CVE-2006-3747

Exp

Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.

Published: 2006-07-28 Last update: 2026-06-16 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2006-3747 is rated High Exploit Risk (85.4/100): CVSS High severity, with high exploitation likelihood (EPSS 95.65%, 100th percentile). 4 public exploit reference(s) are indexed (Exploit-DB). EPSS rose +5.62% over the last day, indicating growing attacker interest. Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2006-3747

EDB-ID Source Kind Published Link
16752 exploit_db edb 2010-02-15 Exploit-DB ↗
3996 exploit_db edb 2007-05-26 Exploit-DB ↗
3680 exploit_db edb 2007-04-07 Exploit-DB ↗
2237 exploit_db edb 2006-08-21 Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2006-3747

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 90.02% 95.65% +5.62%
2 2026-04-25 92.61% 90.02% -2.58%
3 2026-03-13 92.61%

Full EPSS history (47 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2006-3747

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
7.6 2.0 HIGH
AV:N/AC:H/Au:N/C:C/I:C/A:C Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:H)
Exploitation requires uncommon or highly specific conditions.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:C)
Complete confidentiality impact.
Integrity impact (I:C)
Complete integrity impact.
Availability impact (A:C)
Complete availability impact.
 4.9 10.0 [email protected]

Weakness enumeration for CVE-2006-3747

OS Trackers for CVE-2006-3747

vendor priority summary link
debian medium CVE-2006-3747 medium priority: Debian including 1 source packages (apache2), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. https://security-tracker.debian.org/tracker/CVE-2006-3747
gentoo high CVE-2006-3747: 1 GLSA(s) (200608-01), 1 atom(s) (www-servers/apache); latest impact high. https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2006-3747
redhat https://access.redhat.com/security/cve/CVE-2006-3747
suse high CVE-2006-3747 severity important: SUSE including 33 source package names (apache2-2.2.10-2.24.5, apache2-2.2.12-1.28.1, …), 39 product×package rows across 7 product lines (SUSE Linux Enterprise Server 11 SP1, SUSE Linux Enterprise Server 11 SP2, … (7 product lines)): Fixed 39. https://www.suse.com/security/cve/CVE-2006-3747/
ubuntu medium CVE-2006-3747 medium priority: Ubuntu including 2 source packages (apache, apache2), 8 status rows across 4 suites (dapper, edgy, feisty, upstream): released 6, needs-triage 2. https://ubuntu.com/security/CVE-2006-3747

Vendor comments (NVD) for CVE-2006-3747

  • Red Hat (2006-07-31T00:00:00)

    The ability to exploit this issue is dependent on the stack layout for a particular compiled version of mod_rewrite. If the compiler has added padding to the stack immediately after the buffer being overwritten, this issue can not be exploited, and Apache httpd will continue operating normally. The Red Hat Security Response Team analyzed Red Hat Enterprise Linux 3 and Red Hat Enterprise Linux 4 binaries for all architectures as shipped by Red Hat and determined that these versions cannot be exploited. This issue does not affect the version of Apache httpd as supplied with Red Hat Enterprise Linux 2.1

  • Apache (2008-07-02T00:00:00)

    Fixed in Apache HTTP Server 2.2.3, 2.0.59, and 1.3.37: http://httpd.apache.org/security/vulnerabilities_22.html http://httpd.apache.org/security/vulnerabilities_20.html http://httpd.apache.org/security/vulnerabilities_13.html

Affected software / configurations for CVE-2006-3747

Vendor Product Version Raw CPE
apache http_server >= 1.3.28, < 1.3.37 cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
apache http_server >= 2.0.46, < 2.0.59 cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
apache http_server >= 2.2.0, < 2.2.3 cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
canonical ubuntu_linux 5.04 cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:*
canonical ubuntu_linux 5.10 cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*
canonical ubuntu_linux 6.06 cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
debian debian_linux 3.1 cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*

References for CVE-2006-3747

URL Tags
http://docs.info.apple.com/article.html?artnum=307562 Third Party Advisory
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771 Third Party Advisory
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01428449 Third Party Advisory
http://kbase.redhat.com/faq/FAQ_68_8653.shtm Third Party Advisory
http://lists.apple.com/archives/security-announce/2008//May/msg00001.html Mailing List Third Party Advisory
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html Mailing List Third Party Advisory
http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048267.html Third Party Advisory
http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048271.html Mailing List Third Party Advisory
http://lwn.net/Alerts/194228/ Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=130497311408250&w=2 Mailing List Third Party Advisory
http://secunia.com/advisories/21197 Broken Link
http://secunia.com/advisories/21241 Broken Link
http://secunia.com/advisories/21245 Broken Link
http://secunia.com/advisories/21247 Broken Link
http://secunia.com/advisories/21266 Broken Link
http://secunia.com/advisories/21273 Broken Link
http://secunia.com/advisories/21284 Broken Link
http://secunia.com/advisories/21307 Broken Link
http://secunia.com/advisories/21313 Broken Link
http://secunia.com/advisories/21315 Broken Link
http://secunia.com/advisories/21346 Broken Link
http://secunia.com/advisories/21478 Broken Link
http://secunia.com/advisories/21509 Broken Link
http://secunia.com/advisories/22262 Broken Link
http://secunia.com/advisories/22368 Broken Link
http://secunia.com/advisories/22388 Broken Link
http://secunia.com/advisories/22523 Broken Link
http://secunia.com/advisories/23028 Broken Link
http://secunia.com/advisories/23260 Broken Link
http://secunia.com/advisories/26329 Broken Link
http://secunia.com/advisories/29420 Broken Link
http://secunia.com/advisories/29849 Broken Link
http://secunia.com/advisories/30430 Broken Link
http://security.gentoo.org/glsa/glsa-200608-01.xml Third Party Advisory
http://securityreason.com/securityalert/1312 Third Party Advisory
http://securitytracker.com/id?1016601 Third Party Advisory VDB Entry
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102662-1 Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102663-1 Broken Link
http://svn.apache.org/viewvc?view=rev&revision=426144 Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg1PK29154 Third Party Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg1PK29156 Third Party Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg24013080 Third Party Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg27007951 Third Party Advisory
http://www.apache.org/dist/httpd/Announcement2.0.html Patch Vendor Advisory
http://www.debian.org/security/2006/dsa-1131 Patch Third Party Advisory
http://www.debian.org/security/2006/dsa-1132 Patch Third Party Advisory
http://www.kb.cert.org/vuls/id/395412 Third Party Advisory US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2006:133 Broken Link
http://www.novell.com/linux/security/advisories/2006_43_apache.html Third Party Advisory
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.015-apache.html Third Party Advisory
http://www.osvdb.org/27588 Broken Link
http://www.securityfocus.com/archive/1/441485/100/0/threaded Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/441487/100/0/threaded Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/441526/100/200/threaded Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/443870/100/0/threaded Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/445206/100/0/threaded Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/450321/100/0/threaded Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/19204 Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/usn-328-1 Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA08-150A.html Third Party Advisory US Government Resource
http://www.vupen.com/english/advisories/2006/3017 Permissions Required
http://www.vupen.com/english/advisories/2006/3264 Permissions Required
http://www.vupen.com/english/advisories/2006/3282 Permissions Required
http://www.vupen.com/english/advisories/2006/3884 Permissions Required
http://www.vupen.com/english/advisories/2006/3995 Permissions Required
http://www.vupen.com/english/advisories/2006/4015 Permissions Required
http://www.vupen.com/english/advisories/2006/4207 Permissions Required
http://www.vupen.com/english/advisories/2006/4300 Permissions Required
http://www.vupen.com/english/advisories/2006/4868 Permissions Required
http://www.vupen.com/english/advisories/2007/2783 Permissions Required
http://www.vupen.com/english/advisories/2008/0924/references Permissions Required
http://www.vupen.com/english/advisories/2008/1246/references Permissions Required
http://www.vupen.com/english/advisories/2008/1697 Permissions Required
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117 Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/28063 Third Party Advisory VDB Entry
https://issues.rpath.com/browse/RPL-538 Broken Link
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
cvelogic Threat Intelligence