Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3607

Overview

Vulnerability Score 4.4 4.4
CVE Id CVE-2011-3607
Last Modified 14 Apr 2015 09:59:25
Published 08 Nov 2011 06:55:05
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2011-3607

Summary

Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.

Vulnerable Systems

Application

  • Apache Http Server 2.0

  • Apache Http Server 2.0.28

  • Apache Http Server 2.0.32

  • Apache Http Server 2.0.34

  • Apache Http Server 2.0.35

  • Apache Http Server 2.0.36

  • Apache Http Server 2.0.37

  • Apache Http Server 2.0.38

  • Apache Http Server 2.0.39

  • Apache Http Server 2.0.40

  • Apache Http Server 2.0.41

  • Apache Http Server 2.0.42

  • Apache Http Server 2.0.43

  • Apache Http Server 2.0.44

  • Apache Http Server 2.0.45

  • Apache Http Server 2.0.46

  • Apache Http Server 2.0.47

  • Apache Http Server 2.0.48

  • Apache Http Server 2.0.49

  • Apache Http Server 2.0.50

  • Apache Http Server 2.0.51

  • Apache Http Server 2.0.52

  • Apache Http Server 2.0.53

  • Apache Http Server 2.0.54

  • Apache Http Server 2.0.55

  • Apache Http Server 2.0.56

  • Apache Http Server 2.0.57

  • Apache Http Server 2.0.58

  • Apache Http Server 2.0.59

  • Apache Http Server 2.0.60

  • Apache Http Server 2.0.61

  • Apache Http Server 2.0.63

  • Apache Http Server 2.0.64

  • Apache Http Server 2.0.9

  • Apache Http Server 2.2.0

  • Apache Http Server 2.2.1

  • Apache Http Server 2.2.10

  • Apache Http Server 2.2.11

  • Apache Http Server 2.2.12

  • Apache Http Server 2.2.13

  • Apache Http Server 2.2.14

  • Apache Http Server 2.2.15

  • Apache Http Server 2.2.16

  • Apache Http Server 2.2.18

  • Apache Http Server 2.2.19

  • Apache Http Server 2.2.2

  • Apache Http Server 2.2.20

  • Apache Http Server 2.2.21

  • Apache Http Server 2.2.3

  • Apache Http Server 2.2.4

  • Apache Http Server 2.2.6

  • Apache Http Server 2.2.8

  • Apache Http Server 2.2.9


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=750935

CONFIRM - https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/811422

XF - apache-http-appregsub-bo(71093)

BID - 50494

OSVDB - 76744

MISC - http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/DemoExploit.html

MISC - http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/

SECTRACK - 1026267

SECUNIA - 45793

FULLDISC - 20111102 Integer Overflow in Apache ap_pregsub via mod-setenvif

MANDRIVA - MDVSA-2012:003

REDHAT - RHSA-2012:0128

HP - HPSBMU02786

HP - SSRT100877

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html

SECUNIA - 48551

CONFIRM - http://support.apple.com/kb/HT5501

APPLE - APPLE-SA-2012-09-19-2

HP - HPSBOV02822

HP - SSRT100966

MANDRIVA - MDVSA-2013:150

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

BUGTRAQ - 20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE

MISC - http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html

Related Patches

Apple 2012-09-19 Mac OS X Server 10.7.5 Update

Apple 2012-09-19 Mac OS X 10.7.5 Update

Apple 2012-09-19 Mac OS X Server 10.7.5 Combo Update

Apple 2012-09-19 Mac OS X 10.7.5 Combo Update

Apple 2012-09-19 Security Update 2012-004 Server (Snow Leopard)

Apple 2012-09-19 Security Update 2012-004 (Snow Leopard)

Red Hat 2012:0323-01 RHSA Moderate: httpd security update for RHEL 5 x86

Red Hat 2012:0323-01 RHSA Moderate: httpd security update for RHEL 5 x86_64

Novell SUSE 2011:5482 apache2 security update for SLES 11 SP1 i586

Novell SUSE 2011:5482 apache2 security update for SLES 11 SP1 x86_64

Novell SUSE 2011:7882 apache2 security update for SLES 10 SP4 i586

Novell SUSE 2011:7882 apache2 security update for SLES 10 SP4 x86_64


Last Updated: 27 May 2016 10:57:22