Apache HTTP Server mod_rewrite Vulnerability
Description
A vulnerability exists in Apache that may allow for code execution or a denial of service.
Observation
Apache is a popular, open source web server application. A vulnerability is present in Apache that may allow remote code execution or a denial of service attack. The flaws reside in the mod_rewrite module through 1) allowing control of a portion of a rewritten URL and 2) no flag control is available such as Forbidden, Gone or NoEscape. The default installation of Apache is not vulnerable as it does not include use of this rewrite module.
Recommendation
The vendor has made updates available for remediation here: http://httpd.apache.org/ Sun Microsystems has released patches for affected Solaris 8, 9, and 10 systems. Please refer to the vendor's advisories for more information: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102662-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102663-1
CVE
CVE-2006-3747
SANS/FBI top 20
No
IAVA
No
Posts
No comments:
Post a Comment