CVE-2011-3607

Apache < 2.0.64 / < 2.2.21 mod_setenvif - Integer Overflow

Severity Score

4.4

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.

Desbordamiento de entero en la función en ap_pregsub / util.c en el servidor HTTP Apache v2.0.x hasta la v2.0.64 y la v2.2.x hasta la v2.2.21, cuando el módulo mod_setenvif está activado, que permite a usuarios locales conseguir privilegios a través de un archivo .htaccess que incluye una directiva SetEnvIf modificada, junto con un encabezado de solicitud HTTP manipulado, dando lugar a un desbordamiento de búfer basado en memoria dinámica.

*Credits: N/A

CVSS Scores

NISTv2 4.4

Attack Vector

Local

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2011-09-21 CVE Reserved
2011-11-02 CVE Published
2011-11-02 First Exploit
2023-03-08 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-189: Numeric Errors
CWE-190: Integer Overflow or Wraparound

CAPEC

References (51)

URL	Tag	Source
http://archives.neohapsis.com/archives/fulldisclosure/2011-11/0023.html	Mailing List
http://secunia.com/advisories/48551	Third Party Advisory
http://securitytracker.com/id?1026267	Vdb Entry
http://support.apple.com/kb/HT5501	X_refsource_confirm
http://www.fujitsu.com/global/support/software/security/products-f/interstage-201303e.html	X_refsource_confirm
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html	X_refsource_confirm
http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html	X_refsource_confirm
http://www.osvdb.org/76744	Vdb Entry
http://www.securityfocus.com/bid/50494	Vdb Entry
https://bugzilla.redhat.com/show_bug.cgi?id=750935	X_refsource_confirm
https://exchange.xforce.ibmcloud.com/vulnerabilities/71093	Vdb Entry
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E	Mailing List

URL	Date	SRC
https://www.exploit-db.com/exploits/41769	2011-11-02
http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow	2024-08-06
http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/DemoExploit.html	2024-08-06
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/811422	2024-08-06

URL	Date	SRC

URL	Date	SRC
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041	2023-11-07
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html	2023-11-07
http://marc.info/?l=bugtraq&m=133294460209056&w=2	2023-11-07
http://marc.info/?l=bugtraq&m=133494237717847&w=2	2023-11-07
http://marc.info/?l=bugtraq&m=134987041210674&w=2	2023-11-07
http://rhn.redhat.com/errata/RHSA-2012-0128.html	2023-11-07
http://rhn.redhat.com/errata/RHSA-2012-0542.html	2023-11-07
http://rhn.redhat.com/errata/RHSA-2012-0543.html	2023-11-07
http://secunia.com/advisories/45793	2023-11-07
http://www.debian.org/security/2012/dsa-2405	2023-11-07
http://www.mandriva.com/security/advisories?name=MDVSA-2012:003	2023-11-07
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150	2023-11-07
https://access.redhat.com/security/cve/CVE-2011-3607	2012-05-07
https://bugzilla.redhat.com/show_bug.cgi?id=769844	2012-05-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0 Search vendor "Apache" for product "Http Server" and version "2.0"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.9 Search vendor "Apache" for product "Http Server" and version "2.0.9"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.28 Search vendor "Apache" for product "Http Server" and version "2.0.28"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.28 Search vendor "Apache" for product "Http Server" and version "2.0.28"		beta		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.32 Search vendor "Apache" for product "Http Server" and version "2.0.32"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.32 Search vendor "Apache" for product "Http Server" and version "2.0.32"		beta		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.34 Search vendor "Apache" for product "Http Server" and version "2.0.34"		beta		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.35 Search vendor "Apache" for product "Http Server" and version "2.0.35"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.36 Search vendor "Apache" for product "Http Server" and version "2.0.36"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.37 Search vendor "Apache" for product "Http Server" and version "2.0.37"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.38 Search vendor "Apache" for product "Http Server" and version "2.0.38"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.39 Search vendor "Apache" for product "Http Server" and version "2.0.39"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.40 Search vendor "Apache" for product "Http Server" and version "2.0.40"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.41 Search vendor "Apache" for product "Http Server" and version "2.0.41"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.42 Search vendor "Apache" for product "Http Server" and version "2.0.42"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.43 Search vendor "Apache" for product "Http Server" and version "2.0.43"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.44 Search vendor "Apache" for product "Http Server" and version "2.0.44"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.45 Search vendor "Apache" for product "Http Server" and version "2.0.45"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.46 Search vendor "Apache" for product "Http Server" and version "2.0.46"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.47 Search vendor "Apache" for product "Http Server" and version "2.0.47"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.48 Search vendor "Apache" for product "Http Server" and version "2.0.48"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.49 Search vendor "Apache" for product "Http Server" and version "2.0.49"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.50 Search vendor "Apache" for product "Http Server" and version "2.0.50"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.51 Search vendor "Apache" for product "Http Server" and version "2.0.51"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.52 Search vendor "Apache" for product "Http Server" and version "2.0.52"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.53 Search vendor "Apache" for product "Http Server" and version "2.0.53"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.54 Search vendor "Apache" for product "Http Server" and version "2.0.54"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.55 Search vendor "Apache" for product "Http Server" and version "2.0.55"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.56 Search vendor "Apache" for product "Http Server" and version "2.0.56"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.57 Search vendor "Apache" for product "Http Server" and version "2.0.57"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.58 Search vendor "Apache" for product "Http Server" and version "2.0.58"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.59 Search vendor "Apache" for product "Http Server" and version "2.0.59"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.60 Search vendor "Apache" for product "Http Server" and version "2.0.60"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.61 Search vendor "Apache" for product "Http Server" and version "2.0.61"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.63 Search vendor "Apache" for product "Http Server" and version "2.0.63"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.64 Search vendor "Apache" for product "Http Server" and version "2.0.64"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.2.0 Search vendor "Apache" for product "Http Server" and version "2.2.0"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.2.1 Search vendor "Apache" for product "Http Server" and version "2.2.1"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.2.2 Search vendor "Apache" for product "Http Server" and version "2.2.2"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.2.3 Search vendor "Apache" for product "Http Server" and version "2.2.3"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.2.4 Search vendor "Apache" for product "Http Server" and version "2.2.4"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.2.6 Search vendor "Apache" for product "Http Server" and version "2.2.6"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.2.8 Search vendor "Apache" for product "Http Server" and version "2.2.8"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.2.9 Search vendor "Apache" for product "Http Server" and version "2.2.9"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.2.10 Search vendor "Apache" for product "Http Server" and version "2.2.10"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.2.11 Search vendor "Apache" for product "Http Server" and version "2.2.11"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.2.12 Search vendor "Apache" for product "Http Server" and version "2.2.12"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.2.13 Search vendor "Apache" for product "Http Server" and version "2.2.13"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.2.14 Search vendor "Apache" for product "Http Server" and version "2.2.14"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.2.15 Search vendor "Apache" for product "Http Server" and version "2.2.15"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.2.16 Search vendor "Apache" for product "Http Server" and version "2.2.16"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.2.18 Search vendor "Apache" for product "Http Server" and version "2.2.18"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.2.19 Search vendor "Apache" for product "Http Server" and version "2.2.19"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.2.20 Search vendor "Apache" for product "Http Server" and version "2.2.20"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.2.21 Search vendor "Apache" for product "Http Server" and version "2.2.21"		-		Affected