Apache HTTP Server mod_rewrite Module LDAP Scheme handling Buffer Overflow
Publish Date: 21 juillet 2015
Gravité: : Élevé
Identifiant(s) CVE: : CVE-2006-3747
Date du conseil: 21 juillet 2015
Description
Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
Information Exposure Rating:
Apply associated Trend Micro DPI Rules.
Solutions
Trend Micro Deep Security DPI Rule Number: 1000721
Trend Micro Deep Security DPI Rule Name: 1000721 - Apache HTTP Server mod_rewrite Module LDAP Scheme handling Buffer Overflow
Affected software and version:
- Apache Software Foundation Apache HTTP Server 1.3.28
- Apache Software Foundation Apache HTTP Server 1.3.29
- Apache Software Foundation Apache HTTP Server 1.3.3
- Apache Software Foundation Apache HTTP Server 1.3.30
- Apache Software Foundation Apache HTTP Server 1.3.31
- Apache Software Foundation Apache HTTP Server 1.3.32
- Apache Software Foundation Apache HTTP Server 1.3.33
- Apache Software Foundation Apache HTTP Server 1.3.4
- Apache Software Foundation Apache HTTP Server 1.3.5
- Apache Software Foundation Apache HTTP Server 1.3.6
- Apache Software Foundation Apache HTTP Server 1.3.7
- Apache Software Foundation Apache HTTP Server 1.3.8
- Apache Software Foundation Apache HTTP Server 1.3.9
- Apache Software Foundation Apache HTTP Server 2.0.46
- Apache Software Foundation Apache HTTP Server 2.0.47
- Apache Software Foundation Apache HTTP Server 2.0.48
- Apache Software Foundation Apache HTTP Server 2.0.49
- Apache Software Foundation Apache HTTP Server 2.0.50
- Apache Software Foundation Apache HTTP Server 2.0.51
- Apache Software Foundation Apache HTTP Server 2.0.52
- Apache Software Foundation Apache HTTP Server 2.0.53
- Apache Software Foundation Apache HTTP Server 2.0.54
- Apache Software Foundation Apache HTTP Server 2.0.55
- Apache Software Foundation Apache HTTP Server 2.0.56
- Apache Software Foundation Apache HTTP Server 2.0.57
- Apache Software Foundation Apache HTTP Server 2.0.58
- Ubuntu Ubuntu Linux 5.04
- Ubuntu Ubuntu Linux 5.10
- Ubuntu Ubuntu Linux 6.06 LTS