Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
07 Nov 2023, 02:08
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2011-11-08 11:55
Updated : 2024-02-28 11:41
NVD link : CVE-2011-3607
Mitre link : CVE-2011-3607
CVE.ORG link : CVE-2011-3607
JSON object : View
Products Affected
apache
- http_server
CWE
CWE-189
Numeric Errors