First published: Fri Jul 28 2006(Updated: )
Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apache HTTP server | >=2.2.0<2.2.3 | |
Apache HTTP server | >=1.3.28<1.3.37 | |
Apache HTTP server | >=2.0.46<2.0.59 | |
Canonical Ubuntu Linux | =5.04 | |
Canonical Ubuntu Linux | =5.10 | |
Canonical Ubuntu Linux | =6.06 | |
Debian Debian Linux | =3.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.