Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Gentoo Local Security Checks >> [GLSA-200608-01] Apache: Off-by-one flaw in mod_rewrite


Vulnerability Assessment Details

[GLSA-200608-01] Apache: Off-by-one flaw in mod_rewrite

Vulnerability Assessment Summary
Apache: Off-by-one flaw in mod_rewrite

Detailed Explanation for this Vulnerability Assessment
The remote host is affected by the vulnerability described in GLSA-200608-01
(Apache: Off-by-one flaw in mod_rewrite)


An off-by-one flaw has been found in Apache's mod_rewrite module by
Mark Dowd of McAfee Avert Labs. This flaw is exploitable depending on
the types of rewrite rules being used.

Impact

A remote attacker could exploit the flaw to cause a Denial of Service
or execution of arbitrary code. Note that Gentoo Linux is not
vulnerable in the default configuration.

Workaround

There is no known workaround at this time.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3747
http://www.apache.org/dist/httpd/Announcement2.0.html
http://www.apache.org/dist/httpd/Announcement1.3.html


Solution:
All Apache users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose net-www/apache


Network Security Threat Level: High


Networks Security ID:

Vulnerability Assessment Copyright: (C) 2006 Michel Arboi

Cables, Connectors

MSI P965 NEO MS-7235 SOCKET 775 INTEL MOTHERBOARD LGA DDR2 ATX W/CPU
$39.95
MSI P965 NEO MS-7235 SOCKET 775 INTEL MOTHERBOARD LGA DDR2 ATX W/CPU pictureIntel Quad Core i7-3770 3.4GHz 8M 5GT/s Socket H2 CPU Processor SR0PK - Tested
$90.0
Intel Quad Core i7-3770 3.4GHz 8M 5GT/s Socket H2 CPU Processor SR0PK - Tested pictureIntel Core i7-4820K FCLGA2011 @ 3.70GHz 64bit Processor 10MB Cache SR1AU 
$89.99
Intel Core i7-4820K FCLGA2011 @ 3.70GHz 64bit Processor 10MB Cache SR1AU  pictureIntel Core i5-3340M Processor CPU Socket G2 CPU SR0XA 2.70GHz
$19.99
Intel Core i5-3340M Processor CPU Socket G2 CPU SR0XA 2.70GHz picture


Discussions

No Discussions have been posted on this vulnerability.