Title : Apache "mod_rewrite" LDAP URI Handling Remote Off-By-One Buffer Overflow Vulnerability VUPEN ID : VUPEN/ADV-2006-3017 CVE ID : CVE-2006-3747
Rated as : High Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2006-07-28
Technical Description
A vulnerability has been identified in Apache, which could be exploited by remote attackers to compromise a vulnerable server or cause a denial of service. This flaw is due to an off-by-one buffer overflow error in the "escape_absolute_uri()" function when processing a specially crafted LDAP URI, which could be exploited by remote attackers to execute arbitrary commands on a web server configured with certain Rewrite rules (the attacker must be able to control the initial part of the rewritten URL, and the rule must not contain a forbidden [F], gone [G], or NoEscape [NE] flag).
