// For flags

CVE-2006-3747

Apache < 1.3.37/2.0.59/2.2.3 mod_rewrite - Remote Overflow

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

5
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.

Error de superación de límite (off-by-one) en el esquema ldap manejado en el modulo Rewrite (mod_rewrite) en Apache 1.3 desde 1.3.28, 2.0.46 y otras versiones anteriores 2.0.59, y 2.2, cuando RewriteEngine está activo, permite a atacantes remotos provocar denegación de servicio (Caida de aplicación) y posiblemente ejecutar código a rtavés de URLs manipuladas que no se manejan de forma adecuada utilizando ciertas reglas de reescritura.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
High
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2006-07-20 CVE Reserved
  • 2006-07-28 CVE Published
  • 2006-08-21 First Exploit
  • 2024-08-07 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-189: Numeric Errors
CAPEC
References (82)
URL Tag Source
http://docs.info.apple.com/article.html?artnum=307562 Third Party Advisory
http://kbase.redhat.com/faq/FAQ_68_8653.shtm Third Party Advisory
http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048267.html Mailing List
http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048271.html Mailing List
http://secunia.com/advisories/21197 Broken Link
http://secunia.com/advisories/21241 Broken Link
http://secunia.com/advisories/21245 Broken Link
http://secunia.com/advisories/21247 Broken Link
http://secunia.com/advisories/21266 Broken Link
http://secunia.com/advisories/21273 Broken Link
http://secunia.com/advisories/21284 Broken Link
http://secunia.com/advisories/21307 Broken Link
http://secunia.com/advisories/21313 Broken Link
http://secunia.com/advisories/21315 Broken Link
http://secunia.com/advisories/21346 Broken Link
http://secunia.com/advisories/21478 Broken Link
http://secunia.com/advisories/21509 Broken Link
http://secunia.com/advisories/22262 Broken Link
http://secunia.com/advisories/22368 Broken Link
http://secunia.com/advisories/22388 Broken Link
http://secunia.com/advisories/22523 Broken Link
http://secunia.com/advisories/23028 Broken Link
http://secunia.com/advisories/23260 Broken Link
http://secunia.com/advisories/26329 Broken Link
http://secunia.com/advisories/29420 Broken Link
http://secunia.com/advisories/29849 Broken Link
http://secunia.com/advisories/30430 Broken Link
http://securityreason.com/securityalert/1312 Third Party Advisory
http://securitytracker.com/id?1016601 Third Party Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg27007951 Third Party Advisory
http://www.kb.cert.org/vuls/id/395412 Third Party Advisory
http://www.osvdb.org/27588 Broken Link
http://www.securityfocus.com/archive/1/441485/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/441487/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/441526/100/200/threaded Mailing List
http://www.securityfocus.com/archive/1/443870/100/0/threaded Mailing List
http://www.securityfocus.com/bid/19204 Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA08-150A.html Third Party Advisory
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117 Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/28063 Third Party Advisory
https://issues.rpath.com/browse/RPL-538 Broken Link
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E Mailing List
URL Date SRC
https://www.exploit-db.com/exploits/2237 2006-08-21
https://www.exploit-db.com/exploits/3996 2007-05-26
https://www.exploit-db.com/exploits/16752 2010-02-15
https://www.exploit-db.com/exploits/3680 2007-04-07
https://github.com/defensahacker/CVE-2006-3747 2021-03-14
URL Date SRC
http://www.apache.org/dist/httpd/Announcement2.0.html 2023-02-13
http://www.debian.org/security/2006/dsa-1131 2023-02-13
http://www.debian.org/security/2006/dsa-1132 2023-02-13
URL Date SRC
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771 2023-02-13
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01428449 2023-02-13
http://lists.apple.com/archives/security-announce/2008//May/msg00001.html 2023-02-13
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html 2023-02-13
http://lwn.net/Alerts/194228 2023-02-13
http://marc.info/?l=bugtraq&amp;m=130497311408250&amp;w=2 2023-02-13
http://security.gentoo.org/glsa/glsa-200608-01.xml 2023-02-13
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102662-1 2023-02-13
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102663-1 2023-02-13
http://svn.apache.org/viewvc?view=rev&amp;revision=426144 2023-02-13
http://www-1.ibm.com/support/docview.wss?uid=swg1PK29154 2023-02-13
http://www-1.ibm.com/support/docview.wss?uid=swg1PK29156 2023-02-13
http://www-1.ibm.com/support/docview.wss?uid=swg24013080 2023-02-13
http://www.mandriva.com/security/advisories?name=MDKSA-2006:133 2023-02-13
http://www.novell.com/linux/security/advisories/2006_43_apache.html 2023-02-13
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.015-apache.html 2023-02-13
http://www.securityfocus.com/archive/1/445206/100/0/threaded 2023-02-13
http://www.securityfocus.com/archive/1/450321/100/0/threaded 2023-02-13
http://www.ubuntu.com/usn/usn-328-1 2023-02-13
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Apache
Search vendor "Apache"
 Http Server
Search vendor "Apache" for product "Http Server"
 >= 1.3.28 < 1.3.37
Search vendor "Apache" for product "Http Server" and version " >= 1.3.28 < 1.3.37"
-
Affected
Apache
Search vendor "Apache"
 Http Server
Search vendor "Apache" for product "Http Server"
 >= 2.0.46 < 2.0.59
Search vendor "Apache" for product "Http Server" and version " >= 2.0.46 < 2.0.59"
-
Affected
Apache
Search vendor "Apache"
 Http Server
Search vendor "Apache" for product "Http Server"
 >= 2.2.0 < 2.2.3
Search vendor "Apache" for product "Http Server" and version " >= 2.2.0 < 2.2.3"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 5.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "5.04"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 5.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "5.10"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 6.06
Search vendor "Canonical" for product "Ubuntu Linux" and version "6.06"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 3.1
Search vendor "Debian" for product "Debian Linux" and version "3.1"
-
Affected