CVE-2006-3747

Exp

Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.

公開: 2006-07-28 最終更新: 2026-06-16 Assigner: [email protected] ソース: [email protected]

総合評価: CVE-2006-3747 は悪用リスクが高い(81.1/100)。CVSS 深刻度は高。悪用される可能性が高い(EPSS 96.44%、100 パーセンタイル) 根拠: 公開エクスプロイトが 4 件参照されています(Exploit-DB)。 推奨対応: 公開エクスプロイトが確認されています。影響範囲の確認、緩和策の適用、パッチ適用を優先してください。

リスクは変動します。再評価に基づき、本ページの表示内容を更新しています。

CVE-2006-3747 に関する公開 exploit 参照(Exploit-DB)

EDB-ID ソース 種別 公開 リンク
16752 exploit_db edb 2010-02-15 Exploit-DB ↗
3996 exploit_db edb 2007-05-26 Exploit-DB ↗
3680 exploit_db edb 2007-04-07 Exploit-DB ↗
2237 exploit_db edb 2006-08-21 Exploit-DB ↗

CVE-2006-3747 の EPSS(Exploit Prediction Scoring System)スコア

EPSS は日次で悪用されやすさの相対度合いを推定します。パーセンタイルは採点済み CVE の中での相対位置(高いほど相対的に深刻)を示します。

# 日付 旧 EPSS スコア 新 EPSS スコア Δ(新 − 旧)
1 2026-06-25 95.65% 96.44% +0.79%
2 2026-06-15 90.02% 95.65% +5.62%
3 2026-04-25 90.02%

EPSS の全履歴 (全 48 件)

CVE-2006-3747 の CVSS(Common Vulnerability Scoring System)指標

この CVE の CVSS 指標。

ベーススコア バージョン 深刻度 ベクトル 悪用しやすさ 影響 スコアの出典
7.6 2.0 HIGH
AV:N/AC:H/Au:N/C:C/I:C/A:C クリックして展開
アクセス経路 (AV:N)
ルーティング可能なネットワーク越しに、遠隔から到達・悪用しうる。
アクセスの複雑さ (AC:H)
ごく限られた構成・タイミングでしか成立しない。
認証 (AU:N)
認証を経ずに攻撃を完結できる。
機密性への影響 (C:C)
機密性は全面的に損なわれる。
完全性への影響 (I:C)
完全性は全面的に損なわれる。
可用性への影響 (A:C)
可用性は全面的に損なわれる。
4.9 10.0 [email protected]

CVE-2006-3747 の弱点分類(列挙)

CVE-2006-3747 の OS トラッカー

vendor priority summary link
debian medium CVE-2006-3747 medium priority: Debian including 1 source packages (apache2), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. https://security-tracker.debian.org/tracker/CVE-2006-3747
gentoo high CVE-2006-3747: 1 GLSA(s) (200608-01), 1 atom(s) (www-servers/apache); latest impact high. https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2006-3747
redhat https://access.redhat.com/security/cve/CVE-2006-3747
suse high CVE-2006-3747 severity important: SUSE including 33 source package names (apache2-2.2.10-2.24.5, apache2-2.2.12-1.28.1, …), 39 product×package rows across 7 product lines (SUSE Linux Enterprise Server 11 SP1, SUSE Linux Enterprise Server 11 SP2, … (7 product lines)): Fixed 39. https://www.suse.com/security/cve/CVE-2006-3747/
ubuntu medium CVE-2006-3747 medium priority: Ubuntu including 2 source packages (apache, apache2), 8 status rows across 4 suites (dapper, edgy, feisty, upstream): released 6, needs-triage 2. https://ubuntu.com/security/CVE-2006-3747

CVE-2006-3747 のベンダーコメント(NVD)

  • Red Hat (2006-07-31T00:00:00)

    The ability to exploit this issue is dependent on the stack layout for a particular compiled version of mod_rewrite. If the compiler has added padding to the stack immediately after the buffer being overwritten, this issue can not be exploited, and Apache httpd will continue operating normally. The Red Hat Security Response Team analyzed Red Hat Enterprise Linux 3 and Red Hat Enterprise Linux 4 binaries for all architectures as shipped by Red Hat and determined that these versions cannot be exploited. This issue does not affect the version of Apache httpd as supplied with Red Hat Enterprise Linux 2.1

  • Apache (2008-07-02T00:00:00)

    Fixed in Apache HTTP Server 2.2.3, 2.0.59, and 1.3.37: http://httpd.apache.org/security/vulnerabilities_22.html http://httpd.apache.org/security/vulnerabilities_20.html http://httpd.apache.org/security/vulnerabilities_13.html

CVE-2006-3747 の影響を受けるソフトウェア/構成

ベンダー 製品 バージョン 生の CPE
apache http_server >= 1.3.28, < 1.3.37 cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
apache http_server >= 2.0.46, < 2.0.59 cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
apache http_server >= 2.2.0, < 2.2.3 cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
canonical ubuntu_linux 5.04 cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:*
canonical ubuntu_linux 5.10 cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*
canonical ubuntu_linux 6.06 cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
debian debian_linux 3.1 cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*

CVE-2006-3747 の参考情報

URL タグ
http://docs.info.apple.com/article.html?artnum=307562 Third Party Advisory
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771 Third Party Advisory
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01428449 Third Party Advisory
http://kbase.redhat.com/faq/FAQ_68_8653.shtm Third Party Advisory
http://lists.apple.com/archives/security-announce/2008//May/msg00001.html Mailing List Third Party Advisory
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html Mailing List Third Party Advisory
http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048267.html Third Party Advisory
http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048271.html Mailing List Third Party Advisory
http://lwn.net/Alerts/194228/ Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=130497311408250&w=2 Mailing List Third Party Advisory
http://secunia.com/advisories/21197 Broken Link
http://secunia.com/advisories/21241 Broken Link
http://secunia.com/advisories/21245 Broken Link
http://secunia.com/advisories/21247 Broken Link
http://secunia.com/advisories/21266 Broken Link
http://secunia.com/advisories/21273 Broken Link
http://secunia.com/advisories/21284 Broken Link
http://secunia.com/advisories/21307 Broken Link
http://secunia.com/advisories/21313 Broken Link
http://secunia.com/advisories/21315 Broken Link
http://secunia.com/advisories/21346 Broken Link
http://secunia.com/advisories/21478 Broken Link
http://secunia.com/advisories/21509 Broken Link
http://secunia.com/advisories/22262 Broken Link
http://secunia.com/advisories/22368 Broken Link
http://secunia.com/advisories/22388 Broken Link
http://secunia.com/advisories/22523 Broken Link
http://secunia.com/advisories/23028 Broken Link
http://secunia.com/advisories/23260 Broken Link
http://secunia.com/advisories/26329 Broken Link
http://secunia.com/advisories/29420 Broken Link
http://secunia.com/advisories/29849 Broken Link
http://secunia.com/advisories/30430 Broken Link
http://security.gentoo.org/glsa/glsa-200608-01.xml Third Party Advisory
http://securityreason.com/securityalert/1312 Third Party Advisory
http://securitytracker.com/id?1016601 Third Party Advisory VDB Entry
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102662-1 Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102663-1 Broken Link
http://svn.apache.org/viewvc?view=rev&revision=426144 Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg1PK29154 Third Party Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg1PK29156 Third Party Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg24013080 Third Party Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg27007951 Third Party Advisory
http://www.apache.org/dist/httpd/Announcement2.0.html Patch Vendor Advisory
http://www.debian.org/security/2006/dsa-1131 Patch Third Party Advisory
http://www.debian.org/security/2006/dsa-1132 Patch Third Party Advisory
http://www.kb.cert.org/vuls/id/395412 Third Party Advisory US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2006:133 Broken Link
http://www.novell.com/linux/security/advisories/2006_43_apache.html Third Party Advisory
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.015-apache.html Third Party Advisory
http://www.osvdb.org/27588 Broken Link
http://www.securityfocus.com/archive/1/441485/100/0/threaded Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/441487/100/0/threaded Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/441526/100/200/threaded Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/443870/100/0/threaded Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/445206/100/0/threaded Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/450321/100/0/threaded Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/19204 Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/usn-328-1 Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA08-150A.html Third Party Advisory US Government Resource
http://www.vupen.com/english/advisories/2006/3017 Permissions Required
http://www.vupen.com/english/advisories/2006/3264 Permissions Required
http://www.vupen.com/english/advisories/2006/3282 Permissions Required
http://www.vupen.com/english/advisories/2006/3884 Permissions Required
http://www.vupen.com/english/advisories/2006/3995 Permissions Required
http://www.vupen.com/english/advisories/2006/4015 Permissions Required
http://www.vupen.com/english/advisories/2006/4207 Permissions Required
http://www.vupen.com/english/advisories/2006/4300 Permissions Required
http://www.vupen.com/english/advisories/2006/4868 Permissions Required
http://www.vupen.com/english/advisories/2007/2783 Permissions Required
http://www.vupen.com/english/advisories/2008/0924/references Permissions Required
http://www.vupen.com/english/advisories/2008/1246/references Permissions Required
http://www.vupen.com/english/advisories/2008/1697 Permissions Required
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117 Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/28063 Third Party Advisory VDB Entry
https://issues.rpath.com/browse/RPL-538 Broken Link
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
cvelogic Threat Intelligence