP server versions prior to Apache 1.3.37 that may allow a Denial of Service (DoS) attack and execution of arbitrary code. (HPSBUX02164 SSRT061265) - A security vulnerability has been identified in OpenSSL used in HP VirtualVault 4.7, 4.6, 4.5 and HP WebProxy that may allow remote unauthorized access. (HPSBUX02165 SSRT061266)
    last seen 2019-02-21
    modified 2016-11-18
    plugin id 23718
    published 2006-11-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23718
    title HP-UX PHSS_35460 : s700_800 11.04 Virtualvault 4.7 IWS update
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHSS_35110.NASL
    description s700_800 11.04 Webproxy server 2.0 update : The remote HP-UX host is affected by multiple vulnerabilities : - Two potential security vulnerabilities have been reported in HP-UX VirtualVault Apache HTTP server versions prior to Apache 1.3.37 that may allow a Denial of Service (DoS) attack and execution of arbitrary code. (HPSBUX02164 SSRT061265) - A security vulnerability has been identified in OpenSSL used in HP VirtualVault 4.7, 4.6, 4.5 and HP WebProxy that may allow remote unauthorized access. (HPSBUX02165 SSRT061266)
    last seen 2019-02-21
    modified 2016-11-18
    plugin id 23712
    published 2006-11-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23712
    title HP-UX PHSS_35110 : s700_800 11.04 Webproxy server 2.0 update
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHSS_35461.NASL
    description s700_800 11.04 Virtualvault 4.5 OWS update : The remote HP-UX host is affected by multiple vulnerabilities : - Two potential security vulnerabilities have been reported in HP-UX VirtualVault Apache HTTP server versions prior to Apache 1.3.37 that may allow a Denial of Service (DoS) attack and execution of arbitrary code. (HPSBUX02164 SSRT061265) - A security vulnerability has been identified in OpenSSL used in HP VirtualVault 4.7, 4.6, 4.5 and HP WebProxy that may allow remote unauthorized access. (HPSBUX02165 SSRT061266)
    last seen 2019-02-21
    modified 2016-11-18
    plugin id 23719
    published 2006-11-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23719
    title HP-UX PHSS_35461 : s700_800 11.04 Virtualvault 4.5 OWS update
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHSS_36386.NASL
    description s700_800 11.X IA-64 OV NNM7.51 Intermediate Patch 16 : Potential vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM) running Apache. These vulnerabilities could be exploited remotely resulting in cross site scripting (XSS), Denial of Service (DoS), or execution of arbitrary code.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 26155
    published 2007-09-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26155
    title HP-UX PHSS_36386 : HP OpenView Network Node Manager (OV NNM) Running Apache, Remote Cross Site Scripting (XSS), Denial of Service (DoS), Execute Arbitrary Code (HPSBMA02328 SSRT071293 rev.2)
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHSS_35463.NASL
    description s700_800 11.04 Virtualvault 4.7 (Apache 1.x) OWS update : The remote HP-UX host is affected by multiple vulnerabilities : - Two potential security vulnerabilities have been reported in HP-UX VirtualVault Apache HTTP server versions prior to Apache 1.3.37 that may allow a Denial of Service (DoS) attack and execution of arbitrary code. (HPSBUX02164 SSRT061265) - A security vulnerability has been identified in OpenSSL used in HP VirtualVault 4.7, 4.6, 4.5 and HP WebProxy that may allow remote unauthorized access. (HPSBUX02165 SSRT061266)
    last seen 2019-02-21
    modified 2016-11-18
    plugin id 23721
    published 2006-11-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23721
    title HP-UX PHSS_35463 : s700_800 11.04 Virtualvault 4.7 (Apache 1.x) OWS update
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHSS_35111.NASL
    description s700_800 11.04 Webproxy 2.1 (Apache 1.x) update : The remote HP-UX host is affected by multiple vulnerabilities : - A security vulnerability has been identified in OpenSSL used in HP VirtualVault 4.7, 4.6, 4.5 and HP WebProxy that may allow remote unauthorized access. (HPSBUX02165 SSRT061266) - Two potential security vulnerabilities have been reported in HP-UX VirtualVault Apache HTTP server versions prior to Apache 1.3.37 that may allow a Denial of Service (DoS) attack and execution of arbitrary code. (HPSBUX02164 SSRT061265)
    last seen 2019-02-21
    modified 2016-11-18
    plugin id 23713
    published 2006-11-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23713
    title HP-UX PHSS_35111 : s700_800 11.04 Webproxy 2.1 (Apache 1.x) update
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2008-002.NASL
    description The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-002 applied. This update contains several security fixes for a number of programs.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 31605
    published 2008-03-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31605
    title Mac OS X Multiple Vulnerabilities (Security Update 2008-002)
packetstorm via4
refmap via4
aixapar
  • PK27875
  • PK29154
  • PK29156
apple
  • APPLE-SA-2008-03-18
  • APPLE-SA-2008-05-28
bid 19204
bugtraq
  • 20060728 Apache mod_rewrite Buffer Overflow Vulnerability
  • 20060728 [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released
  • 20060728 rPSA-2006-0139-1 httpd mod_ssl
  • 20060820 POC & exploit for Apache mod_rewrite off-by-one
cert TA08-150A
cert-vn VU#395412
confirm
debian
  • DSA-1131
  • DSA-1132
fulldisc
  • 20060728 Apache 1.3.29/2.X mod_rewrite Buffer Overflow Vulnerability CVE-2006-3747
  • 20060728 [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released
gentoo GLSA-200608-01
hp
  • HPSBMA02250
  • HPSBMA02328
  • HPSBOV02683
  • HPSBUX02145
  • HPSBUX02164
  • SSRT061202
  • SSRT061265
  • SSRT061275
  • SSRT071293
  • SSRT090208
mandriva MDKSA-2006:133
misc
openpkg OpenPKG-SA-2006.015
osvdb 27588
sectrack 1016601
secunia
  • 21197
  • 21241
  • 21245
  • 21247
  • 21266
  • 21273
  • 21284
  • 21307
  • 21313
  • 21315
  • 21346
  • 21478
  • 21509
  • 22262
  • 22368
  • 22388
  • 22523
  • 23028
  • 23260
  • 26329
  • 29420
  • 29849
  • 30430
sreason 1312
sunalert
  • 102662
  • 102663
suse SUSE-SA:2006:043
trustix 2006-0044
ubuntu USN-328-1
vupen
  • ADV-2006-3017
  • ADV-2006-3264
  • ADV-2006-3282
  • ADV-2006-3884
  • ADV-2006-3995
  • ADV-2006-4015
  • ADV-2006-4207
  • ADV-2006-4300
  • ADV-2006-4868
  • ADV-2007-2783
  • ADV-2008-0924
  • ADV-2008-1246
  • ADV-2008-1697
xf apache-modrewrite-offbyone-bo(28063)
saint via4
bid 19204
description Apache mod_rewrite LDAP URL buffer overflow
id web_server_apache_version
osvdb 27588
title apache_rewrite_ldap
type remote
statements via4
  • contributor Mark J Cox
    lastmodified 2008-07-02
    organization Apache
    statement Fixed in Apache HTTP Server 2.2.3, 2.0.59, and 1.3.37: http://httpd.apache.org/security/vulnerabilities_22.html http://httpd.apache.org/security/vulnerabilities_20.html http://httpd.apache.org/security/vulnerabilities_13.html
  • contributor Mark J Cox
    lastmodified 2006-07-31
    organization Red Hat
    statement The ability to exploit this issue is dependent on the stack layout for a particular compiled version of mod_rewrite. If the compiler has added padding to the stack immediately after the buffer being overwritten, this issue can not be exploited, and Apache httpd will continue operating normally. The Red Hat Security Response Team analyzed Red Hat Enterprise Linux 3 and Red Hat Enterprise Linux 4 binaries for all architectures as shipped by Red Hat and determined that these versions cannot be exploited. This issue does not affect the version of Apache httpd as supplied with Red Hat Enterprise Linux 2.1
Last major update 06-09-2011 - 00:00
Published 28-07-2006 - 14:02
Last modified 17-10-2018 - 17:29
Back to Top