CVE-2006-3747

{"id": "CVE-2006-3747", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "HIGH", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-07-28T18:02:00.000", "references": [{"url": "http://docs.info.apple.com/article.html?artnum=307562", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01428449", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://kbase.redhat.com/faq/FAQ_68_8653.shtm", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048267.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048271.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lwn.net/Alerts/194228/", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://marc.info/?l=bugtraq&m=130497311408250&w=2", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/21197", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/21241", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/21245", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/21247", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/21266", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/21273", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/21284", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/21307", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/21313", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/21315", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/21346", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/21478", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/21509", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/22262", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/22368", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/22388", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/22523", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/23028", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/23260", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/26329", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/29420", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/29849", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/30430", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://security.gentoo.org/glsa/glsa-200608-01.xml", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://securityreason.com/securityalert/1312", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://securitytracker.com/id?1016601", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102662-1", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102663-1", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://svn.apache.org/viewvc?view=rev&revision=426144", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK29154", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK29156", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www-1.ibm.com/support/docview.wss?uid=swg24013080", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www-1.ibm.com/support/docview.wss?uid=swg27007951", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.apache.org/dist/httpd/Announcement2.0.html", "tags": ["Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2006/dsa-1131", "tags": ["Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2006/dsa-1132", "tags": ["Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.kb.cert.org/vuls/id/395412", "tags": ["Third Party Advisory", "US Government Resource"], "source": "secalert@redhat.com"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:133", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://www.novell.com/linux/security/advisories/2006_43_apache.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.015-apache.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.osvdb.org/27588", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/archive/1/441485/100/0/threaded", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/archive/1/441487/100/0/threaded", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/archive/1/441526/100/200/threaded", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/archive/1/443870/100/0/threaded", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/archive/1/445206/100/0/threaded", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/archive/1/450321/100/0/threaded", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/19204", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.ubuntu.com/usn/usn-328-1", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html", "tags": ["Third Party Advisory", "US Government Resource"], "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2006/3017", "tags": ["Permissions Required"], "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2006/3264", "tags": ["Permissions Required"], "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2006/3282", "tags": ["Permissions Required"], "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2006/3884", "tags": ["Permissions Required"], "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2006/3995", "tags": ["Permissions Required"], "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2006/4015", "tags": ["Permissions Required"], "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2006/4207", "tags": ["Permissions Required"], "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2006/4300", "tags": ["Permissions Required"], "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2006/4868", "tags": ["Permissions Required"], "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2007/2783", "tags": ["Permissions Required"], "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2008/0924/references", "tags": ["Permissions Required"], "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2008/1246/references", "tags": ["Permissions Required"], "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2008/1697", "tags": ["Permissions Required"], "source": "secalert@redhat.com"}, {"url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28063", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "https://issues.rpath.com/browse/RPL-538", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E", "source": "secalert@redhat.com"}, {"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E", "source": "secalert@redhat.com"}, {"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E", "source": "secalert@redhat.com"}, {"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E", "source": "secalert@redhat.com"}, {"url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E", "source": "secalert@redhat.com"}, {"url": "https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E", "source": "secalert@redhat.com"}, {"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E", "source": "secalert@redhat.com"}, {"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E", "source": "secalert@redhat.com"}, {"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E", "source": "secalert@redhat.com"}, {"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", "source": "secalert@redhat.com"}, {"url": "https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E", "source": "secalert@redhat.com"}, {"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E", "source": "secalert@redhat.com"}, {"url": "https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E", "source": "secalert@redhat.com"}, {"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-189"}]}], "descriptions": [{"lang": "en", "value": "Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules."}, {"lang": "es", "value": "Error de superaci\u00f3n de l\u00edmite (off-by-one) en el esquema ldap manejado en el modulo Rewrite (mod_rewrite) en Apache 1.3 desde 1.3.28, 2.0.46 y otras versiones anteriores 2.0.59, y 2.2, cuando RewriteEngine est\u00e1 activo, permite a atacantes remotos provocar denegaci\u00f3n de servicio (Caida de aplicaci\u00f3n) y posiblemente ejecutar c\u00f3digo a rtav\u00e9s de URLs manipuladas que no se manejan de forma adecuada utilizando ciertas reglas de reescritura."}], "lastModified": "2023-02-13T02:16:39.707", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2795E703-F4AE-491F-8DDD-A3DA32856E80", "versionEndExcluding": "1.3.37", "versionStartIncluding": "1.3.28"}, {"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5E51CD7-A796-4204-95BA-53ACB46993A6", "versionEndExcluding": "2.0.59", "versionStartIncluding": "2.0.46"}, {"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "028BE030-4059-4C7D-A6E7-47EE2150578B", "versionEndExcluding": "2.2.3", "versionStartIncluding": "2.2.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42E47538-08EE-4DC1-AC17-883C44CF77BB"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0FA3A32E-445A-4D39-A8D5-75F5370AD23D"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873"}], "operator": "OR"}]}], "vendorComments": [{"comment": "The ability to exploit this issue is dependent on the stack layout for a particular compiled version of mod_rewrite. If the compiler has added padding to the stack immediately after the buffer being overwritten, this issue can not be exploited, and Apache httpd will continue operating normally.\n\nThe Red Hat Security Response Team analyzed Red Hat Enterprise Linux 3 and Red Hat Enterprise Linux 4 binaries for all architectures as shipped by Red Hat and determined that these versions cannot be exploited. This issue does not affect the version of Apache httpd as supplied with Red Hat Enterprise Linux 2.1", "lastModified": "2006-07-31T00:00:00", "organization": "Red Hat"}, {"comment": "Fixed in Apache HTTP Server 2.2.3, 2.0.59, and 1.3.37:\nhttp://httpd.apache.org/security/vulnerabilities_22.html\nhttp://httpd.apache.org/security/vulnerabilities_20.html\nhttp://httpd.apache.org/security/vulnerabilities_13.html", "lastModified": "2008-07-02T00:00:00", "organization": "Apache"}], "sourceIdentifier": "secalert@redhat.com"}