PT-2011-4546 · Apache+4 · Apache Http Server+4

Halfdog

Publicado

2011-11-02

Atualizado

2024-06-15

CVE-2011-3607

CVSS v2.0

4.4

Média

Vetor

AV:L/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.0.x through 2.0.64 Apache HTTP Server versions 2.2.x through 2.2.21

Description The issue is related to an integer overflow in the ap pregsub function, which can be exploited when the mod setenvif module is enabled. This allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.

Recommendations For Apache HTTP Server versions 2.0.x through 2.0.64, update to a version where this issue is fixed. For Apache HTTP Server versions 2.2.x through 2.2.21, update to a version where this issue is fixed. As a temporary workaround, consider disabling the mod setenvif module until a patch is available.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-189

Identificadores relacionados

CESA-2012_0128

CVE-2011-3607

DSA-2405-1

HPSBUX02761

OPENSUSE-SU-2024:10268-1

RHSA-2012:0128

RHSA-2012:0323

RHSA-2012:0542

RHSA-2012_0128

RHSA-2012_0323

Produtos afetados

Apache Http Server

Centos

Hp-Ux

Red Hat

Suse

PT-2011-4546 · Apache+4 · Apache Http Server+4

CVE-2011-3607

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 150