CVE-2006-3747

Name of the Vulnerable Software and Affected Versions Apache versions 1.3.28 through 2.0.46 and versions prior to 2.0.59 Apache version 2.2

Description The issue is related to an off-by-one error in the ldap scheme handling in the Rewrite module (mod rewrite) of Apache. This error can be exploited remotely, potentially leading to a denial of service (application crash) and possibly allowing arbitrary code execution via crafted URLs that are not properly handled using certain rewrite rules.

Recommendations For Apache versions 1.3.28 through 2.0.46, update to a version after 2.0.59 to resolve the issue. For Apache version 2.2, consider disabling the RewriteEngine or restricting the use of certain rewrite rules until a patch is available. As a temporary workaround, consider disabling the mod rewrite module until a patch is available. Restrict access to the vulnerable Rewrite module to minimize the risk of exploitation. Avoid using crafted URLs that could trigger the off-by-one error in the ldap scheme handling until the issue is resolved.