Description

Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.

Remediation

References

CVE-2011-3607

Related Vulnerabilities

WordPress 4.7.x Multiple Vulnerabilities (4.7 - 4.7.25)

Envoy Proxy Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2023-27491)

Magento Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-8130)

Joomla! Core Multiple Vulnerabilities (2.5.0 - 3.9.2)

WordPress Plugin JoomSport-for Sports: Team & League, Football, Hockey & more PHP Object Injection (5.1.5)

Severity

Medium

Classification

CVE-2011-3607

Tags

Missing Update Known Vulnerabilities