Search for vulnerabilities
Vulnerability details: VCID-mjhv-u1xn-aaaa
Vulnerability ID VCID-mjhv-u1xn-aaaa
Aliases CVE-2006-3747
Summary Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
Status Published
Exploitability 2.0
Weighted Severity 6.8
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-189 Numeric Errors
System Score Found at
generic_textual MODERATE http://marc.info/?l=bugtraq&m=130497311408250&w=2
epss 0.92044 https://api.first.org/data/v1/epss?cve=CVE-2006-3747
epss 0.92044 https://api.first.org/data/v1/epss?cve=CVE-2006-3747
epss 0.92044 https://api.first.org/data/v1/epss?cve=CVE-2006-3747
epss 0.92044 https://api.first.org/data/v1/epss?cve=CVE-2006-3747
epss 0.92044 https://api.first.org/data/v1/epss?cve=CVE-2006-3747
epss 0.9232 https://api.first.org/data/v1/epss?cve=CVE-2006-3747
epss 0.9232 https://api.first.org/data/v1/epss?cve=CVE-2006-3747
epss 0.9232 https://api.first.org/data/v1/epss?cve=CVE-2006-3747
epss 0.9232 https://api.first.org/data/v1/epss?cve=CVE-2006-3747
epss 0.9232 https://api.first.org/data/v1/epss?cve=CVE-2006-3747
epss 0.9232 https://api.first.org/data/v1/epss?cve=CVE-2006-3747
epss 0.9232 https://api.first.org/data/v1/epss?cve=CVE-2006-3747
epss 0.9232 https://api.first.org/data/v1/epss?cve=CVE-2006-3747
epss 0.9232 https://api.first.org/data/v1/epss?cve=CVE-2006-3747
epss 0.92549 https://api.first.org/data/v1/epss?cve=CVE-2006-3747
epss 0.92739 https://api.first.org/data/v1/epss?cve=CVE-2006-3747
epss 0.92739 https://api.first.org/data/v1/epss?cve=CVE-2006-3747
epss 0.92739 https://api.first.org/data/v1/epss?cve=CVE-2006-3747
epss 0.92739 https://api.first.org/data/v1/epss?cve=CVE-2006-3747
epss 0.92739 https://api.first.org/data/v1/epss?cve=CVE-2006-3747
epss 0.92739 https://api.first.org/data/v1/epss?cve=CVE-2006-3747
epss 0.92739 https://api.first.org/data/v1/epss?cve=CVE-2006-3747
epss 0.92739 https://api.first.org/data/v1/epss?cve=CVE-2006-3747
epss 0.92739 https://api.first.org/data/v1/epss?cve=CVE-2006-3747
epss 0.92739 https://api.first.org/data/v1/epss?cve=CVE-2006-3747
epss 0.93515 https://api.first.org/data/v1/epss?cve=CVE-2006-3747
epss 0.93515 https://api.first.org/data/v1/epss?cve=CVE-2006-3747
epss 0.97428 https://api.first.org/data/v1/epss?cve=CVE-2006-3747
epss 0.97447 https://api.first.org/data/v1/epss?cve=CVE-2006-3747
epss 0.97447 https://api.first.org/data/v1/epss?cve=CVE-2006-3747
epss 0.97447 https://api.first.org/data/v1/epss?cve=CVE-2006-3747
apache_httpd important https://httpd.apache.org/security/json/CVE-2006-3747.json
cvssv2 7.6 https://nvd.nist.gov/vuln/detail/CVE-2006-3747
Reference id Reference type URL
http://docs.info.apple.com/article.html?artnum=307562
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01428449
http://kbase.redhat.com/faq/FAQ_68_8653.shtm
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048267.html
http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048271.html
http://lwn.net/Alerts/194228/
http://marc.info/?l=bugtraq&m=130497311408250&w=2
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-3747.json
https://api.first.org/data/v1/epss?cve=CVE-2006-3747
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3747
http://secunia.com/advisories/21197
http://secunia.com/advisories/21241
http://secunia.com/advisories/21245
http://secunia.com/advisories/21247
http://secunia.com/advisories/21266
http://secunia.com/advisories/21273
http://secunia.com/advisories/21284
http://secunia.com/advisories/21307
http://secunia.com/advisories/21313
http://secunia.com/advisories/21315
http://secunia.com/advisories/21346
http://secunia.com/advisories/21478
http://secunia.com/advisories/21509
http://secunia.com/advisories/22262
http://secunia.com/advisories/22368
http://secunia.com/advisories/22388
http://secunia.com/advisories/22523
http://secunia.com/advisories/23028
http://secunia.com/advisories/23260
http://secunia.com/advisories/26329
http://secunia.com/advisories/29420
http://secunia.com/advisories/29849
http://secunia.com/advisories/30430
http://security.gentoo.org/glsa/glsa-200608-01.xml
http://securityreason.com/securityalert/1312
http://securitytracker.com/id?1016601
https://exchange.xforce.ibmcloud.com/vulnerabilities/28063
https://issues.rpath.com/browse/RPL-538
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102662-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102663-1
http://svn.apache.org/viewvc?view=rev&revision=426144
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117
http://www-1.ibm.com/support/docview.wss?uid=swg1PK29154
http://www-1.ibm.com/support/docview.wss?uid=swg1PK29156
http://www-1.ibm.com/support/docview.wss?uid=swg24013080
http://www-1.ibm.com/support/docview.wss?uid=swg27007951
http://www.apache.org/dist/httpd/Announcement2.0.html
http://www.debian.org/security/2006/dsa-1131
http://www.debian.org/security/2006/dsa-1132
http://www.kb.cert.org/vuls/id/395412
http://www.mandriva.com/security/advisories?name=MDKSA-2006:133
http://www.novell.com/linux/security/advisories/2006_43_apache.html
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.015-apache.html
http://www.osvdb.org/27588
http://www.securityfocus.com/archive/1/441485/100/0/threaded
http://www.securityfocus.com/archive/1/441487/100/0/threaded
http://www.securityfocus.com/archive/1/441526/100/200/threaded
http://www.securityfocus.com/archive/1/443870/100/0/threaded
http://www.securityfocus.com/archive/1/445206/100/0/threaded
http://www.securityfocus.com/archive/1/450321/100/0/threaded
http://www.securityfocus.com/bid/19204
http://www.ubuntu.com/usn/usn-328-1
http://www.us-cert.gov/cas/techalerts/TA08-150A.html
http://www.vupen.com/english/advisories/2006/3017
http://www.vupen.com/english/advisories/2006/3264
http://www.vupen.com/english/advisories/2006/3282
http://www.vupen.com/english/advisories/2006/3884
http://www.vupen.com/english/advisories/2006/3995
http://www.vupen.com/english/advisories/2006/4015
http://www.vupen.com/english/advisories/2006/4207
http://www.vupen.com/english/advisories/2006/4300
http://www.vupen.com/english/advisories/2006/4868
http://www.vupen.com/english/advisories/2007/2783
http://www.vupen.com/english/advisories/2008/0924/references
http://www.vupen.com/english/advisories/2008/1246/references
http://www.vupen.com/english/advisories/2008/1697
380182 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=380182
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.28:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:1.3.28:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.29:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:1.3.29:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.30:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:1.3.30:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.31:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:1.3.31:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.32:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:1.3.32:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.33:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:1.3.33:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:1.3.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:1.3.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:1.3.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:1.3.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.7:*:dev:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:1.3.7:*:dev:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:1.3.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.48:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.48:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.49:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.49:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.50:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.50:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.51:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.51:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.52:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.52:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.53:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.53:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.54:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.54:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.55:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.55:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.56:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.56:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.57:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.57:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.58:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.58:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:5.04:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:ubuntu:ubuntu_linux:5.04:*:*:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:*:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:*:*:*:*:*:*
CVE-2006-3747 https://httpd.apache.org/security/json/CVE-2006-3747.json
CVE-2006-3747 https://nvd.nist.gov/vuln/detail/CVE-2006-3747
CVE-2006-3747;OSVDB-27588 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/16752.rb
CVE-2006-3747;OSVDB-27588 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/3996.c
GLSA-200608-01 https://security.gentoo.org/glsa/200608-01
OSVDB-27588;CVE-2006-3747 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/2237.sh
OSVDB-27588;CVE-2006-3747 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows_x86/remote/3680.sh
USN-328-1 https://usn.ubuntu.com/328-1/
Data source Exploit-DB
Date added April 6, 2007
Description Apache mod_rewrite (Windows x86) - Off-by-One Remote Overflow
Ransomware campaign use Known
Source publication date April 7, 2007
Exploit type remote
Platform windows_x86
Source update date Jan. 31, 2017
Data source Metasploit
Description This module exploits the mod_rewrite LDAP protocol scheme handling flaw discovered by Mark Dowd, which produces an off-by-one overflow. Apache versions 1.3.29-36, 2.0.47-58, and 2.2.1-2 are vulnerable. This module requires REWRITEPATH to be set accurately. In addition, the target must have 'RewriteEngine on' configured, with a specific 'RewriteRule' condition enabled to allow for exploitation. The flaw affects multiple platforms, however this module currently only supports Windows based installations.
Note 
{}
Ransomware campaign use Unknown
Source publication date July 28, 2006
Platform Windows
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/windows/http/apache_mod_rewrite_ldap.rb
Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2006-3747
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.99697
EPSS Score 0.92044
Published At April 5, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.