CVE-2011-3607

Apache HTTP Server <2.0.64, 2.2.x - Privilege Escalation

Title source: llm

Description

Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.

Exploits (1)

exploitdb WRITEUP

doslinux

https://www.exploit-db.com/exploits/41769

View Code ZIP pw:eip

References (48)

[Mailing List] http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2012-0128.html

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2012-0542.html

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2012-0543.html

[Third Party Advisory] http://archives.neohapsis.com/archives/fulldisclosure/2011-11/0023.html

[Vendor Advisory] http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041

[Mailing List] http://marc.info/?l=bugtraq&m=133294460209056&w=2

[Mailing List] http://marc.info/?l=bugtraq&m=133494237717847&w=2

[Vendor Advisory] http://secunia.com/advisories/45793

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1026267

[Vendor Advisory] http://support.apple.com/kb/HT5501

[Various Sources] http://www.fujitsu.com/global/support/software/security/products-f/interstage-201303e.html

[Exploit] http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/

[Exploit] http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/DemoExploit.html

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDVSA-2012:003

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

[Third Party Advisory, VDB Entry] http://www.osvdb.org/76744

[Exploit] https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/811422

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=750935

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/71093

... and 28 more

Scores

EPSS 0.0024

EPSS Percentile 47.4%

Details

CWE

CWE-189

Status published

Products (48)

apache/http_server 2.0

apache/http_server 2.0.9

apache/http_server 2.0.28 (2 CPE variants)

apache/http_server 2.0.32 (2 CPE variants)

apache/http_server 2.0.34 beta

apache/http_server 2.0.35

apache/http_server 2.0.36

apache/http_server 2.0.37

apache/http_server 2.0.38

apache/http_server 2.0.39

... and 38 more

Published Nov 08, 2011

Tracked Since Feb 18, 2026