CVE-2011-3607

MEDIUM
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.

References

http://www.osvdb.org/76744

http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/DemoExploit.html

http://www.securityfocus.com/bid/50494

http://securitytracker.com/id?1026267

http://archives.neohapsis.com/archives/fulldisclosure/2011-11/0023.html

https://bugzilla.redhat.com/show_bug.cgi?id=750935

http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/

http://secunia.com/advisories/45793

https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/811422

http://www.mandriva.com/security/advisories?name=MDVSA-2012:003

http://rhn.redhat.com/errata/RHSA-2012-0128.html

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041

http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html

http://secunia.com/advisories/48551

http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html

http://support.apple.com/kb/HT5501

http://marc.info/?l=bugtraq&m=134987041210674&w=2

http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

http://marc.info/?l=bugtraq&m=133494237717847&w=2

http://www.fujitsu.com/global/support/software/security/products-f/interstage-201303e.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/71093

http://www.debian.org/security/2012/dsa-2405

http://rhn.redhat.com/errata/RHSA-2012-0543.html

http://rhn.redhat.com/errata/RHSA-2012-0542.html

http://marc.info/?l=bugtraq&m=133294460209056&w=2

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

Details

Source: MITRE

Published: 2011-11-08

Updated: 2021-06-06

Type: CWE-189

Risk Information

CVSS v2

Base Score: 4.4

Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 3.4

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:apache:http_server:2.0.61:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.58:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.53:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.52:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.59:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.32:beta:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.55:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.54:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.64:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.56:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.50:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.57:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.51:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.28:beta:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.63:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.49:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.9:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.34:beta:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.48:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.60:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:apache:http_server:2.2.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.18:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.19:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.10:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.15:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.16:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.21:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.20:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.1:*:*:*:*:*:*:*

Tenable Plugins

View all (34 total)

IDNameProductFamilySeverity
84966F5 Networks BIG-IP : Apache HTTPD vulnerability (SOL16907)NessusF5 Networks Local Security Checks
medium
83578SUSE SLES10 Security Update : apache2 (SUSE-SU-2013:0469-1)NessusSuSE Local Security Checks
medium
81002Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (January 2015 CPU)NessusWeb Servers
high
80582Oracle Solaris Third-Party Patch Update : apache (cve_2011_3607_buffer_overflow)NessusSolaris Local Security Checks
medium
78923RHEL 5 / 6 : JBoss Web Server (RHSA-2012:0542)NessusRed Hat Local Security Checks
medium
75788openSUSE Security Update : apache2 (openSUSE-SU-2012:0212-1)NessusSuSE Local Security Checks
medium
75427openSUSE Security Update : apache2 (openSUSE-SU-2012:0248-1)NessusSuSE Local Security Checks
medium
74555openSUSE Security Update : apache2 (openSUSE-2012-132)NessusSuSE Local Security Checks
medium
69653Amazon Linux AMI : httpd (ALAS-2012-46)NessusAmazon Linux Local Security Checks
medium
68914Apache 2.0.x < 2.0.65 Multiple VulnerabilitiesNessusWeb Servers
critical
68488Oracle Linux 5 : httpd (ELSA-2012-0323)NessusOracle Linux Local Security Checks
medium
68458Oracle Linux 6 : httpd (ELSA-2012-0128)NessusOracle Linux Local Security Checks
medium
6583Mac OS X 10.7 < 10.7.5 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
62214Mac OS X 10.7.x < 10.7.5 Multiple Vulnerabilities (BEAST)NessusMacOS X Local Security Checks
critical
62213Mac OS X Multiple Vulnerabilities (Security Update 2012-004) (BEAST)NessusMacOS X Local Security Checks
critical
61261Scientific Linux Security Update : httpd on SL5.x i386/x86_64 (20120221)NessusScientific Linux Local Security Checks
medium
61245Scientific Linux Security Update : httpd on SL6.x i386/x86_64 (20120213)NessusScientific Linux Local Security Checks
medium
59851HP System Management Homepage < 7.1.1 Multiple VulnerabilitiesNessusWeb Servers
critical
59678GLSA-201206-25 : Apache HTTP Server: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
58252Fedora 15 : httpd-2.2.22-1.fc15 (2012-1642)NessusFedora Local Security Checks
medium
58085RHEL 5 : httpd (RHSA-2012:0323)NessusRed Hat Local Security Checks
medium
58050Fedora 16 : httpd-2.2.22-1.fc16 (2012-1598)NessusFedora Local Security Checks
medium
57999Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : apache2 vulnerabilities (USN-1368-1)NessusUbuntu Local Security Checks
medium
57960CentOS 6 : httpd (CESA-2012:0128)NessusCentOS Local Security Checks
medium
57931RHEL 6 : httpd (RHSA-2012:0128)NessusRed Hat Local Security Checks
medium
57892Slackware 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / current : httpd (SSA:2012-041-01)NessusSlackware Local Security Checks
medium
57851Debian DSA-2405-1 : apache2 - multiple issuesNessusDebian Local Security Checks
medium
800552Apache 2.2 < 2.2.22 Multiple VulnerabilitiesLog Correlation EngineWeb Servers
high
6302Apache 2.2 < 2.2.22 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
medium
57791Apache 2.2.x < 2.2.22 Multiple VulnerabilitiesNessusWeb Servers
medium
57786FreeBSD : apache -- multiple vulnerabilities (4b7dbfab-4c6b-11e1-bc16-0023ae8e59f0)NessusFreeBSD Local Security Checks
medium
57480Mandriva Linux Security Advisory : apache (MDVSA-2012:003)NessusMandriva Local Security Checks
medium
57298SuSE 10 Security Update : Apache2 (ZYPP Patch Number 7882)NessusSuSE Local Security Checks
medium
57090SuSE 11.1 Security Update : Apache2 (SAT Patch Number 5482)NessusSuSE Local Security Checks
medium