Description

Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.

Remediation

References

CVE-2006-4154

Related Vulnerabilities

WordPress Plugin Feedweb Cross-Site Scripting (2.4)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2015-8389)

WordPress Plugin Afterpay Gateway for WooCommerce Cross-Site Scripting (3.2.0)

IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-4962)

WordPress Plugin WordPress for Google Maps-WP MAPS Cross-Site Request Forgery (4.2.3)

Severity

Medium

Classification

CVE-2006-4154

Tags

Missing Update Known Vulnerabilities