Computer Security
[EN] securityvulns.ru no-pyccku


Apache privilege escalation
Published:11.01.2012
Source:
SecurityVulns ID:12139
Type:local
Threat Level:
5/10
Description:Privilege escalation with SetEnvIf in conjunction with crafted HTTP headers.
Affected:APACHE : Apache 2.0
 APACHE : Apache 2.2
CVE:CVE-2011-3607 (Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod