Vulnerability Database

290,020

Total vulnerabilities in the database

CVE-2011-3607

Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.

  • Published: Nov 8, 2011
  • Updated: Apr 13, 2023
  • CVE: CVE-2011-3607
  • Severity: Low
  • Exploit:

CVSS v2:

  • Severity: Low
  • Score: 4.4
  • AV:L/AC:M/Au:N/C:P/I:P/A:P

CWEs:

Software From Fixed in
apache / http_server 2.0.42 2.0.42.x
apache / http_server 2.0.64 2.0.64.x
apache / http_server 2.0.58 2.0.58.x
apache / http_server 2.0.47 2.0.47.x
apache / http_server 2.0.56 2.0.56.x
apache / http_server 2.0.50 2.0.50.x
apache / http_server 2.0.35 2.0.35.x
apache / http_server 2.0.37 2.0.37.x
apache / http_server 2.0.55 2.0.55.x
apache / http_server 2.0.44 2.0.44.x
apache / http_server 2.0.39 2.0.39.x
apache / http_server 2.0.52 2.0.52.x
apache / http_server 2.0.53 2.0.53.x
apache / http_server 2.0.57 2.0.57.x
apache / http_server 2.0.51 2.0.51.x
apache / http_server 2.0.28-beta 2.0.28-beta.x
apache / http_server 2.0.63 2.0.63.x
apache / http_server 2.0.41 2.0.41.x
apache / http_server 2.0.49 2.0.49.x
apache / http_server 2.0.9 2.0.9.x
apache / http_server 2.0.34-beta 2.0.34-beta.x
apache / http_server 2.0.61 2.0.61.x
apache / http_server 2.0.32 2.0.32.x
apache / http_server 2.0.38 2.0.38.x
apache / http_server 2.0.48 2.0.48.x
apache / http_server 2.0.45 2.0.45.x
apache / http_server 2.0.40 2.0.40.x
apache / http_server 2.0.36 2.0.36.x
apache / http_server 2.0.46 2.0.46.x
apache / http_server 2.0.54 2.0.54.x
apache / http_server 2.0.43 2.0.43.x
apache / http_server 2.0.59 2.0.59.x
apache / http_server 2.0.28 2.0.28.x
apache / http_server 2.0 2.0.x
apache / http_server 2.0.32-beta 2.0.32-beta.x
apache / http_server 2.0.60 2.0.60.x
apache / http_server 2.2.11 2.2.11.x
apache / http_server 2.2.0 2.2.0.x
apache / http_server 2.2.10 2.2.10.x
apache / http_server 2.2.13 2.2.13.x
apache / http_server 2.2.2 2.2.2.x
apache / http_server 2.2.4 2.2.4.x
apache / http_server 2.2.16 2.2.16.x
apache / http_server 2.2.21 2.2.21.x
apache / http_server 2.2.8 2.2.8.x
apache / http_server 2.2.14 2.2.14.x
apache / http_server 2.2.6 2.2.6.x
apache / http_server 2.2.19 2.2.19.x
apache / http_server 2.2.9 2.2.9.x
apache / http_server 2.2.18 2.2.18.x
apache / http_server 2.2.12 2.2.12.x
apache / http_server 2.2.3 2.2.3.x
apache / http_server 2.2.15 2.2.15.x
apache / http_server 2.2.20 2.2.20.x
apache / http_server 2.2.1 2.2.1.x