CVE - CVE-2006-3747

CVE-ID
CVE-2006-3747	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1016601 URL:http://securitytracker.com/id?1016601 MISC:102662 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-102662-1~~ (Obsolete source) MISC:102663 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-102663-1~~ (Obsolete source) MISC:1312 URL:http://securityreason.com/securityalert/1312 MISC:19204 URL:http://www.securityfocus.com/bid/19204 MISC:2006-0044 URL:http://lwn.net/Alerts/194228/ MISC:20060728 Apache 1.3.29/2.X mod_rewrite Buffer Overflow Vulnerability CVE-2006-3747 URL:http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048267.html MISC:20060728 Apache mod_rewrite Buffer Overflow Vulnerability URL:http://www.securityfocus.com/archive/1/441487/100/0/threaded MISC:20060728 [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released URL:http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048271.html MISC:20060728 [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released URL:http://www.securityfocus.com/archive/1/441485/100/0/threaded MISC:20060728 rPSA-2006-0139-1 httpd mod_ssl URL:http://www.securityfocus.com/archive/1/441526/100/200/threaded MISC:20060820 POC & exploit for Apache mod_rewrite off-by-one URL:http://www.securityfocus.com/archive/1/443870/100/0/threaded MISC:21197 URL:http://secunia.com/advisories/21197 MISC:21241 URL:http://secunia.com/advisories/21241 MISC:21245 URL:http://secunia.com/advisories/21245 MISC:21247 URL:http://secunia.com/advisories/21247 MISC:21266 URL:http://secunia.com/advisories/21266 MISC:21273 URL:http://secunia.com/advisories/21273 MISC:21284 URL:http://secunia.com/advisories/21284 MISC:21307 URL:http://secunia.com/advisories/21307 MISC:21313 URL:http://secunia.com/advisories/21313 MISC:21315 URL:http://secunia.com/advisories/21315 MISC:21346 URL:http://secunia.com/advisories/21346 MISC:21478 URL:http://secunia.com/advisories/21478 MISC:21509 URL:http://secunia.com/advisories/21509 MISC:22262 URL:http://secunia.com/advisories/22262 MISC:22368 URL:http://secunia.com/advisories/22368 MISC:22388 URL:http://secunia.com/advisories/22388 MISC:22523 URL:http://secunia.com/advisories/22523 MISC:23028 URL:http://secunia.com/advisories/23028 MISC:23260 URL:http://secunia.com/advisories/23260 MISC:26329 URL:http://secunia.com/advisories/26329 MISC:27588 URL:~~http://www.osvdb.org/27588~~ (Obsolete source) MISC:29420 URL:http://secunia.com/advisories/29420 MISC:29849 URL:http://secunia.com/advisories/29849 MISC:30430 URL:http://secunia.com/advisories/30430 MISC:ADV-2006-3017 URL:~~http://www.vupen.com/english/advisories/2006/3017~~ (Obsolete source) MISC:ADV-2006-3264 URL:~~http://www.vupen.com/english/advisories/2006/3264~~ (Obsolete source) MISC:ADV-2006-3282 URL:~~http://www.vupen.com/english/advisories/2006/3282~~ (Obsolete source) MISC:ADV-2006-3884 URL:~~http://www.vupen.com/english/advisories/2006/3884~~ (Obsolete source) MISC:ADV-2006-3995 URL:~~http://www.vupen.com/english/advisories/2006/3995~~ (Obsolete source) MISC:ADV-2006-4015 URL:~~http://www.vupen.com/english/advisories/2006/4015~~ (Obsolete source) MISC:ADV-2006-4207 URL:~~http://www.vupen.com/english/advisories/2006/4207~~ (Obsolete source) MISC:ADV-2006-4300 URL:~~http://www.vupen.com/english/advisories/2006/4300~~ (Obsolete source) MISC:ADV-2006-4868 URL:~~http://www.vupen.com/english/advisories/2006/4868~~ (Obsolete source) MISC:ADV-2007-2783 URL:~~http://www.vupen.com/english/advisories/2007/2783~~ (Obsolete source) MISC:ADV-2008-0924 URL:~~http://www.vupen.com/english/advisories/2008/0924/references~~ (Obsolete source) MISC:ADV-2008-1246 URL:~~http://www.vupen.com/english/advisories/2008/1246/references~~ (Obsolete source) MISC:ADV-2008-1697 URL:~~http://www.vupen.com/english/advisories/2008/1697~~ (Obsolete source) MISC:APPLE-SA-2008-03-18 URL:http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html MISC:APPLE-SA-2008-05-28 URL:http://lists.apple.com/archives/security-announce/2008//May/msg00001.html MISC:DSA-1131 URL:http://www.debian.org/security/2006/dsa-1131 MISC:DSA-1132 URL:http://www.debian.org/security/2006/dsa-1132 MISC:GLSA-200608-01 URL:http://security.gentoo.org/glsa/glsa-200608-01.xml MISC:HPSBMA02250 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771 MISC:HPSBMA02328 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01428449 MISC:HPSBOV02683 URL:http://marc.info/?l=bugtraq&m=130497311408250&w=2 MISC:HPSBUX02145 URL:http://www.securityfocus.com/archive/1/445206/100/0/threaded MISC:HPSBUX02164 URL:http://www.securityfocus.com/archive/1/450321/100/0/threaded MISC:MDKSA-2006:133 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2006:133~~ (Obsolete source) MISC:OpenPKG-SA-2006.015 URL:http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.015-apache.html MISC:PK27875 URL:http://www-1.ibm.com/support/docview.wss?uid=swg24013080 MISC:PK29154 URL:http://www-1.ibm.com/support/docview.wss?uid=swg1PK29154 MISC:PK29156 URL:http://www-1.ibm.com/support/docview.wss?uid=swg1PK29156 MISC:SSRT061202 URL:http://www.securityfocus.com/archive/1/445206/100/0/threaded MISC:SSRT061265 URL:http://www.securityfocus.com/archive/1/450321/100/0/threaded MISC:SSRT061275 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771 MISC:SSRT071293 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01428449 MISC:SSRT090208 URL:http://marc.info/?l=bugtraq&m=130497311408250&w=2 MISC:SUSE-SA:2006:043 URL:http://www.novell.com/linux/security/advisories/2006_43_apache.html MISC:TA08-150A URL:http://www.us-cert.gov/cas/techalerts/TA08-150A.html MISC:USN-328-1 URL:http://www.ubuntu.com/usn/usn-328-1 MISC:VU#395412 URL:http://www.kb.cert.org/vuls/id/395412 MISC:[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ URL:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1073139 [4/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ URL:https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/ URL:https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ URL:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1073149 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ URL:https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1888194 [4/13] - /httpd/site/trunk/content/security/json/ URL:https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E MISC:apache-modrewrite-offbyone-bo(28063) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/28063 MISC:http://docs.info.apple.com/article.html?artnum=307562 URL:http://docs.info.apple.com/article.html?artnum=307562 MISC:http://kbase.redhat.com/faq/FAQ_68_8653.shtm URL:http://kbase.redhat.com/faq/FAQ_68_8653.shtm MISC:http://svn.apache.org/viewvc?view=rev&revision=426144 URL:http://svn.apache.org/viewvc?view=rev&revision=426144 MISC:http://www-1.ibm.com/support/docview.wss?uid=swg27007951 URL:http://www-1.ibm.com/support/docview.wss?uid=swg27007951 MISC:http://www.apache.org/dist/httpd/Announcement2.0.html URL:http://www.apache.org/dist/httpd/Announcement2.0.html MISC:http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117 URL:http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117 MISC:https://issues.rpath.com/browse/RPL-538 URL:https://issues.rpath.com/browse/RPL-538
Assigning CNA
Red Hat, Inc.
Date Record Created
20060720	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20060720)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)