Vulnerability Details : CVE-2006-3747
Public exploit exists!
Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
Vulnerability category: Execute codeDenial of service
Products affected by CVE-2006-3747
- cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
Threat overview for CVE-2006-3747
Top countries where our scanners detected CVE-2006-3747
Top open port discovered on systems with this issue
80
IPs affected by CVE-2006-3747 158,291
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2006-3747!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2006-3747
93.52%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2006-3747
-
Apache Module mod_rewrite LDAP Protocol Buffer Overflow
Disclosure Date: 2006-07-28First seen: 2020-04-26exploit/windows/http/apache_mod_rewrite_ldapThis module exploits the mod_rewrite LDAP protocol scheme handling flaw discovered by Mark Dowd, which produces an off-by-one overflow. Apache versions 1.3.29-36, 2.0.47-58, and 2.2.1-2 are vulnerable. This module requires REWRITEPATH to be set accurately. In additio
CVSS scores for CVE-2006-3747
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.6
|
HIGH | AV:N/AC:H/Au:N/C:C/I:C/A:C |
4.9
|
10.0
|
NIST |
CWE ids for CVE-2006-3747
-
Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2006-3747
-
Red Hat 2006-07-31The ability to exploit this issue is dependent on the stack layout for a particular compiled version of mod_rewrite. If the compiler has added padding to the stack immediately after the buffer being overwritten, this issue can not be exploited, and Apache httpd will continue operating normally. The Red Hat Security Response Team analyzed Red Hat Enterprise Linux 3 and Red Hat Enterprise Linux 4 binaries for all architectures as shipped by Red Hat and determined that these versions cannot be exploited. This issue does not affect the version of Apache httpd as supplied with Red Hat Enterprise Linux 2.1
-
Apache 2008-07-02Fixed in Apache HTTP Server 2.2.3, 2.0.59, and 1.3.37: http://httpd.apache.org/security/vulnerabilities_22.html http://httpd.apache.org/security/vulnerabilities_20.html http://httpd.apache.org/security/vulnerabilities_13.html
References for CVE-2006-3747
-
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_
-
http://www.vupen.com/english/advisories/2006/4015
Webmail: access your OVH emails on ovhcloud.com | OVHcloudPermissions Required
-
http://www.securityfocus.com/archive/1/441485/100/0/threaded
Third Party Advisory;VDB Entry
-
http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048271.html
[Full-Disclosure] Mailing List CharterMailing List;Third Party Advisory
-
http://www.vupen.com/english/advisories/2006/4300
Webmail: access your OVH emails on ovhcloud.com | OVHcloudPermissions Required
-
http://www.vupen.com/english/advisories/2008/1697
Webmail: access your OVH emails on ovhcloud.com | OVHcloudPermissions Required
-
https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E
Apache Mail Archives
-
https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E
Apache Mail Archives
-
http://www.debian.org/security/2006/dsa-1131
[SECURITY] [DSA 1131-1] New apache package fix buffer overflowPatch;Third Party Advisory
-
http://www-1.ibm.com/support/docview.wss?uid=swg24013080
IBM notice: The page you requested cannot be displayedThird Party Advisory
-
http://www.vupen.com/english/advisories/2008/1246/references
Webmail: access your OVH emails on ovhcloud.com | OVHcloudPermissions Required
-
http://www.securityfocus.com/bid/19204
Apache Mod_Rewrite Off-By-One Buffer Overflow VulnerabilityThird Party Advisory;VDB Entry
-
https://issues.rpath.com/browse/RPL-538
Broken Link
-
http://www.ubuntu.com/usn/usn-328-1
USN-328-1: Apache vulnerability | Ubuntu security notices | UbuntuThird Party Advisory
-
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
Mailing List;Third Party Advisory
-
http://www-1.ibm.com/support/docview.wss?uid=swg1PK29156
IBM notice: The page you requested cannot be displayedThird Party Advisory
-
http://securitytracker.com/id?1016601
Access DeniedThird Party Advisory;VDB Entry
-
http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048267.html
[Full-Disclosure] Mailing List CharterThird Party Advisory
-
http://www.vupen.com/english/advisories/2006/3282
Site en constructionPermissions Required
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:133
MandrivaBroken Link
-
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.015-apache.html
Third Party Advisory
-
http://lwn.net/Alerts/194228/
Trustix alert TSLSA-2006-0044 (apache, gnupg, libtiff) [LWN.net]Mailing List;Third Party Advisory
-
http://www.vupen.com/english/advisories/2006/4207
Site en constructionPermissions Required
-
http://www.kb.cert.org/vuls/id/395412
VU#395412 - Apache mod_rewrite contains off-by-one error in ldap scheme handlingThird Party Advisory;US Government Resource
-
http://securityreason.com/securityalert/1312
Apache mod_rewrite Buffer Overflow Vulnerability - CXSecurity.comThird Party Advisory
-
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117
404 Not FoundThird Party Advisory
-
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/-Apache Mail Archives
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102662-1
Broken Link
-
http://www.novell.com/linux/security/advisories/2006_43_apache.html
404 Page Not Found | SUSEThird Party Advisory
-
http://www.securityfocus.com/archive/1/441526/100/200/threaded
Third Party Advisory;VDB Entry
-
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_
-
http://www.vupen.com/english/advisories/2006/4868
Webmail: access your OVH emails on ovhcloud.com | OVHcloudPermissions Required
-
http://www.apache.org/dist/httpd/Announcement2.0.html
404 Not FoundPatch;Vendor Advisory
-
http://marc.info/?l=bugtraq&m=130497311408250&w=2
'[security bulletin] HPSBOV02683 SSRT090208 rev.1 - HP Secure Web Server (SWS) for OpenVMS running Ap' - MARCMailing List;Third Party Advisory
-
http://www.securityfocus.com/archive/1/445206/100/0/threaded
Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/archive/1/450321/100/0/threaded
Third Party Advisory;VDB Entry
-
http://www.vupen.com/english/advisories/2007/2783
Site en constructionPermissions Required
-
http://www.us-cert.gov/cas/techalerts/TA08-150A.html
Page Not Found | CISAThird Party Advisory;US Government Resource
-
http://www.debian.org/security/2006/dsa-1132
[SECURITY] [DSA 1132-1] New apache2 packages fix buffer overflowPatch;Third Party Advisory
-
http://www.vupen.com/english/advisories/2006/3264
Site en constructionPermissions Required
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/28063
Apache mod_rewrite off-by-one buffer overflow CVE-2006-3747 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://docs.info.apple.com/article.html?artnum=307562
Third Party Advisory
-
http://kbase.redhat.com/faq/FAQ_68_8653.shtm
Third Party Advisory
-
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/-Apache Mail Archives
-
http://www.vupen.com/english/advisories/2006/3995
Webmail: access your OVH emails on ovhcloud.com | OVHcloudPermissions Required
-
http://www.securityfocus.com/archive/1/441487/100/0/threaded
Third Party Advisory;VDB Entry
-
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html s
-
http://www-1.ibm.com/support/docview.wss?uid=swg1PK29154
PK29154: CVE-2006-3747 MOD_REWRITE ERRORThird Party Advisory
-
http://www.vupen.com/english/advisories/2006/3017
Site en constructionPermissions Required
-
http://svn.apache.org/viewvc?view=rev&revision=426144
[Apache-SVN] Revision 426144Vendor Advisory
-
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_2
-
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_
-
http://www.securityfocus.com/archive/1/443870/100/0/threaded
Third Party Advisory;VDB Entry
-
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102663-1
Broken Link
-
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771
Third Party Advisory
-
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/-Apache Mail Archives
-
http://www.vupen.com/english/advisories/2006/3884
Site en constructionPermissions Required
-
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html
-
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01428449
Third Party Advisory
-
http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
Mailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E
Apache Mail Archives
-
http://security.gentoo.org/glsa/glsa-200608-01.xml
Apache: Off-by-one flaw in mod_rewrite (GLSA 200608-01) — Gentoo securityThird Party Advisory
-
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
Apache Mail Archives
-
http://www.vupen.com/english/advisories/2008/0924/references
Webmail: access your OVH emails on ovhcloud.com | OVHcloudPermissions Required
-
http://www-1.ibm.com/support/docview.wss?uid=swg27007951
IBM notice: The page you requested cannot be displayedThird Party Advisory
Jump to