Vulnerability Details : CVE-2006-3747
Public exploit exists!
Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
Vulnerability category: Execute codeDenial of service
Threat overview for CVE-2006-3747
Top countries where our scanners detected CVE-2006-3747
Top open port discovered on systems with this issue
80
IPs affected by CVE-2006-3747 158,291
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2006-3747!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2006-3747
Probability of exploitation activity in the next 30 days: 97.40%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2006-3747
-
Apache Module mod_rewrite LDAP Protocol Buffer Overflow
Disclosure Date: 2006-07-28First seen: 2020-04-26exploit/windows/http/apache_mod_rewrite_ldapThis module exploits the mod_rewrite LDAP protocol scheme handling flaw discovered by Mark Dowd, which produces an off-by-one overflow. Apache versions 1.3.29-36, 2.0.47-58, and 2.2.1-2 are vulnerable. This module requires REWRITEPATH to be set accurately. In additio
CVSS scores for CVE-2006-3747
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.6
|
HIGH | AV:N/AC:H/Au:N/C:C/I:C/A:C |
4.9
|
10.0
|
NIST |
CWE ids for CVE-2006-3747
-
Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2006-3747
-
Red Hat 2006-07-31The ability to exploit this issue is dependent on the stack layout for a particular compiled version of mod_rewrite. If the compiler has added padding to the stack immediately after the buffer being overwritten, this issue can not be exploited, and Apache httpd will continue operating normally. The Red Hat Security Response Team analyzed Red Hat Enterprise Linux 3 and Red Hat Enterprise Linux 4 binaries for all architectures as shipped by Red Hat and determined that these versions cannot be exploited. This issue does not affect the version of Apache httpd as supplied with Red Hat Enterprise Linux 2.1
-
Apache 2008-07-02Fixed in Apache HTTP Server 2.2.3, 2.0.59, and 1.3.37: http://httpd.apache.org/security/vulnerabilities_22.html http://httpd.apache.org/security/vulnerabilities_20.html http://httpd.apache.org/security/vulnerabilities_13.html
-
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_
-
http://www.vupen.com/english/advisories/2006/4015
Webmail: access your OVH emails on ovhcloud.com | OVHcloudPermissions Required
-
http://www.securityfocus.com/archive/1/441485/100/0/threaded
Third Party Advisory;VDB Entry
-
http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048271.html
Mailing List;Third Party Advisory
-
http://www.vupen.com/english/advisories/2006/4300
Webmail: access your OVH emails on ovhcloud.com | OVHcloudPermissions Required
-
http://www.vupen.com/english/advisories/2008/1697
Webmail: access your OVH emails on ovhcloud.com | OVHcloudPermissions Required
-
https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E
Apache Mail Archives
-
https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E
Apache Mail Archives
-
http://www.debian.org/security/2006/dsa-1131
Patch;Third Party Advisory
-
http://www-1.ibm.com/support/docview.wss?uid=swg24013080
Third Party Advisory
-
http://www.vupen.com/english/advisories/2008/1246/references
Webmail: access your OVH emails on ovhcloud.com | OVHcloudPermissions Required
-
http://www.securityfocus.com/bid/19204
Apache Mod_Rewrite Off-By-One Buffer Overflow VulnerabilityThird Party Advisory;VDB Entry
-
https://issues.rpath.com/browse/RPL-538
Broken Link
-
http://www.ubuntu.com/usn/usn-328-1
Third Party Advisory
-
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
Mailing List;Third Party Advisory
-
http://www-1.ibm.com/support/docview.wss?uid=swg1PK29156
Third Party Advisory
-
http://securitytracker.com/id?1016601
Third Party Advisory;VDB Entry
-
http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048267.html
Third Party Advisory
-
http://www.vupen.com/english/advisories/2006/3282
Permissions Required
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:133
Broken Link
-
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.015-apache.html
Third Party Advisory
-
http://lwn.net/Alerts/194228/
Mailing List;Third Party Advisory
-
http://www.vupen.com/english/advisories/2006/4207
Permissions Required
-
http://www.kb.cert.org/vuls/id/395412
Third Party Advisory;US Government Resource
-
http://securityreason.com/securityalert/1312
Third Party Advisory
-
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117
Third Party Advisory
-
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/-Apache Mail Archives
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102662-1
Broken Link
-
http://www.novell.com/linux/security/advisories/2006_43_apache.html
404 Page Not Found | SUSEThird Party Advisory
-
http://www.securityfocus.com/archive/1/441526/100/200/threaded
Third Party Advisory;VDB Entry
-
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_
-
http://www.vupen.com/english/advisories/2006/4868
Webmail: access your OVH emails on ovhcloud.com | OVHcloudPermissions Required
-
http://www.apache.org/dist/httpd/Announcement2.0.html
Patch;Vendor Advisory
-
http://marc.info/?l=bugtraq&m=130497311408250&w=2
'[security bulletin] HPSBOV02683 SSRT090208 rev.1 - HP Secure Web Server (SWS) for OpenVMS running Ap' - MARCMailing List;Third Party Advisory
-
http://www.securityfocus.com/archive/1/445206/100/0/threaded
Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/archive/1/450321/100/0/threaded
Third Party Advisory;VDB Entry
-
http://www.vupen.com/english/advisories/2007/2783
Permissions Required
-
http://www.us-cert.gov/cas/techalerts/TA08-150A.html
Page Not Found | CISAThird Party Advisory;US Government Resource
-
http://www.debian.org/security/2006/dsa-1132
Patch;Third Party Advisory
-
http://www.vupen.com/english/advisories/2006/3264
Permissions Required
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/28063
Third Party Advisory;VDB Entry
-
http://docs.info.apple.com/article.html?artnum=307562
Third Party Advisory
-
http://kbase.redhat.com/faq/FAQ_68_8653.shtm
Third Party Advisory
-
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/-Apache Mail Archives
-
http://www.vupen.com/english/advisories/2006/3995
Webmail: access your OVH emails on ovhcloud.com | OVHcloudPermissions Required
-
http://www.securityfocus.com/archive/1/441487/100/0/threaded
Third Party Advisory;VDB Entry
-
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html s
-
http://www-1.ibm.com/support/docview.wss?uid=swg1PK29154
Third Party Advisory
-
http://www.vupen.com/english/advisories/2006/3017
Permissions Required
-
http://svn.apache.org/viewvc?view=rev&revision=426144
Vendor Advisory
-
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_2
-
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_
-
http://www.securityfocus.com/archive/1/443870/100/0/threaded
Third Party Advisory;VDB Entry
-
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102663-1
Broken Link
-
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771
Third Party Advisory
-
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/-Apache Mail Archives
-
http://www.vupen.com/english/advisories/2006/3884
Permissions Required
-
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html
-
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01428449
Third Party Advisory
-
http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
Mailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E
Apache Mail Archives
-
http://security.gentoo.org/glsa/glsa-200608-01.xml
Third Party Advisory
-
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
Apache Mail Archives
-
http://www.vupen.com/english/advisories/2008/0924/references
Webmail: access your OVH emails on ovhcloud.com | OVHcloudPermissions Required
-
http://www-1.ibm.com/support/docview.wss?uid=swg27007951
Third Party Advisory
- cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*