what you don't know can hurt you
Showing 1 - 15 of 15 RSS Feed

CVE-2006-3747

Status Candidate

Overview

Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.

Related Files

HP Security Bulletin HPSBOV02683 SSRT090208
Posted May 10, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBOV02683 SSRT090208 - Potential vulnerabilities have been identified with HP Secure Web Server (SWS) for OpenVMS running Apache and PHP. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, or unauthorized modifications. Revision 1 of this advisory.

tags | advisory, web, denial of service, php, vulnerability
advisories | CVE-2002-0839, CVE-2002-0840, CVE-2003-0542, CVE-2004-0492, CVE-2005-2491, CVE-2005-3352, CVE-2005-3357, CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-3747, CVE-2006-3918, CVE-2006-4339, CVE-2006-4343, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2009-1891, CVE-2009-3095, CVE-2009-3291, CVE-2009-3292, CVE-2009-3293, CVE-2009-3555, CVE-2010-0010
SHA-256 | a7638da01e18d2a3d9c6e84728556bb08fdb00082b9c904826eb85aa31a5870d
Apache module mod_rewrite LDAP protocol Buffer Overflow
Posted Nov 26, 2009
Authored by patrick | Site metasploit.com

This Metasploit module exploits the mod_rewrite LDAP protocol scheme handling flaw discovered by Mark Dowd, which produces an off-by-one overflow. Apache versions 1.3.29-36, 2.0.47-58, and 2.2.1-2 are vulnerable. This Metasploit module requires REWRITEPATH to be set accurately. In addition, the target must have 'RewriteEngine on' configured, with a specific 'RewriteRule' condition enabled to allow for exploitation. The flaw affects multiple platforms, however this module currently only supports Windows based installations.

tags | exploit, overflow, protocol
systems | windows
advisories | CVE-2006-3747
SHA-256 | 96b871a0195d2591844969f9bba63abc59813d3e7296ce6634f95d37eb06d859
apache-mod-rewrite.rb.txt
Posted Jan 7, 2008
Authored by Marcin Kozlowski

Apache mod_rewrite escape_absolute_uri() off-by-one buffer overflow Metasploit exploit module. This affects Apache versions 1.3.28 through 1.3.36, 2.0.46 through 2.0.58, and 2.2.1 through 2.2.2.

tags | exploit, overflow
advisories | CVE-2006-3747
SHA-256 | 503139768b0cda278959c2bc8df18f7cb0aee2077db8a28468990531d48c3000
HP Security Bulletin 2006-12.75
Posted Aug 8, 2007
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified HP System Management

tags | advisory, vulnerability
advisories | CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-3747, CVE-2006-4339, CVE-2006-4343
SHA-256 | bad94072ba0de67832d1266e25833ffd96de150db9736aa61c3b1fa67d1c6f2d
apache2058-rewrite.txt
Posted May 31, 2007
Authored by fabio/b0x

Apache version 2.0.58 mod_rewrite remote overflow exploit for win32. Binds a shell to port 4445.

tags | exploit, remote, overflow, shell
systems | windows
advisories | CVE-2006-3747
SHA-256 | f8d367428261509f9e8e651cc83d34c6b4a4a86c15f633d671023a26ad41b8dd
HP Security Bulletin 2006-12.2
Posted Sep 7, 2006
Authored by Hewlett Packard, HP | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, denial of service, or unauthorized access.

tags | advisory, denial of service, arbitrary, vulnerability
systems | hpux
advisories | CVE-2006-3747, CVE-2005-3352, CVE-2005-3357
SHA-256 | b9ab5890e9d10ad4d8db2527868e8497b4d79f5d2d485da41d732ecbb31e0001
modrewritepoc.txt
Posted Aug 27, 2006
Authored by Jacobo Avariento Gimeno

Proof of concept exploit for the mod_rewrite vulnerability in Apache that makes use of an off by one overflow in the handling of ldap requests.

tags | exploit, overflow, proof of concept
advisories | CVE-2006-3747
SHA-256 | 47f17f2bae7bce7af834754bc7cd0e1bc951414c01f5d33309f9e31e99e9e771
Debian Linux Security Advisory 1132-1
Posted Aug 17, 2006
Authored by Debian | Site debian.org

Debian Security Advisory 1132-1 - Mark Dowd discovered a buffer overflow in the mod_rewrite component of apache, a versatile high-performance HTTP server. In some situations a remote attacker could exploit this to execute arbitary code.

tags | advisory, remote, web, overflow
systems | linux, debian
advisories | CVE-2006-3747
SHA-256 | d881e081cc1047a05de35da2701a6d15839e8c889d5ce867834afeda3805bdc7
Debian Linux Security Advisory 1131-1
Posted Aug 17, 2006
Authored by Debian | Site debian.org

Debian Security Advisory 1131-1 - Mark Dowd discovered a buffer overflow in the mod_rewrite component of apache, a versatile high-performance HTTP server. In some situations a remote attacker could exploit this to execute arbitary code

tags | advisory, remote, web, overflow
systems | linux, debian
advisories | CVE-2006-3747
SHA-256 | cff27e3d4e10567a89d5fc3f42af79a452df17ae7317ee82c5f7f6ebf191ec49
Mandriva Linux Security Advisory 2006.133
Posted Aug 3, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory MDKSA-2006-133 - Mark Dowd, of McAffee Avert Labs, discovered a potential remotely exploitable off-by-one flaw in Apache's mod_rewrite ldap scheme handling.

tags | advisory
systems | linux, mandriva
advisories | CVE-2006-3747
SHA-256 | 7ea66a0d8db3370ee3860ea07f13cce12dd24caa9d29d2fbd5508a949cf83469
SUSE-SA-2006-043.txt
Posted Aug 3, 2006
Site suse.com

SUSE Security Announcement SUSE-SA:2006:043 - The mod_rewrite vulnerability in Apache has been patched.

tags | advisory
systems | linux, suse
advisories | CVE-2005-3352, CVE-2006-3747
SHA-256 | 612fec7dc616174adaec186e91536b7c148d1af486ee736e1e7a7ee25ff29e29
modrewrite.txt
Posted Aug 3, 2006
Authored by Mark Dowd | Site avertlabs.com

Mod_rewrite is an Apache module that can be used to remap requests based on regular expression matches of the requested URI. A buffer overflow vulnerability exists when dealing with rewritten URI's that are prefixed with the LDAP protocol scheme.

tags | advisory, overflow, protocol
advisories | CVE-2006-3747
SHA-256 | 89573f59a369c297fe3a2e50bec303dac0dec1ddee0ba1457f1cfd898bbab15d
apacheRewrite.txt
Posted Aug 3, 2006
Site apache.org

An off-by-one flaw exists in the Rewrite module, mod_rewrite, as shipped with Apache 1.3 since 1.3.28, 2.0 since 2.0.46, and 2.2 since 2.2.0.

tags | advisory
advisories | CVE-2006-3747
SHA-256 | f3876d1169158fc551c64958b5e9f885de8ab0264310126aaeecc3277fc486cf
OpenPKG Security Advisory 2006.15
Posted Aug 3, 2006
Authored by OpenPKG Foundation | Site openpkg.org

OpenPKG Security Advisory OpenPKG-SA-2006.015 - According to a vendor announcement, a vulnerability exists in the mod_rewrite module of the Apache HTTP Server. Depending on the manner in which the Apache HTTP Server was compiled, the software defect may result in a vulnerability which, in combination with certain types of "RewriteRule" directives in the server configuration files, could be triggered remotely.

tags | advisory, web
advisories | CVE-2006-3747
SHA-256 | 0c9d96b0aaa38abdb7aa0010ad4314a2444cfef7fe76891a209c6eafd629eb77
Ubuntu Security Notice 328-1
Posted Jul 28, 2006
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-328-1 - Mark Dowd discovered an off-by-one buffer overflow in the mod_rewrite module's ldap scheme handling for Apache 2.

tags | advisory, overflow
systems | linux, ubuntu
advisories | CVE-2006-3747
SHA-256 | 5d77a8775e2b6a5bbfe4f64cd313a26d5c76928cd971164d7d08fbd0b0aa3655
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close