{ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2006-3747", "STATE" : "PUBLIC" }, "affects" : { "vendor" : { "vendor_data" : [ { "product" : { "product_data" : [ { "product_name" : "n/a", "version" : { "version_data" : [ { "version_value" : "n/a" } ] } } ] }, "vendor_name" : "n/a" } ] } }, "data_format" : "MITRE", "data_type" : "CVE", "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", "value" : "Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules." } ] }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "eng", "value" : "n/a" } ] } ] }, "references" : { "reference_data" : [ { "name" : "20060728 Apache mod_rewrite Buffer Overflow Vulnerability", "refsource" : "BUGTRAQ", "url" : "http://www.securityfocus.com/archive/1/441487/100/0/threaded" }, { "name" : "20060728 [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released", "refsource" : "BUGTRAQ", "url" : "http://www.securityfocus.com/archive/1/441485/100/0/threaded" }, { "name" : "20060728 rPSA-2006-0139-1 httpd mod_ssl", "refsource" : "BUGTRAQ", "url" : "http://www.securityfocus.com/archive/1/441526/100/200/threaded" }, { "name" : "20060820 POC & exploit for Apache mod_rewrite off-by-one", "refsource" : "BUGTRAQ", "url" : "http://www.securityfocus.com/archive/1/443870/100/0/threaded" }, { "name" : "20060728 Apache 1.3.29/2.X mod_rewrite Buffer Overflow Vulnerability CVE-2006-3747", "refsource" : "FULLDISC", "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048267.html" }, { "name" : "20060728 [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released", "refsource" : "FULLDISC", "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048271.html" }, { "name" : "http://kbase.redhat.com/faq/FAQ_68_8653.shtm", "refsource" : "MISC", "url" : "http://kbase.redhat.com/faq/FAQ_68_8653.shtm" }, { "name" : "http://svn.apache.org/viewvc?view=rev&revision=426144", "refsource" : "MISC", "url" : "http://svn.apache.org/viewvc?view=rev&revision=426144" }, { "name" : "http://www.apache.org/dist/httpd/Announcement2.0.html", "refsource" : "CONFIRM", "url" : "http://www.apache.org/dist/httpd/Announcement2.0.html" }, { "name" : "https://issues.rpath.com/browse/RPL-538", "refsource" : "CONFIRM", "url" : "https://issues.rpath.com/browse/RPL-538" }, { "name" : "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117", "refsource" : "CONFIRM", "url" : "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117" }, { "name" : "http://www-1.ibm.com/support/docview.wss?uid=swg27007951", "refsource" : "CONFIRM", "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg27007951" }, { "name" : "http://docs.info.apple.com/article.html?artnum=307562", "refsource" : "CONFIRM", "url" : "http://docs.info.apple.com/article.html?artnum=307562" }, { "name" : "APPLE-SA-2008-03-18", "refsource" : "APPLE", "url" : "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html" }, { "name" : "APPLE-SA-2008-05-28", "refsource" : "APPLE", "url" : "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html" }, { "name" : "HPSBMA02250", "refsource" : "HP", "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771" }, { "name" : "SSRT061275", "refsource" : "HP", "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771" }, { "name" : "HPSBMA02328", "refsource" : "HP", "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01428449" }, { "name" : "SSRT071293", "refsource" : "HP", "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01428449" }, { "name" : "HPSBOV02683", "refsource" : "HP", "url" : "http://marc.info/?l=bugtraq&m=130497311408250&w=2" }, { "name" : "SSRT090208", "refsource" : "HP", "url" : "http://marc.info/?l=bugtraq&m=130497311408250&w=2" }, { "name" : "TA08-150A", "refsource" : "CERT", "url" : "http://www.us-cert.gov/cas/techalerts/TA08-150A.html" }, { "name" : "VU#395412", "refsource" : "CERT-VN", "url" : "http://www.kb.cert.org/vuls/id/395412" }, { "name" : "PK27875", "refsource" : "AIXAPAR", "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg24013080" }, { "name" : "PK29154", "refsource" : "AIXAPAR", "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1PK29154" }, { "name" : "PK29156", "refsource" : "AIXAPAR", "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1PK29156" }, { "name" : "DSA-1131", "refsource" : "DEBIAN", "url" : "http://www.debian.org/security/2006/dsa-1131" }, { "name" : "DSA-1132", "refsource" : "DEBIAN", "url" : "http://www.debian.org/security/2006/dsa-1132" }, { "name" : "GLSA-200608-01", "refsource" : "GENTOO", "url" : "http://security.gentoo.org/glsa/glsa-200608-01.xml" }, { "name" : "HPSBUX02145", "refsource" : "HP", "url" : "http://www.securityfocus.com/archive/1/445206/100/0/threaded" }, { "name" : "SSRT061202", "refsource" : "HP", "url" : "http://www.securityfocus.com/archive/1/445206/100/0/threaded" }, { "name" : "HPSBUX02164", "refsource" : "HP", "url" : "http://www.securityfocus.com/archive/1/450321/100/0/threaded" }, { "name" : "SSRT061265", "refsource" : "HP", "url" : "http://www.securityfocus.com/archive/1/450321/100/0/threaded" }, { "name" : "MDKSA-2006:133", "refsource" : "MANDRIVA", "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:133" }, { "name" : "OpenPKG-SA-2006.015", "refsource" : "OPENPKG", "url" : "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.015-apache.html" }, { "name" : "102662", "refsource" : "SUNALERT", "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102662-1" }, { "name" : "102663", "refsource" : "SUNALERT", "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102663-1" }, { "name" : "SUSE-SA:2006:043", "refsource" : "SUSE", "url" : "http://www.novell.com/linux/security/advisories/2006_43_apache.html" }, { "name" : "2006-0044", "refsource" : "TRUSTIX", "url" : "http://lwn.net/Alerts/194228/" }, { "name" : "USN-328-1", "refsource" : "UBUNTU", "url" : "http://www.ubuntu.com/usn/usn-328-1" }, { "name" : "19204", "refsource" : "BID", "url" : "http://www.securityfocus.com/bid/19204" }, { "name" : "ADV-2006-3017", "refsource" : "VUPEN", "url" : "http://www.vupen.com/english/advisories/2006/3017" }, { "name" : "ADV-2006-3264", "refsource" : "VUPEN", "url" : "http://www.vupen.com/english/advisories/2006/3264" }, { "name" : "ADV-2006-3282", "refsource" : "VUPEN", "url" : "http://www.vupen.com/english/advisories/2006/3282" }, { "name" : "ADV-2006-3884", "refsource" : "VUPEN", "url" : "http://www.vupen.com/english/advisories/2006/3884" }, { "name" : "ADV-2006-3995", "refsource" : "VUPEN", "url" : "http://www.vupen.com/english/advisories/2006/3995" }, { "name" : "ADV-2006-4015", "refsource" : "VUPEN", "url" : "http://www.vupen.com/english/advisories/2006/4015" }, { "name" : "ADV-2006-4207", "refsource" : "VUPEN", "url" : "http://www.vupen.com/english/advisories/2006/4207" }, { "name" : "ADV-2006-4300", "refsource" : "VUPEN", "url" : "http://www.vupen.com/english/advisories/2006/4300" }, { "name" : "ADV-2006-4868", "refsource" : "VUPEN", "url" : "http://www.vupen.com/english/advisories/2006/4868" }, { "name" : "ADV-2007-2783", "refsource" : "VUPEN", "url" : "http://www.vupen.com/english/advisories/2007/2783" }, { "name" : "ADV-2008-0924", "refsource" : "VUPEN", "url" : "http://www.vupen.com/english/advisories/2008/0924/references" }, { "name" : "ADV-2008-1246", "refsource" : "VUPEN", "url" : "http://www.vupen.com/english/advisories/2008/1246/references" }, { "name" : "ADV-2008-1697", "refsource" : "VUPEN", "url" : "http://www.vupen.com/english/advisories/2008/1697" }, { "name" : "27588", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/27588" }, { "name" : "1016601", "refsource" : "SECTRACK", "url" : "http://securitytracker.com/id?1016601" }, { "name" : "21197", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/21197" }, { "name" : "21241", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/21241" }, { "name" : "21245", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/21245" }, { "name" : "21266", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/21266" }, { "name" : "21273", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/21273" }, { "name" : "21284", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/21284" }, { "name" : "21313", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/21313" }, { "name" : "21307", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/21307" }, { "name" : "21315", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/21315" }, { "name" : "21247", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/21247" }, { "name" : "21478", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/21478" }, { "name" : "21509", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/21509" }, { "name" : "22262", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/22262" }, { "name" : "22368", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/22368" }, { "name" : "22388", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/22388" }, { "name" : "22523", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/22523" }, { "name" : "23028", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/23028" }, { "name" : "23260", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/23260" }, { "name" : "21346", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/21346" }, { "name" : "26329", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/26329" }, { "name" : "29420", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/29420" }, { "name" : "29849", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/29849" }, { "name" : "30430", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/30430" }, { "name" : "1312", "refsource" : "SREASON", "url" : "http://securityreason.com/securityalert/1312" }, { "name" : "apache-modrewrite-offbyone-bo(28063)", "refsource" : "XF", "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28063" } ] } }