CVE-2006-3747

Publication date 28 July 2006

Last updated 24 July 2024

Ubuntu priority

Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
apache	7.04 feisty	Fixed 1.3.34-4ubuntu1
	6.10 edgy	Fixed 1.3.34-4ubuntu1
	6.06 LTS dapper	Fixed 1.3.34-2ubuntu0.1
apache2	7.04 feisty	Fixed 2.2.3-3.2ubuntu0.1
	6.10 edgy	Fixed 2.0.55-4ubuntu4.1
	6.06 LTS dapper	Fixed 2.0.55-4ubuntu2.2

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-328-1
Apache vulnerability
28 July 2006

Other references

https://www.cve.org/CVERecord?id=CVE-2006-3747