Apache mod_tcl Remote Format String Vulnerability
Severity: MEDIUM
CVE Identifier: CVE-2006-4154
Advisory Date: JUL 21, 2015
DESCRIPTION
Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
TREND MICRO PROTECTION INFORMATION
This vulnerability is addressed in the following Apache module update:
mod_tcl 1.0.1
SOLUTION
Trend Micro Deep Security DPI Rule Number: 1000853
Trend Micro Deep Security DPI Rule Name: 1000853 - Apache mod_tcl Module Format String Vulnerability
AFFECTED SOFTWARE AND VERSION
- Apache Software Foundation Apache HTTP Server 2.0
- Apache Software Foundation Apache HTTP Server 2.0 a9
- Apache Software Foundation Apache HTTP Server 2.0.28
- Apache Software Foundation Apache HTTP Server 2.0.28 Beta
- Apache Software Foundation Apache HTTP Server 2.0.28-BETA win32
- Apache Software Foundation Apache HTTP Server 2.0.32
- Apache Software Foundation Apache HTTP Server 2.0.32-BETA win32
- Apache Software Foundation Apache HTTP Server 2.0.34-BETA win32
- Apache Software Foundation Apache HTTP Server 2.0.35
- Apache Software Foundation Apache HTTP Server 2.0.36
- Apache Software Foundation Apache HTTP Server 2.0.37
- Apache Software Foundation Apache HTTP Server 2.0.38
- Apache Software Foundation Apache HTTP Server 2.0.39
- Apache Software Foundation Apache HTTP Server 2.0.40
- Apache Software Foundation Apache HTTP Server 2.0.41
- Apache Software Foundation Apache HTTP Server 2.0.42
- Apache Software Foundation Apache HTTP Server 2.0.43
- Apache Software Foundation Apache HTTP Server 2.0.44
- Apache Software Foundation Apache HTTP Server 2.0.45