Description

This alert was generated using only banner information. It may be a false positive.

Fixed in Apache httpd 2.2.3:
  • important: mod_rewrite off-by-one error CVE-2006-3747
    An off-by-one flaw exists in the Rewrite module, mod_rewrite. Depending on the manner in which Apache httpd was compiled, this software defect may result in a vulnerability which, in combination with certain types of Rewrite rules in the web server configuration files, could be triggered remotely. For vulnerable builds, the nature of the vulnerability can be denial of service (crashing of web server processes) or potentially allow arbitrary code execution.

Affected Apache versions (up to 2.2.2).

Remediation

Upgrade Apache 2.x to the latest version.

References

Apache homepage

Apache httpd 2.2 vulnerabilities

Related Vulnerabilities

phpMyFAQ Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2023-4006)

Oracle HTTP Server Out-of-bounds Read Vulnerability (CVE-2021-4183)

PHP preg_replace used on user input

GibbonEdu Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-34599)

PrestaShop Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-5682)

Severity

Medium

Classification

CVE-2006-3747 CWE-189 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Tags

Code Execution Denial Of Service Missing Update