CVE-2011-3607

Apache HTTP Server <2.0.64, 2.2.x - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-3607.

AI-analyzed exploit summary This is a detailed technical analysis of CVE-2011-3607, an integer overflow vulnerability in Apache HTTP Server's mod_setenvif module. It explains the root cause, impact, and exploitation techniques, including ROP-based attacks and memory corruption via crafted .htaccess files.

Description

Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.

Exploits (1)

exploitdb WRITEUP
doslinux
https://www.exploit-db.com/exploits/41769

This is a detailed technical analysis of CVE-2011-3607, an integer overflow vulnerability in Apache HTTP Server's mod_setenvif module. It explains the root cause, impact, and exploitation techniques, including ROP-based attacks and memory corruption via crafted .htaccess files.

Classification
Writeup 100%
Attack Type
Rce | Dos
Complexity
Complex
Reliability
Racy
Target: Apache HTTP Server 2.0.x to 2.0.64, 2.2.x to 2.2.21
No auth needed
Prerequisites: mod_setenvif enabled · ability to upload crafted .htaccess file
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (48)

Core 48
Core References
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=750935
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=133294460209056&w=2
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/45793
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1026267
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT5501
Third Party Advisory mailing-list x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2011-11/0023.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/76744
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=133494237717847&w=2
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/71093
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2012:003
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=134987041210674&w=2
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-0543.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-0128.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/50494
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-0542.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/48551
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2012/dsa-2405

Scores

EPSS 0.0489
EPSS Percentile 90.9%

Details

CWE
CWE-189
Status published
Products (48)
apache/http_server 2.0
apache/http_server 2.0.9
apache/http_server 2.0.28 (2 CPE variants)
apache/http_server 2.0.32 (2 CPE variants)
apache/http_server 2.0.34 beta
apache/http_server 2.0.35
apache/http_server 2.0.36
apache/http_server 2.0.37
apache/http_server 2.0.38
apache/http_server 2.0.39
... and 38 more
Published Nov 08, 2011
Tracked Since Feb 18, 2026