Apache mod_tcl Remote Format String Vulnerability
Publish date: 21 de julio de 2015
Gravedad: Medio
Identificadores de CVE : CVE-2006-4154
Fecha recomendada: 21 de julio de 2015
Descripción
Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
Revelación de la información
This vulnerability is addressed in the following Apache module update:
mod_tcl 1.0.1
Soluciones
Trend Micro Deep Security DPI Rule Number: 1000853
Trend Micro Deep Security DPI Rule Name: 1000853 - Apache mod_tcl Module Format String Vulnerability
Software y versión afectados
- Apache Software Foundation Apache HTTP Server 2.0
- Apache Software Foundation Apache HTTP Server 2.0 a9
- Apache Software Foundation Apache HTTP Server 2.0.28
- Apache Software Foundation Apache HTTP Server 2.0.28 Beta
- Apache Software Foundation Apache HTTP Server 2.0.28-BETA win32
- Apache Software Foundation Apache HTTP Server 2.0.32
- Apache Software Foundation Apache HTTP Server 2.0.32-BETA win32
- Apache Software Foundation Apache HTTP Server 2.0.34-BETA win32
- Apache Software Foundation Apache HTTP Server 2.0.35
- Apache Software Foundation Apache HTTP Server 2.0.36
- Apache Software Foundation Apache HTTP Server 2.0.37
- Apache Software Foundation Apache HTTP Server 2.0.38
- Apache Software Foundation Apache HTTP Server 2.0.39
- Apache Software Foundation Apache HTTP Server 2.0.40
- Apache Software Foundation Apache HTTP Server 2.0.41
- Apache Software Foundation Apache HTTP Server 2.0.42
- Apache Software Foundation Apache HTTP Server 2.0.43
- Apache Software Foundation Apache HTTP Server 2.0.44
- Apache Software Foundation Apache HTTP Server 2.0.45