Trend Micro Security

Apache HTTP Server mod_rewrite Module LDAP Scheme handling Buffer Overflow

2015年7月21日
  危険度: :
  CVE識別番号: CVE-2006-3747

  概要

Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.

  トレンドマイクロの対策

Apply associated Trend Micro DPI Rules.

  対応方法

  Trend Micro Deep Security DPI Rule Number: 1000721
  Trend Micro Deep Security DPI Rule Name: 1000721 - Apache HTTP Server mod_rewrite Module LDAP Scheme handling Buffer Overflow

  影響を受けるソフトウェア

  • Apache Software Foundation Apache HTTP Server 1.3.28
  • Apache Software Foundation Apache HTTP Server 1.3.29
  • Apache Software Foundation Apache HTTP Server 1.3.3
  • Apache Software Foundation Apache HTTP Server 1.3.30
  • Apache Software Foundation Apache HTTP Server 1.3.31
  • Apache Software Foundation Apache HTTP Server 1.3.32
  • Apache Software Foundation Apache HTTP Server 1.3.33
  • Apache Software Foundation Apache HTTP Server 1.3.4
  • Apache Software Foundation Apache HTTP Server 1.3.5
  • Apache Software Foundation Apache HTTP Server 1.3.6
  • Apache Software Foundation Apache HTTP Server 1.3.7
  • Apache Software Foundation Apache HTTP Server 1.3.8
  • Apache Software Foundation Apache HTTP Server 1.3.9
  • Apache Software Foundation Apache HTTP Server 2.0.46
  • Apache Software Foundation Apache HTTP Server 2.0.47
  • Apache Software Foundation Apache HTTP Server 2.0.48
  • Apache Software Foundation Apache HTTP Server 2.0.49
  • Apache Software Foundation Apache HTTP Server 2.0.50
  • Apache Software Foundation Apache HTTP Server 2.0.51
  • Apache Software Foundation Apache HTTP Server 2.0.52
  • Apache Software Foundation Apache HTTP Server 2.0.53
  • Apache Software Foundation Apache HTTP Server 2.0.54
  • Apache Software Foundation Apache HTTP Server 2.0.55
  • Apache Software Foundation Apache HTTP Server 2.0.56
  • Apache Software Foundation Apache HTTP Server 2.0.57
  • Apache Software Foundation Apache HTTP Server 2.0.58
  • Ubuntu Ubuntu Linux 5.04
  • Ubuntu Ubuntu Linux 5.10
  • Ubuntu Ubuntu Linux 6.06 LTS