Red Hat Bugzilla – Bug 201792
CVE-2006-3747 Apache Mod_Rewrite Off-By-One Buffer Overflow
Last modified: 2007-04-18 13:47:06 EDT
06.31.33 CVE: CVE-2006-3747
Platform: Cross Platform
Title: Apache Mod_Rewrite Off-By-One Buffer Overflow
Description: Apache's mod_rewrite is a rule-based rewriting engine
which rewrites requested URLs for the Apache web server. It is prone
to a buffer overflow condition that presents itself on a system with
the active configuration "RewriteEngine on". Versions 2.0.53-55 and
prior to 1.3.35 are reported as vulnerable.
This was fixed for FC4, but appears still an issue for FC3.
However, RHEL bug #200219 says RHEL3 and RHEL4 are not actually vulnerable. That
is almost certainly the case for FC3 as well. Can someone confirm?
Fedora Core 3 is now completely unmaintained. These bugs can't be fixed in that
version. If the issue still persists in current Fedora Core, please reopen.
Thank you, and sorry about this.