Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
Published 2006-07-28 18:02:00
Updated 2023-02-13 02:16:40
Source Red Hat, Inc.
View at NVD,   CVE.org
Vulnerability category: Execute codeDenial of service

Products affected by CVE-2006-3747

Threat overview for CVE-2006-3747

Top countries where our scanners detected CVE-2006-3747
Top open port discovered on systems with this issue 80
IPs affected by CVE-2006-3747 158,291
Threat actors abusing to this issue? Yes
Find out if you* are affected by CVE-2006-3747!
*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2006-3747

93.52%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2006-3747

  • Apache Module mod_rewrite LDAP Protocol Buffer Overflow
    Disclosure Date: 2006-07-28
    First seen: 2020-04-26
    exploit/windows/http/apache_mod_rewrite_ldap
    This module exploits the mod_rewrite LDAP protocol scheme handling flaw discovered by Mark Dowd, which produces an off-by-one overflow. Apache versions 1.3.29-36, 2.0.47-58, and 2.2.1-2 are vulnerable. This module requires REWRITEPATH to be set accurately. In additio

CVSS scores for CVE-2006-3747

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
7.6
HIGH AV:N/AC:H/Au:N/C:C/I:C/A:C
4.9
10.0
NIST

CWE ids for CVE-2006-3747

  • Assigned by: nvd@nist.gov (Primary)

Vendor statements for CVE-2006-3747

  • Red Hat 2006-07-31
    The ability to exploit this issue is dependent on the stack layout for a particular compiled version of mod_rewrite. If the compiler has added padding to the stack immediately after the buffer being overwritten, this issue can not be exploited, and Apache httpd will continue operating normally. The Red Hat Security Response Team analyzed Red Hat Enterprise Linux 3 and Red Hat Enterprise Linux 4 binaries for all architectures as shipped by Red Hat and determined that these versions cannot be exploited. This issue does not affect the version of Apache httpd as supplied with Red Hat Enterprise Linux 2.1
  • Apache 2008-07-02
    Fixed in Apache HTTP Server 2.2.3, 2.0.59, and 1.3.37: http://httpd.apache.org/security/vulnerabilities_22.html http://httpd.apache.org/security/vulnerabilities_20.html http://httpd.apache.org/security/vulnerabilities_13.html

References for CVE-2006-3747

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!