Vulnerabilities > CVE-2006-3747 - Numeric Errors vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
description Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32). CVE-2006-3747. Remote exploit for windows platform id EDB-ID:3680 last seen 2016-01-31 modified 2007-04-07 published 2007-04-07 reporter axis source https://www.exploit-db.com/download/3680/ title Apache Mod_Rewrite Off-by-one Remote Overflow Exploit Win32 description Apache module mod_rewrite LDAP protocol Buffer Overflow. CVE-2006-3747. Remote exploit for windows platform id EDB-ID:16752 last seen 2016-02-02 modified 2010-02-15 published 2010-02-15 reporter metasploit source https://www.exploit-db.com/download/16752/ title Apache module mod_rewrite LDAP protocol Buffer Overflow description Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC. CVE-2006-3747. Dos exploits for multiple platform id EDB-ID:2237 last seen 2016-01-31 modified 2006-08-21 published 2006-08-21 reporter Jacobo Avariento source https://www.exploit-db.com/download/2237/ title Apache < 1.3.37 / 2.0.59 / 2.2.3 - mod_rewrite Remote Overflow PoC description Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3). CVE-2006-3747. Remote exploit for windows platform id EDB-ID:3996 last seen 2016-01-31 modified 2007-05-26 published 2007-05-26 reporter fabio/b0x source https://www.exploit-db.com/download/3996/ title Apache 2.0.58 mod_rewrite Remote Overflow Exploit win2k3
Metasploit
description | This module exploits the mod_rewrite LDAP protocol scheme handling flaw discovered by Mark Dowd, which produces an off-by-one overflow. Apache versions 1.3.29-36, 2.0.47-58, and 2.2.1-2 are vulnerable. This module requires REWRITEPATH to be set accurately. In addition, the target must have 'RewriteEngine on' configured, with a specific 'RewriteRule' condition enabled to allow for exploitation. The flaw affects multiple platforms, however this module currently only supports Windows based installations. |
id | MSF:EXPLOIT/WINDOWS/HTTP/APACHE_MOD_REWRITE_LDAP |
last seen | 2020-06-13 |
modified | 2017-11-08 |
published | 2009-03-10 |
references | |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/http/apache_mod_rewrite_ldap.rb |
title | Apache Module mod_rewrite LDAP Protocol Buffer Overflow |
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-133.NASL description Mark Dowd, of McAffee Avert Labs, discovered a potential remotely exploitable off-by-one flaw in Apache last seen 2020-06-01 modified 2020-06-02 plugin id 23883 published 2006-12-16 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23883 title Mandrake Linux Security Advisory : apache (MDKSA-2006:133) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2006:133. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(23883); script_version ("1.17"); script_cvs_date("Date: 2019/08/02 13:32:48"); script_cve_id("CVE-2006-3747"); script_xref(name:"MDKSA", value:"2006:133"); script_name(english:"Mandrake Linux Security Advisory : apache (MDKSA-2006:133)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Mark Dowd, of McAffee Avert Labs, discovered a potential remotely exploitable off-by-one flaw in Apache's mod_rewrite ldap scheme handling. In order for this to be exploitable, a number of conditions need to be met including a) running a vulnerable version of Apache (1.3.28+, 2.0.46+, or 2.2.0+), b) enabling mod_rewrite, c) having a rewrite rule that the remote user can influence the beginning of, and d) a particular stack frame layout. By default, RewriteEngine is not enabled in Mandriva Linux Apache packages, and no RewriteRules are defined. Updated packages have been patched to correct this issue." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Apache Module mod_rewrite LDAP Protocol Buffer Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_cache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_dav"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_deflate"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_disk_cache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_file_cache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_mem_cache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_proxy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_userdir"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-modules"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mpm-peruser"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mpm-prefork"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mpm-worker"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-source"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2006"); script_set_attribute(attribute:"patch_publication_date", value:"2006/07/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/12/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2006.0", reference:"apache-base-2.0.54-13.3.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"apache-devel-2.0.54-13.3.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"apache-mod_cache-2.0.54-13.3.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"apache-mod_dav-2.0.54-13.3.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"apache-mod_deflate-2.0.54-13.3.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"apache-mod_disk_cache-2.0.54-13.3.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"apache-mod_file_cache-2.0.54-13.3.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"apache-mod_ldap-2.0.54-13.3.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"apache-mod_mem_cache-2.0.54-13.3.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"apache-mod_proxy-2.0.54-13.3.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"apache-mod_userdir-2.0.54-13.3.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"apache-modules-2.0.54-13.3.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"apache-mpm-peruser-2.0.54-13.3.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"apache-mpm-prefork-2.0.54-13.3.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"apache-mpm-worker-2.0.54-13.3.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"apache-source-2.0.54-13.3.20060mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1132.NASL description Mark Dowd discovered a buffer overflow in the mod_rewrite component of apache, a versatile high-performance HTTP server. In some situations a remote attacker could exploit this to execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 22674 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22674 title Debian DSA-1132-1 : apache2 - buffer overflow NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_35436.NASL description s700_800 11.04 Virtualvault 4.7 OWS (Apache 2.x) update : The remote HP-UX host is affected by multiple vulnerabilities : - Potential security vulnerabilities have been identified with Apache running on HP-UX VirtualVault. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access. (HPSBUX02172 SSRT061269) - A security vulnerability has been identified in OpenSSL used in HP VirtualVault 4.7, 4.6, 4.5 and HP WebProxy that may allow remote unauthorized access. (HPSBUX02165 SSRT061266) last seen 2020-06-01 modified 2020-06-02 plugin id 23714 published 2006-11-22 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23714 title HP-UX PHSS_35436 : s700_800 11.04 Virtualvault 4.7 OWS (Apache 2.x) update NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_35458.NASL description s700_800 11.04 Virtualvault 4.5 IWS Update : The remote HP-UX host is affected by multiple vulnerabilities : - A security vulnerability has been identified in OpenSSL used in HP VirtualVault 4.7, 4.6, 4.5 and HP WebProxy that may allow remote unauthorized access. (HPSBUX02165 SSRT061266) - Two potential security vulnerabilities have been reported in HP-UX VirtualVault Apache HTTP server versions prior to Apache 1.3.37 that may allow a Denial of Service (DoS) attack and execution of arbitrary code. (HPSBUX02164 SSRT061265) last seen 2020-06-01 modified 2020-06-02 plugin id 23716 published 2006-11-22 reporter This script is Copyright (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23716 title HP-UX PHSS_35458 : s700_800 11.04 Virtualvault 4.5 IWS Update NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_35463.NASL description s700_800 11.04 Virtualvault 4.7 (Apache 1.x) OWS update : The remote HP-UX host is affected by multiple vulnerabilities : - Two potential security vulnerabilities have been reported in HP-UX VirtualVault Apache HTTP server versions prior to Apache 1.3.37 that may allow a Denial of Service (DoS) attack and execution of arbitrary code. (HPSBUX02164 SSRT061265) - A security vulnerability has been identified in OpenSSL used in HP VirtualVault 4.7, 4.6, 4.5 and HP WebProxy that may allow remote unauthorized access. (HPSBUX02165 SSRT061266) last seen 2020-06-01 modified 2020-06-02 plugin id 23721 published 2006-11-22 reporter This script is Copyright (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23721 title HP-UX PHSS_35463 : s700_800 11.04 Virtualvault 4.7 (Apache 1.x) OWS update NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_36385.NASL description s700_800 11.X PA-RISC OV NNM7.51 Intermediate Patch 16 : Potential vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM) running Apache. These vulnerabilities could be exploited remotely resulting in cross site scripting (XSS), Denial of Service (DoS), or execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 26154 published 2007-09-25 reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/26154 title HP-UX PHSS_36385 : HP OpenView Network Node Manager (OV NNM) Running Apache, Remote Cross Site Scripting (XSS), Denial of Service (DoS), Execute Arbitrary Code (HPSBMA02328 SSRT071293 rev.2) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-328-1.NASL description Mark Dowd discovered an off-by-one buffer overflow in the mod_rewrite module last seen 2020-06-01 modified 2020-06-02 plugin id 27907 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27907 title Ubuntu 5.04 / 5.10 / 6.06 LTS : apache2 vulnerability (USN-328-1) NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_35110.NASL description s700_800 11.04 Webproxy server 2.0 update : The remote HP-UX host is affected by multiple vulnerabilities : - Two potential security vulnerabilities have been reported in HP-UX VirtualVault Apache HTTP server versions prior to Apache 1.3.37 that may allow a Denial of Service (DoS) attack and execution of arbitrary code. (HPSBUX02164 SSRT061265) - A security vulnerability has been identified in OpenSSL used in HP VirtualVault 4.7, 4.6, 4.5 and HP WebProxy that may allow remote unauthorized access. (HPSBUX02165 SSRT061266) last seen 2020-06-01 modified 2020-06-02 plugin id 23712 published 2006-11-22 reporter This script is Copyright (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23712 title HP-UX PHSS_35110 : s700_800 11.04 Webproxy server 2.0 update NASL family SuSE Local Security Checks NASL id SUSE_SA_2006_043.NASL description The remote host is missing the patch for the advisory SUSE-SA:2006:043 (apache,apache2). The following security problem was fixed in the Apache and Apache 2 web servers: mod_rewrite: Fix an off-by-one security problem in the ldap scheme handling. For some RewriteRules this could lead to a pointer being written out of bounds. Depending on stack alignment this could be used to potentially execute code. The mod_rewrite module is not enabled per default in our packages. This problem is tracked by the Mitre CVE ID CVE-2006-3747. A more detailed description of this problem is available in: http://www.apache.org/dist/httpd/Announcement2.0.html For SUSE Linux 10.0, 10.1 and SUSE Linux Enterprise 10 additionally a old bug was fixed that we missed to forward port to the Apache 2.2 packages: mod_imap: Fixes a cross-site-scripting bug in the imagemap module. This issue is tracked by the Mitre CVE ID CVE-2005-3352. last seen 2019-10-28 modified 2007-02-18 plugin id 24423 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24423 title SUSE-SA:2006:043: apache,apache2 NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_35437.NASL description s700_800 11.04 Webproxy server 2.1 (Apache 2.x) update : The remote HP-UX host is affected by multiple vulnerabilities : - A security vulnerability has been identified in OpenSSL used in HP VirtualVault 4.7, 4.6, 4.5 and HP WebProxy that may allow remote unauthorized access. (HPSBUX02165 SSRT061266) - Potential security vulnerabilities have been identified with Apache running on HP-UX VirtualVault. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access. (HPSBUX02172 SSRT061269) last seen 2020-06-01 modified 2020-06-02 plugin id 23715 published 2006-11-22 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23715 title HP-UX PHSS_35437 : s700_800 11.04 Webproxy server 2.1 (Apache 2.x) update NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_35461.NASL description s700_800 11.04 Virtualvault 4.5 OWS update : The remote HP-UX host is affected by multiple vulnerabilities : - Two potential security vulnerabilities have been reported in HP-UX VirtualVault Apache HTTP server versions prior to Apache 1.3.37 that may allow a Denial of Service (DoS) attack and execution of arbitrary code. (HPSBUX02164 SSRT061265) - A security vulnerability has been identified in OpenSSL used in HP VirtualVault 4.7, 4.6, 4.5 and HP WebProxy that may allow remote unauthorized access. (HPSBUX02165 SSRT061266) last seen 2020-06-01 modified 2020-06-02 plugin id 23719 published 2006-11-22 reporter This script is Copyright (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23719 title HP-UX PHSS_35461 : s700_800 11.04 Virtualvault 4.5 OWS update NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_36773.NASL description s700_800 11.X OV NNM7.01 Intermediate Patch 11 : The remote HP-UX host is affected by multiple vulnerabilities : - A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). This vulnerability could by exploited remotely to allow cross site scripting (XSS). (HPSBMA02283 SSRT071319) - A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). This vulnerability could be exploited remotely by an unauthorized user to execute arbitrary code with the permissions of the NNM server. (HPSBMA02281 SSRT061261) - Potential vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). The vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to execute arbitrary code. References: CVE-2008-3536, CVE-2008-3537, CVE-2008-3544 (Bugtraq ID 28668). (HPSBMA02362 SSRT080044, SSRT080045, SSRT080042) - Potential vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM) running Apache. These vulnerabilities could be exploited remotely resulting in cross site scripting (XSS), Denial of Service (DoS), or execution of arbitrary code. (HPSBMA02328 SSRT071293) - A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM) running Shared Trace Service. The vulnerability could be remotely exploited to execute arbitrary code. (HPSBMA02242 SSRT061260) - A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). The vulnerability could be exploited remotely to execute arbitrary code or to create a Denial of Service (DoS). (HPSBMA02348 SSRT080033) last seen 2020-06-01 modified 2020-06-02 plugin id 26896 published 2007-10-03 reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/26896 title HP-UX PHSS_36773 : s700_800 11.X OV NNM7.01 Intermediate Patch 11 NASL family Web Servers NASL id APACHE_1_3_37.NASL description The remote host appears to be running a version of Apache which is older than 1.3.37. This version contains an off-by-one buffer overflow in the mod_rewrite module. last seen 2020-06-01 modified 2020-06-02 plugin id 31654 published 2008-03-26 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31654 title Apache < 1.3.37 mod_rewrite LDAP Protocol URL Handling Overflow NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2006-209-01.NASL description New Apache packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix a security issue with mod_rewrite. last seen 2020-06-01 modified 2020-06-02 plugin id 22152 published 2006-08-04 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22152 title Slackware 10.0 / 10.1 / 10.2 / 8.1 / 9.0 / 9.1 / current : Apache httpd (SSA:2006-209-01) NASL family MacOS X Local Security Checks NASL id MACOSX_10_5_3.NASL description The remote host is running a version of Mac OS X 10.5.x that is prior to 10.5.3. Mac OS X 10.5.3 contains security fixes for a number of programs. last seen 2020-06-01 modified 2020-06-02 plugin id 32477 published 2008-05-29 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/32477 title Mac OS X 10.5.x < 10.5.3 Multiple Vulnerabilities NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2008-002.NASL description The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-002 applied. This update contains several security fixes for a number of programs. last seen 2020-06-01 modified 2020-06-02 plugin id 31605 published 2008-03-19 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31605 title Mac OS X Multiple Vulnerabilities (Security Update 2008-002) NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_36386.NASL description s700_800 11.X IA-64 OV NNM7.51 Intermediate Patch 16 : Potential vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM) running Apache. These vulnerabilities could be exploited remotely resulting in cross site scripting (XSS), Denial of Service (DoS), or execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 26155 published 2007-09-25 reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/26155 title HP-UX PHSS_36386 : HP OpenView Network Node Manager (OV NNM) Running Apache, Remote Cross Site Scripting (XSS), Denial of Service (DoS), Execute Arbitrary Code (HPSBMA02328 SSRT071293 rev.2) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200608-01.NASL description The remote host is affected by the vulnerability described in GLSA-200608-01 (Apache: Off-by-one flaw in mod_rewrite) An off-by-one flaw has been found in Apache last seen 2020-06-01 modified 2020-06-02 plugin id 22143 published 2006-08-04 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22143 title GLSA-200608-01 : Apache: Off-by-one flaw in mod_rewrite NASL family Web Servers NASL id APACHE_2_2_3.NASL description The remote host appears to be running a version of Apache which is older than 2.2.3. This version is vulnerable to an off-by-one buffer overflow attack in the mod_rewrite module. last seen 2020-06-01 modified 2020-06-02 plugin id 31659 published 2008-03-26 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31659 title Apache < 2.2.3 mod_rewrite LDAP Protocol URL Handling Overflow NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_35462.NASL description s700_800 11.04 Virtualvault 4.6 OWS update : The remote HP-UX host is affected by multiple vulnerabilities : - Two potential security vulnerabilities have been reported in HP-UX VirtualVault Apache HTTP server versions prior to Apache 1.3.37 that may allow a Denial of Service (DoS) attack and execution of arbitrary code. (HPSBUX02164 SSRT061265) - A security vulnerability has been identified in OpenSSL used in HP VirtualVault 4.7, 4.6, 4.5 and HP WebProxy that may allow remote unauthorized access. (HPSBUX02165 SSRT061266) last seen 2020-06-01 modified 2020-06-02 plugin id 23720 published 2006-11-22 reporter This script is Copyright (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23720 title HP-UX PHSS_35462 : s700_800 11.04 Virtualvault 4.6 OWS update NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2008-003.NASL description The remote host is running a version of Mac OS X 10.4 that does not have the security update 2008-003 applied. This update contains security fixes for a number of programs. last seen 2020-06-01 modified 2020-06-02 plugin id 32478 published 2008-05-29 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/32478 title Mac OS X Multiple Vulnerabilities (Security Update 2008-003) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_DC8C08C71E7C11DB88CF000C6EC775D9.NASL description The Apache Software Foundation and The Apache HTTP Server Project reports : An off-by-one flaw exists in the Rewrite module, mod_rewrite, as shipped with Apache 1.3 since 1.3.28, 2.0 since 2.0.46, and 2.2 since 2.2.0. Depending on the manner in which Apache HTTP Server was compiled, this software defect may result in a vulnerability which, in combination with certain types of Rewrite rules in the web server configuration files, could be triggered remotely. For vulnerable builds, the nature of the vulnerability can be denial of service (crashing of web server processes) or potentially allow arbitrary code execution. This issue has been rated as having important security impact by the Apache HTTP Server Security Team. This flaw does not affect a default installation of Apache HTTP Server. Users who do not use, or have not enabled, the Rewrite module mod_rewrite are not affected by this issue. This issue only affects installations using a Rewrite rule with the following characteristics : - The RewriteRule allows the attacker to control the initial part of the rewritten URL (for example if the substitution URL starts with $1) - The RewriteRule flags do NOT include any of the following flags: Forbidden (F), Gone (G), or NoEscape (NE). Please note that ability to exploit this issue is dependent on the stack layout for a particular compiled version of mod_rewrite. If the compiler used to compile Apache HTTP Server has added padding to the stack immediately after the buffer being overwritten, it will not be possible to exploit this issue, and Apache HTTP Server will continue operating normally. The Apache HTTP Server project thanks Mark Dowd of McAfee Avert Labs for the responsible reporting of this vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 22118 published 2006-07-29 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22118 title FreeBSD : apache -- mod_rewrite buffer overflow vulnerability (dc8c08c7-1e7c-11db-88cf-000c6ec775d9) NASL family SuSE Local Security Checks NASL id SUSE_APACHE2-1906.NASL description This update fixes security problems in the Apache2 webserver : mod_rewrite: Fixed an off-by-one security problem in the ldap scheme handling. For some RewriteRules this could lead to a pointer being written out of bounds. (CVE-2006-3747) For SUSE Linux Enterprise Server 10 additionally an old security problem was fixed: mod_imap: Fixes a cross-site scripting bug in the imagemap module. (CVE-2005-3352) last seen 2020-06-01 modified 2020-06-02 plugin id 29372 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29372 title SuSE 10 Security Update : Apache2 (ZYPP Patch Number 1906) NASL family Web Servers NASL id APACHE_2_0_59.NASL description The remote host appears to be running a version of Apache that is older than 2.0.59. This version contains an off-by-one buffer overflow in the mod_rewrite module. last seen 2020-06-01 modified 2020-06-02 plugin id 31655 published 2008-03-26 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31655 title Apache < 2.0.59 mod_rewrite LDAP Protocol URL Handling Overflow NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1131.NASL description Mark Dowd discovered a buffer overflow in the mod_rewrite component of apache, a versatile high-performance HTTP server. In some situations a remote attacker could exploit this to execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 22673 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22673 title Debian DSA-1131-1 : apache - buffer overflow NASL family Fedora Local Security Checks NASL id FEDORA_2006-862.NASL description This update fixes a security issue in the mod_rewrite module. Mark Dowd of McAfee Avert Labs reported an off-by-one security problem in the LDAP scheme handling of the mod_rewrite module. Where RewriteEngine was enabled, and for certain RewriteRules, this could lead to a pointer being written out of bounds. (CVE-2006-3747) The ability to exploit this issue is dependent on the stack layout for a particular compiled version of mod_rewrite. The Fedora project has analyzed Fedora Core 4 and 5 binaries and determined that these distributions are vulnerable to this issue. However this flaw does not affect a default installation of Fedora Core; users who do not use, or have not enabled, the Rewrite module are not affected by this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24161 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24161 title Fedora Core 4 : httpd-2.0.54-10.4 (2006-862) NASL family Fedora Local Security Checks NASL id FEDORA_2006-863.NASL description This update fixes a security issue in the mod_rewrite module. Mark Dowd of McAfee Avert Labs reported an off-by-one security problem in the LDAP scheme handling of the mod_rewrite module. Where RewriteEngine was enabled, and for certain RewriteRules, this could lead to a pointer being written out of bounds. (CVE-2006-3747) The ability to exploit this issue is dependent on the stack layout for a particular compiled version of mod_rewrite. The Fedora project has analyzed Fedora Core 4 and 5 binaries and determined that these distributions are vulnerable to this issue. However this flaw does not affect a default installation of Fedora Core; users who do not use, or have not enabled, the Rewrite module are not affected by this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24162 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24162 title Fedora Core 5 : httpd-2.2.2-1.2 (2006-863) NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_35460.NASL description s700_800 11.04 Virtualvault 4.7 IWS update : The remote HP-UX host is affected by multiple vulnerabilities : - Two potential security vulnerabilities have been reported in HP-UX VirtualVault Apache HTTP server versions prior to Apache 1.3.37 that may allow a Denial of Service (DoS) attack and execution of arbitrary code. (HPSBUX02164 SSRT061265) - A security vulnerability has been identified in OpenSSL used in HP VirtualVault 4.7, 4.6, 4.5 and HP WebProxy that may allow remote unauthorized access. (HPSBUX02165 SSRT061266) last seen 2020-06-01 modified 2020-06-02 plugin id 23718 published 2006-11-22 reporter This script is Copyright (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23718 title HP-UX PHSS_35460 : s700_800 11.04 Virtualvault 4.7 IWS update NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_35459.NASL description s700_800 11.04 Virtualvault 4.6 IWS update : The remote HP-UX host is affected by multiple vulnerabilities : - Two potential security vulnerabilities have been reported in HP-UX VirtualVault Apache HTTP server versions prior to Apache 1.3.37 that may allow a Denial of Service (DoS) attack and execution of arbitrary code. (HPSBUX02164 SSRT061265) - A security vulnerability has been identified in OpenSSL used in HP VirtualVault 4.7, 4.6, 4.5 and HP WebProxy that may allow remote unauthorized access. (HPSBUX02165 SSRT061266) last seen 2020-06-01 modified 2020-06-02 plugin id 23717 published 2006-11-22 reporter This script is Copyright (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23717 title HP-UX PHSS_35459 : s700_800 11.04 Virtualvault 4.6 IWS update NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_37141.NASL description s700_800 11.X OV NNM6.4x/ET2.0x Intermediate Patch 17 : The remote HP-UX host is affected by multiple vulnerabilities : - Potential vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM) running Apache. These vulnerabilities could be exploited remotely resulting in cross site scripting (XSS), Denial of Service (DoS), or execution of arbitrary code. (HPSBMA02328 SSRT071293) - A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). This vulnerability could be exploited remotely by an unauthorized user to execute arbitrary code with the permissions of the NNM server. (HPSBMA02281 SSRT061261) - A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM) running Shared Trace Service. The vulnerability could be remotely exploited to execute arbitrary code. (HPSBMA02242 SSRT061260) - A potential security vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). The vulnerability could be exploited remotely to create a Denial of Service (DoS). (HPSBMA02307 SSRT071420) - A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). This vulnerability could by exploited remotely to allow cross site scripting (XSS). (HPSBMA02283 SSRT071319) last seen 2020-06-01 modified 2020-06-02 plugin id 29200 published 2007-12-04 reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29200 title HP-UX PHSS_37141 : s700_800 11.X OV NNM6.4x/ET2.0x Intermediate Patch 17 NASL family SuSE Local Security Checks NASL id SUSE_APACHE2-1905.NASL description This update fixes the following security problem in the Apache webserver : mod_rewrite: Fix an off-by-one security problem in the ldap scheme handling. For some RewriteRules this could lead to a pointer being written out of bounds. (CVE-2006-3747) last seen 2020-06-01 modified 2020-06-02 plugin id 27145 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27145 title openSUSE 10 Security Update : apache2 (apache2-1905) NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_35111.NASL description s700_800 11.04 Webproxy 2.1 (Apache 1.x) update : The remote HP-UX host is affected by multiple vulnerabilities : - A security vulnerability has been identified in OpenSSL used in HP VirtualVault 4.7, 4.6, 4.5 and HP WebProxy that may allow remote unauthorized access. (HPSBUX02165 SSRT061266) - Two potential security vulnerabilities have been reported in HP-UX VirtualVault Apache HTTP server versions prior to Apache 1.3.37 that may allow a Denial of Service (DoS) attack and execution of arbitrary code. (HPSBUX02164 SSRT061265) last seen 2020-06-01 modified 2020-06-02 plugin id 23713 published 2006-11-22 reporter This script is Copyright (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23713 title HP-UX PHSS_35111 : s700_800 11.04 Webproxy 2.1 (Apache 1.x) update
Packetstorm
data source https://packetstormsecurity.com/files/download/62377/apache-mod-rewrite.rb.txt id PACKETSTORM:62377 last seen 2016-12-05 published 2008-01-07 reporter Marcin Kozlowski source https://packetstormsecurity.com/files/62377/apache-mod-rewrite.rb.txt.html title apache-mod-rewrite.rb.txt data source https://packetstormsecurity.com/files/download/49400/modrewritepoc.txt id PACKETSTORM:49400 last seen 2016-12-05 published 2006-08-27 reporter Jacobo Avariento Gimeno source https://packetstormsecurity.com/files/49400/modrewritepoc.txt.html title modrewritepoc.txt data source https://packetstormsecurity.com/files/download/83108/apache_mod_rewrite_ldap.rb.txt id PACKETSTORM:83108 last seen 2016-12-05 published 2009-11-26 reporter patrick source https://packetstormsecurity.com/files/83108/Apache-module-mod_rewrite-LDAP-protocol-Buffer-Overflow.html title Apache module mod_rewrite LDAP protocol Buffer Overflow data source https://packetstormsecurity.com/files/download/55727/modrewrite-offbyone.txt id PACKETSTORM:55727 last seen 2016-12-05 published 2007-04-07 reporter axis source https://packetstormsecurity.com/files/55727/modrewrite-offbyone.txt.html title modrewrite-offbyone.txt data source https://packetstormsecurity.com/files/download/56989/apache2058-rewrite.txt id PACKETSTORM:56989 last seen 2016-12-05 published 2007-05-31 reporter fabio/b0x source https://packetstormsecurity.com/files/56989/apache2058-rewrite.txt.html title apache2058-rewrite.txt
Saint
bid | 19204 |
description | Apache mod_rewrite LDAP URL buffer overflow |
id | web_server_apache_version |
osvdb | 27588 |
title | apache_rewrite_ldap |
type | remote |
Seebug
bulletinFamily exploit description No description provided by source. id SSV:6610 last seen 2017-11-19 modified 2007-04-10 published 2007-04-10 reporter Root source https://www.seebug.org/vuldb/ssvid-6610 title Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32) bulletinFamily exploit description No description provided by source. id SSV:16391 last seen 2017-11-19 modified 2006-08-21 published 2006-08-21 reporter Root source https://www.seebug.org/vuldb/ssvid-16391 title Apache < 1.3.37 2.0.59 2.2.3 (mod_rewrite) Remote Overflow PoC bulletinFamily exploit description Apache是一款开放源代码WEB服务程序。 Apache的mod_rewrite模块在转义绝对URI主题时存在单字节缓冲区溢出漏洞,攻击者可能利用此漏洞在服务器上执行任意指令。 mod_rewrite模块的escape_absolute_uri()函数分离LDAP URL中的令牌时,会导致在字符指针数组以外写入指向用户控制数据的指针,这样就可能完全控制受影响的主机。 Apache Group Apache 2.2.x >= 2.2.0 Apache Group Apache 2.0.x >= 2.0.46 Apache Group Apache 1.3.x >= 1.3.28 临时解决方法: * 禁用Apache的mod_rewrite模块。 厂商补丁: Apache Group ------------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href="http://httpd.apache.org/download.cgi" target="_blank">http://httpd.apache.org/download.cgi</a> Debian ------ Debian已经为此发布了安全公告(DSA-1132-1, DSA-1131-1)以及相应补丁: DSA-1132-1:New apache2 packages fix buffer overflow 链接:<a href="http://www.debian.org/security/2005/dsa-1132" target="_blank">http://www.debian.org/security/2005/dsa-1132</a> DSA-1131-1:New apache package fix buffer overflow 链接:<a href="http://www.debian.org/security/2005/dsa-1131" target="_blank">http://www.debian.org/security/2005/dsa-1131</a> Gentoo ------ Gentoo已经为此发布了一个安全公告(GLSA-200608-01)以及相应补丁: GLSA-200608-01:Apache: Off-by-one flaw in mod_rewrite 链接:<a href="http://security.gentoo.org/glsa/glsa-200608-01.xml" target="_blank">http://security.gentoo.org/glsa/glsa-200608-01.xml</a> 所有Apache用户都应升级到最新版本: # emerge --sync # emerge --ask --oneshot --verbose net-www/apache id SSV:429 last seen 2017-11-19 modified 2006-11-05 published 2006-11-05 reporter Root source https://www.seebug.org/vuldb/ssvid-429 title Apache mod_rewrite模块单字节缓冲区溢出漏洞 bulletinFamily exploit description No description provided by source. id SSV:63874 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-63874 title Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
Statements
contributor Mark J Cox lastmodified 2008-07-02 organization Apache statement Fixed in Apache HTTP Server 2.2.3, 2.0.59, and 1.3.37: http://httpd.apache.org/security/vulnerabilities_22.html http://httpd.apache.org/security/vulnerabilities_20.html http://httpd.apache.org/security/vulnerabilities_13.html contributor Mark J Cox lastmodified 2006-07-31 organization Red Hat statement The ability to exploit this issue is dependent on the stack layout for a particular compiled version of mod_rewrite. If the compiler has added padding to the stack immediately after the buffer being overwritten, this issue can not be exploited, and Apache httpd will continue operating normally. The Red Hat Security Response Team analyzed Red Hat Enterprise Linux 3 and Red Hat Enterprise Linux 4 binaries for all architectures as shipped by Red Hat and determined that these versions cannot be exploited. This issue does not affect the version of Apache httpd as supplied with Red Hat Enterprise Linux 2.1
References
- http://www.apache.org/dist/httpd/Announcement2.0.html
- http://svn.apache.org/viewvc?view=rev&revision=426144
- http://www.kb.cert.org/vuls/id/395412
- http://www.ubuntu.com/usn/usn-328-1
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048267.html
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048271.html
- http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.015-apache.html
- http://www.novell.com/linux/security/advisories/2006_43_apache.html
- http://www.securityfocus.com/bid/19204
- http://securitytracker.com/id?1016601
- http://secunia.com/advisories/21197
- http://secunia.com/advisories/21241
- http://kbase.redhat.com/faq/FAQ_68_8653.shtm
- http://www.debian.org/security/2006/dsa-1131
- http://www.debian.org/security/2006/dsa-1132
- http://security.gentoo.org/glsa/glsa-200608-01.xml
- http://secunia.com/advisories/21245
- http://secunia.com/advisories/21266
- http://secunia.com/advisories/21273
- http://secunia.com/advisories/21284
- http://secunia.com/advisories/21313
- https://issues.rpath.com/browse/RPL-538
- http://www-1.ibm.com/support/docview.wss?uid=swg24013080
- http://www-1.ibm.com/support/docview.wss?uid=swg1PK29154
- http://www-1.ibm.com/support/docview.wss?uid=swg1PK29156
- http://www.osvdb.org/27588
- http://secunia.com/advisories/21307
- http://secunia.com/advisories/21315
- http://secunia.com/advisories/21247
- http://secunia.com/advisories/21478
- http://secunia.com/advisories/21509
- http://secunia.com/advisories/22262
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102662-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102663-1
- http://secunia.com/advisories/22368
- http://secunia.com/advisories/22388
- http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117
- http://secunia.com/advisories/22523
- http://www-1.ibm.com/support/docview.wss?uid=swg27007951
- http://secunia.com/advisories/23028
- http://secunia.com/advisories/23260
- http://lwn.net/Alerts/194228/
- http://secunia.com/advisories/21346
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:133
- http://secunia.com/advisories/26329
- http://securityreason.com/securityalert/1312
- http://docs.info.apple.com/article.html?artnum=307562
- http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
- http://secunia.com/advisories/29420
- http://secunia.com/advisories/29849
- http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
- http://www.us-cert.gov/cas/techalerts/TA08-150A.html
- http://secunia.com/advisories/30430
- http://www.vupen.com/english/advisories/2008/1697
- http://www.vupen.com/english/advisories/2006/3995
- http://www.vupen.com/english/advisories/2006/4300
- http://www.vupen.com/english/advisories/2006/3017
- http://www.vupen.com/english/advisories/2006/3264
- http://www.vupen.com/english/advisories/2008/0924/references
- http://www.vupen.com/english/advisories/2006/4207
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01428449
- http://www.vupen.com/english/advisories/2007/2783
- http://www.vupen.com/english/advisories/2006/3282
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771
- http://www.vupen.com/english/advisories/2006/4015
- http://www.vupen.com/english/advisories/2006/4868
- http://www.vupen.com/english/advisories/2008/1246/references
- http://www.vupen.com/english/advisories/2006/3884
- http://marc.info/?l=bugtraq&m=130497311408250&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28063
- http://www.securityfocus.com/archive/1/450321/100/0/threaded
- http://www.securityfocus.com/archive/1/445206/100/0/threaded
- http://www.securityfocus.com/archive/1/443870/100/0/threaded
- http://www.securityfocus.com/archive/1/441526/100/200/threaded
- http://www.securityfocus.com/archive/1/441487/100/0/threaded
- http://www.securityfocus.com/archive/1/441485/100/0/threaded
- https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E