CVE-2011-3607 in HTTP Serverinformación

Resumen (Inglés)

Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservar

2011-09-21

Divulgación

2011-11-08

Estado

Confirmado

Voces

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerabilidad	CWE	Exp	Con	CVE
68671	Oracle HTTP Server Web Listener util.c ap_pregsub Local Privilege Escalation	189	Prueba de concepto	Arreglo oficial	CVE-2011-3607
59389	Apache HTTP Server mod_setenvif ap_pregsub Local Privilege Escalation	189	Prueba de concepto	Arreglo oficial	CVE-2011-3607

Descripción

CPE

CWE

CVSS

Hazañas

Historia

Diferencia

Relacionar

Inteligencia de amenazas

API JSON

API XML

API CSV

Fuentes

◂ AnteriorVisión De ConjuntoPróximo ▸

Do you know our Splunk app?

Download it now for free!