CVE-2006-0150

Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:dave_carrigan:auth_ldap:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:dave_carrigan:auth_ldap:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:dave_carrigan:auth_ldap:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:dave_carrigan:auth_ldap:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:dave_carrigan:auth_ldap:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:dave_carrigan:auth_ldap:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:dave_carrigan:auth_ldap:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:dave_carrigan:auth_ldap:1.3.3:*:*:*:*:*:*:*
cpe:2.3:a:dave_carrigan:auth_ldap:1.3.4:*:*:*:*:*:*:*
cpe:2.3:a:dave_carrigan:auth_ldap:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:dave_carrigan:auth_ldap:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:dave_carrigan:auth_ldap:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:dave_carrigan:auth_ldap:1.6.0:*:*:*:*:*:*:*

History

14 Feb 2024, 01:17

Type Values Removed Values Added
References (MISC) http://www.digitalarmaments.com/2006090173928420.html - Vendor Advisory (MISC) http://www.digitalarmaments.com/2006090173928420.html - Vendor Advisory, URL Repurposed

Information

Published : 2006-01-09 23:03

Updated : 2024-02-28 10:42


NVD link : CVE-2006-0150

Mitre link : CVE-2006-0150

CVE.ORG link : CVE-2006-0150


JSON object : View

Products Affected

dave_carrigan

  • auth_ldap
CWE
CWE-134

Use of Externally-Controlled Format String