← volver
CVE-2006-3747

CVE-2006-3747

EPSS 96.4%
Vexday Risk Score
60Atención
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS EPSS 96.4%KEV nãoPoC públicaNuclei Metasploit simPatch referenciado
Ciclo de vida
28 jul 2006Exploit Metasploit disponible
28 jul 2006Publicada en NVD
21 ago 2006PoC pública
Recomendación: Planificar corrección próxima — ya existe PoC pública.
Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
Productos afectados
n/a · n/a
PoCs públicas encontradas5
githubgithub.com/defensahacker/CVE-2006-37472exploitdbwww.exploit-db.com/exploits/2237no verificadoexploitdbwww.exploit-db.com/exploits/3996no verificadoexploitdbwww.exploit-db.com/exploits/16752no verificadoexploitdbwww.exploit-db.com/exploits/3680no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://docs.info.apple.com/article.html?artnum=307562http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01428449http://kbase.redhat.com/faq/FAQ_68_8653.shtmhttp://lists.apple.com/archives/security-announce/2008/Mar/msg00001.htmlhttp://lists.apple.com/archives/security-announce/2008//May/msg00001.htmlhttp://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048267.htmlhttp://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048271.htmlhttp://lwn.net/Alerts/194228/http://marc.info/?l=bugtraq&m=130497311408250&w=2http://secunia.com/advisories/21197http://secunia.com/advisories/21241