CVE-2006-3747
Published: 28 July 2006
Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
Priority
Status
Package | Release | Status |
---|---|---|
apache Launchpad, Ubuntu, Debian |
dapper |
Released
(1.3.34-2ubuntu0.1)
|
edgy |
Released
(1.3.34-4ubuntu1)
|
|
feisty |
Released
(1.3.34-4ubuntu1)
|
|
upstream |
Needs triage
|
|
apache2 Launchpad, Ubuntu, Debian |
dapper |
Released
(2.0.55-4ubuntu2.2)
|
edgy |
Released
(2.0.55-4ubuntu4.1)
|
|
feisty |
Released
(2.2.3-3.2ubuntu0.1)
|
|
upstream |
Needs triage
|