Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
f5F5F5:K6878
HistoryMar 19, 2013 - 12:00 a.m.

K6878 : Apache Rewrite module (mod_rewrite) vulnerabilities CVE-2006-3747

2013-03-1900:00:00
my.f5.com
43

6.8 Medium

AI Score

Confidence

Low

0.974 High

EPSS

Percentile

99.9%

JSON

Security Advisory Description

Note: Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F5 security vulnerability response policy.

F5 products and versions that have been evaluated for this Security Advisory

Product Affected Not Affected
BIG-IP LTM None 9.x
10.x
11.x
BIG-IP GTM None 9.x
10.x
11.x
BIG-IP ASM None 9.x
10.x
11.x
BIG-IP Link Controller None 9.x
10.x
11.x
BIG-IP WebAccelerator None 9.x
10.x
11.x
BIG-IP PSM None 9.x
10.x
11.x
BIG-IP WOM None 10.x
11.x
BIG-IP APM None 10.x
11.x
BIG-IP Edge Gateway None 10.x
11.x
BIG-IP Analytics None 11.x
BIG-IP AFM None 11.x
BIG-IP PEM
None 11.x
FirePass None 5.x
6.x
7.x
Enterprise Manager None 1.x
2.x
3.x

This security advisory describes an off-by-one error, which means the bits are shifted to the left or the right by one value, in the LDAP scheme handling of the Apache Rewrite module. The vulnerability within the Apache Rewrite module allows remote attackers to cause a Denial of Service attack or use rewrite rules to add arbitrary code into URLs that the Apache Rewrite module did not handle correctly.

Information about this advisory is available at the following location:

<https://vulners.com/cve/CVE-2006-3747&gt;

Related

nessus 32
openvas 47
saint 4
packetstorm 5
seebug 4
securityvulns 4
exploitpack 2
nvd 1
debian 2
cvelist 1
f5 1
redhatcve 1
freebsd 1
httpd 3
gentoo 1
slackware 1
checkpoint_advisories 2
ubuntucve 1
debiancve 1
ubuntu 1
cve 1
exploitdb 2
suse 1
cert 1
fedora 1
nessus
nessus
FreeBSD : apache -- mod_rewrite buffer overflow vulnerability (dc8c08c7-1e7c-11db-88cf-000c6ec775d9)
2006-07-29 00:00:00
Ubuntu 5.04 / 5.10 / 6.06 LTS : apache2 vulnerability (USN-328-1)
2007-11-10 00:00:00
Debian DSA-1132-1 : apache2 - buffer overflow
2006-10-14 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200608-01 (apache)
2008-09-24 00:00:00
Debian Security Advisory DSA 1132-1 (apache2)
2008-01-17 00:00:00
FreeBSD Ports: apache
2008-09-04 00:00:00
saint
saint
Apache mod_rewrite LDAP URL buffer overflow
2007-06-22 00:00:00
Apache mod_rewrite LDAP URL buffer overflow
2007-06-22 00:00:00
Apache mod_rewrite LDAP URL buffer overflow
2007-06-22 00:00:00
packetstorm
packetstorm
apache2058-rewrite.txt
2007-05-31 00:00:00
Apache module mod_rewrite LDAP protocol Buffer Overflow
2009-11-26 00:00:00
modrewritepoc.txt
2006-08-27 00:00:00
seebug
seebug
Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
2007-04-10 00:00:00
Apache &lt; 1.3.37 2.0.59 2.2.3 (mod_rewrite) Remote Overflow PoC
2006-08-21 00:00:00
Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
2014-07-01 00:00:00
securityvulns
securityvulns
[Full-disclosure] [USN-328-1] Apache vulnerability
2006-07-28 00:00:00
[Full-disclosure] [Announcement] Apache HTTP Server 2.2.3 &#40;2.0.59, 1.3.37&#41; Released
2006-07-28 00:00:00
POC &amp; exploit for Apache mod_rewrite off-by-one
2006-08-21 00:00:00
exploitpack
exploitpack
Apache mod_rewrite (Windows x86) - Off-by-One Remote Overflow
2007-04-07 00:00:00
Apache 1.3.372.0.592.2.3 mod_rewrite - Remote Overflow
2006-08-21 00:00:00
nvd
nvd
CVE-2006-3747
2006-07-28 18:02:00
debian
debian
[SECURITY] [DSA 1132-1] New apache2 packages fix buffer overflow
2006-08-01 12:57:19
[SECURITY] [DSA 1131-1] New apache package fix buffer overflow
2006-08-01 10:46:24
cvelist
cvelist
CVE-2006-3747
2006-07-28 18:00:00
f5
f5
SOL6878 - Apache Rewrite module (mod_rewrite) vulnerabilities CVE-2006-3747
2007-05-16 00:00:00
redhatcve
redhatcve
CVE-2006-3747
2015-10-30 09:51:27
freebsd
freebsd
apache -- mod_rewrite buffer overflow vulnerability
2006-07-27 00:00:00
httpd
httpd
Apache Httpd < 2.2.3 : mod_rewrite off-by-one error
2006-07-21 00:00:00
Apache Httpd < 1.3.37 : mod_rewrite off-by-one error
2006-07-21 00:00:00
Apache Httpd < 2.0.59 : mod_rewrite off-by-one error
2006-07-21 00:00:00
gentoo
gentoo
Apache: Off-by-one flaw in mod_rewrite
2006-08-01 00:00:00
slackware
slackware
[slackware-security] Apache httpd
2006-07-29 00:21:45
checkpoint_advisories
checkpoint_advisories
Apache Server mod_rewrite Module LDAP Scheme Handling Buffer Overflow (CVE-2006-3747)
2009-09-30 00:00:00
Update Protection against Apache LDAP HTTP Server Buffer Overflow Vulnerability
2006-09-12 00:00:00
ubuntucve
ubuntucve
CVE-2006-3747
2006-07-28 00:00:00
debiancve
debiancve
CVE-2006-3747
2006-07-28 18:02:00
ubuntu
ubuntu
Apache vulnerability
2006-07-28 00:00:00
cve
cve
CVE-2006-3747
2006-07-28 18:02:00
exploitdb
exploitdb
Apache mod_rewrite (Windows x86) - Off-by-One Remote Overflow
2007-04-07 00:00:00
Apache &lt; 1.3.37/2.0.59/2.2.3 mod_rewrite - Remote Overflow
2006-08-21 00:00:00
suse
suse
remote denial of service in apache,apache2
2006-07-28 14:21:14
cert
cert
Apache mod_rewrite contains off-by-one error in ldap scheme handling
2006-07-28 00:00:00
fedora
fedora
[SECURITY] Fedora Core 5 Update: httpd-2.2.2-1.3
2007-07-02 15:01:38

6.8 Medium

AI Score

Confidence

Low

0.974 High

EPSS

Percentile

99.9%

JSON
Related for F5:K6878
nessus32openvas47saint4packetstorm5seebug4securityvulns4exploitpack2nvd1debian2cvelist1f51redhatcve1freebsd1httpd3gentoo1slackware1checkpoint_advisories2ubuntucve1debiancve1ubuntu1cve1exploitdb2suse1cert1fedora1