Apache » Http Server : Security Vulnerabilities, CVEs, Published In 2006 (Code Execution) CVSS score >= 1
Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
Max CVSS
6.8
EPSS Score
84.75%
Published
2006-10-16
Updated
2017-07-20
CVE-2006-3747
Public exploit
Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
Max CVSS
7.6
EPSS Score
97.40%
Published
2006-07-28
Updated
2023-02-13
2 vulnerabilities found