CVE-2006-4154
Apache HTTP Server mod_tcl 1.0 - Remote Code Execution via Format String Specifiers
Title source: llmDescription
Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
References (10)
Core 10
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/20527
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1017062
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22549
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/29536
Patch, Vendor Advisory third-party-advisory
x_refsource_idefense
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=421
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4033
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200610-12.xml
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22458
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/29550
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/366020
Scores
EPSS
0.1597
EPSS Percentile
96.5%
Details
Status
published
Products (40)
apache/http_server
2.0
apache/http_server
2.0.9
apache/http_server
2.0.28 (3 CPE variants)
apache/http_server
2.0.32 (2 CPE variants)
apache/http_server
2.0.34 beta
apache/http_server
2.0.35
apache/http_server
2.0.36
apache/http_server
2.0.37
apache/http_server
2.0.38
apache/http_server
2.0.39
... and 30 more
Published
Oct 16, 2006
Tracked Since
Feb 18, 2026