Bug 201792

Summary: CVE-2006-3747 Apache Mod_Rewrite Off-By-One Buffer Overflow
Product: [Retired] Fedora Legacy Reporter: John Dalbec <jpdalbec>
Component: apacheAssignee: Fedora Legacy Bugs <bugs>
Status: CLOSED CANTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: fc3CC: mattdm
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://www.kb.cert.org/vuls/id/395412
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-04-10 19:17:03 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description John Dalbec 2006-08-08 20:38:34 UTC 
06.31.33 CVE: CVE-2006-3747
Platform: Cross Platform
Title: Apache Mod_Rewrite Off-By-One Buffer Overflow
Description: Apache's mod_rewrite is a rule-based rewriting engine
which rewrites requested URLs for the Apache web server. It is prone
to a buffer overflow condition that presents itself on a system with
the active configuration "RewriteEngine on". Versions 2.0.53-55 and
prior to 1.3.35 are reported as vulnerable.
Ref: http://www.kb.cert.org/vuls/id/395412
Comment 1 Matthew Miller 2006-10-19 17:47:40 UTC 
This was fixed for FC4, but appears still an issue for FC3.
Comment 2 Matthew Miller 2006-10-19 17:49:35 UTC 
However, RHEL bug #200219 says RHEL3 and RHEL4 are not actually vulnerable. That
is almost certainly the case for FC3 as well. Can someone confirm?
Comment 3 Matthew Miller 2007-04-10 19:17:03 UTC 
Fedora Core 3 is now completely unmaintained. These bugs can't be fixed in that
version. If the issue still persists in current Fedora Core, please reopen.
Thank you, and sorry about this.