CVE-2011-3607 (CNNVD-201111-112)
MEDIUM
有利用代码
中文标题:
Apache HTTP Server ‘ap_pregsub()’函数本地权限提升漏洞
英文标题:
Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through...
CVSS分数:
4.4
发布时间:
2011-11-08 11:00:00
漏洞类型:
数字错误
状态:
PUBLISHED
数据质量分数:
0.30
数据版本:
v4
漏洞描述
中文描述:
Apache HTTP Server是美国阿帕奇(Apache)软件基金会的一款开源网页服务器。该服务器具有快速、可靠且可通过简单的API进行扩充的特点。 Apache HTTP Server在"ap_pregsub()"函数的实现上存在本地权限提升漏洞。本地攻击者可利用此漏洞以提升的权限执行任意代码。
英文描述:
Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
CWE类型:
CWE-189
标签:
dos
linux
halfdog
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| apache | http_server | 2.0 | - | - |
cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:*
|
| apache | http_server | 2.0.9 | - | - |
cpe:2.3:a:apache:http_server:2.0.9:*:*:*:*:*:*:*
|
| apache | http_server | 2.0.28 | - | - |
cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:*
|
| apache | http_server | 2.0.32 | - | - |
cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:*
|
| apache | http_server | 2.0.34 | - | - |
cpe:2.3:a:apache:http_server:2.0.34:beta:*:*:*:*:*:*
|
| apache | http_server | 2.0.35 | - | - |
cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:*
|
| apache | http_server | 2.0.36 | - | - |
cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*
|
| apache | http_server | 2.0.37 | - | - |
cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*
|
| apache | http_server | 2.0.38 | - | - |
cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*
|
| apache | http_server | 2.0.39 | - | - |
cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*
|
| apache | http_server | 2.0.40 | - | - |
cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*
|
| apache | http_server | 2.0.41 | - | - |
cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*
|
| apache | http_server | 2.0.42 | - | - |
cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*
|
| apache | http_server | 2.0.43 | - | - |
cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*
|
| apache | http_server | 2.0.44 | - | - |
cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*
|
| apache | http_server | 2.0.45 | - | - |
cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:*
|
| apache | http_server | 2.0.46 | - | - |
cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:*
|
| apache | http_server | 2.0.47 | - | - |
cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:*
|
| apache | http_server | 2.0.48 | - | - |
cpe:2.3:a:apache:http_server:2.0.48:*:*:*:*:*:*:*
|
| apache | http_server | 2.0.49 | - | - |
cpe:2.3:a:apache:http_server:2.0.49:*:*:*:*:*:*:*
|
| apache | http_server | 2.0.50 | - | - |
cpe:2.3:a:apache:http_server:2.0.50:*:*:*:*:*:*:*
|
| apache | http_server | 2.0.51 | - | - |
cpe:2.3:a:apache:http_server:2.0.51:*:*:*:*:*:*:*
|
| apache | http_server | 2.0.52 | - | - |
cpe:2.3:a:apache:http_server:2.0.52:*:*:*:*:*:*:*
|
| apache | http_server | 2.0.53 | - | - |
cpe:2.3:a:apache:http_server:2.0.53:*:*:*:*:*:*:*
|
| apache | http_server | 2.0.54 | - | - |
cpe:2.3:a:apache:http_server:2.0.54:*:*:*:*:*:*:*
|
| apache | http_server | 2.0.55 | - | - |
cpe:2.3:a:apache:http_server:2.0.55:*:*:*:*:*:*:*
|
| apache | http_server | 2.0.56 | - | - |
cpe:2.3:a:apache:http_server:2.0.56:*:*:*:*:*:*:*
|
| apache | http_server | 2.0.57 | - | - |
cpe:2.3:a:apache:http_server:2.0.57:*:*:*:*:*:*:*
|
| apache | http_server | 2.0.58 | - | - |
cpe:2.3:a:apache:http_server:2.0.58:*:*:*:*:*:*:*
|
| apache | http_server | 2.0.59 | - | - |
cpe:2.3:a:apache:http_server:2.0.59:*:*:*:*:*:*:*
|
| apache | http_server | 2.0.60 | - | - |
cpe:2.3:a:apache:http_server:2.0.60:*:*:*:*:*:*:*
|
| apache | http_server | 2.0.61 | - | - |
cpe:2.3:a:apache:http_server:2.0.61:*:*:*:*:*:*:*
|
| apache | http_server | 2.0.63 | - | - |
cpe:2.3:a:apache:http_server:2.0.63:*:*:*:*:*:*:*
|
| apache | http_server | 2.0.64 | - | - |
cpe:2.3:a:apache:http_server:2.0.64:*:*:*:*:*:*:*
|
| apache | http_server | 2.2.0 | - | - |
cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*
|
| apache | http_server | 2.2.1 | - | - |
cpe:2.3:a:apache:http_server:2.2.1:*:*:*:*:*:*:*
|
| apache | http_server | 2.2.2 | - | - |
cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*
|
| apache | http_server | 2.2.3 | - | - |
cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*
|
| apache | http_server | 2.2.4 | - | - |
cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*
|
| apache | http_server | 2.2.6 | - | - |
cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:*
|
| apache | http_server | 2.2.8 | - | - |
cpe:2.3:a:apache:http_server:2.2.8:*:*:*:*:*:*:*
|
| apache | http_server | 2.2.9 | - | - |
cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:*
|
| apache | http_server | 2.2.10 | - | - |
cpe:2.3:a:apache:http_server:2.2.10:*:*:*:*:*:*:*
|
| apache | http_server | 2.2.11 | - | - |
cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*
|
| apache | http_server | 2.2.12 | - | - |
cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:*
|
| apache | http_server | 2.2.13 | - | - |
cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:*
|
| apache | http_server | 2.2.14 | - | - |
cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*
|
| apache | http_server | 2.2.15 | - | - |
cpe:2.3:a:apache:http_server:2.2.15:*:*:*:*:*:*:*
|
| apache | http_server | 2.2.16 | - | - |
cpe:2.3:a:apache:http_server:2.2.16:*:*:*:*:*:*:*
|
| apache | http_server | 2.2.18 | - | - |
cpe:2.3:a:apache:http_server:2.2.18:*:*:*:*:*:*:*
|
| apache | http_server | 2.2.19 | - | - |
cpe:2.3:a:apache:http_server:2.2.19:*:*:*:*:*:*:*
|
| apache | http_server | 2.2.20 | - | - |
cpe:2.3:a:apache:http_server:2.2.20:*:*:*:*:*:*:*
|
| apache | http_server | 2.2.21 | - | - |
cpe:2.3:a:apache:http_server:2.2.21:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
HPSBMU02786
vendor-advisory
cve.org
访问
cve.org
SSRT100966
vendor-advisory
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
RHSA-2012:0543
vendor-advisory
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
SSRT100772
vendor-advisory
cve.org
访问
cve.org
RHSA-2012:0128
vendor-advisory
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
45793
third-party-advisory
cve.org
访问
cve.org
50494
vdb-entry
cve.org
访问
cve.org
RHSA-2012:0542
vendor-advisory
cve.org
访问
cve.org
1026267
vdb-entry
cve.org
访问
cve.org
APPLE-SA-2012-09-19-2
vendor-advisory
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
20111102 Integer Overflow in Apache ap_pregsub via mod-setenvif
mailing-list
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
76744
vdb-entry
cve.org
访问
cve.org
HPSBUX02761
vendor-advisory
cve.org
访问
cve.org
MDVSA-2013:150
vendor-advisory
cve.org
访问
cve.org
48551
third-party-advisory
cve.org
访问
cve.org
DSA-2405
vendor-advisory
cve.org
访问
cve.org
apache-http-appregsub-bo(71093)
vdb-entry
cve.org
访问
cve.org
MDVSA-2012:003
vendor-advisory
cve.org
访问
cve.org
[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
mailing-list
cve.org
访问
cve.org
[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
mailing-list
cve.org
访问
cve.org
[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
mailing-list
cve.org
访问
cve.org
[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
mailing-list
cve.org
访问
cve.org
[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
mailing-list
cve.org
访问
cve.org
[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
mailing-list
cve.org
访问
cve.org
[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
mailing-list
cve.org
访问
cve.org
[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
mailing-list
cve.org
访问
cve.org
[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
mailing-list
cve.org
访问
cve.org
[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
mailing-list
cve.org
访问
cve.org
[httpd-cvs] 20210330 svn commit: r1888194 [7/13] - /httpd/site/trunk/content/security/json/
mailing-list
cve.org
访问
cve.org
[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
mailing-list
cve.org
访问
cve.org
[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/
mailing-list
cve.org
访问
cve.org
[httpd-cvs] 20210330 svn commit: r1073139 [7/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
mailing-list
cve.org
访问
cve.org
[httpd-cvs] 20210330 svn commit: r1073149 [8/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
mailing-list
cve.org
访问
cve.org
[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html
mailing-list
cve.org
访问
cve.org
[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
mailing-list
cve.org
访问
cve.org
[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
mailing-list
cve.org
访问
cve.org
[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
mailing-list
cve.org
访问
cve.org
[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
mailing-list
cve.org
访问
cve.org
[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
mailing-list
cve.org
访问
cve.org
[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
mailing-list
cve.org
访问
cve.org
ExploitDB EDB-41769
EXPLOIT
exploitdb
访问
exploitdb
Download Exploit EDB-41769
EXPLOIT
exploitdb
访问
exploitdb
CVE Reference: CVE-2011-4415
ADVISORY
cve.org
访问
cve.org
CVE Reference: CVE-2011-3607
ADVISORY
cve.org
访问
cve.org
CVSS评分详情
4.4
MEDIUM
CVSS向量:
AV:L/AC:M/Au:N/C:P/I:P/A:P
CVSS版本:
2.0
机密性
PARTIAL
完整性
PARTIAL
可用性
PARTIAL
时间信息
发布时间:
2011-11-08 11:00:00
修改时间:
2024-08-06 23:37:48
创建时间:
2025-11-11 15:33:17
更新时间:
2025-11-11 16:43:19
利用信息
此漏洞有可利用代码!
利用代码数量:
1
利用来源:
未知
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2011-3607 |
2025-11-11 15:18:24 | 2025-11-11 07:33:17 |
| NVD | nvd_CVE-2011-3607 |
2025-11-11 14:53:44 | 2025-11-11 07:42:07 |
| CNNVD | cnnvd_CNNVD-201111-112 |
2025-11-11 15:09:14 | 2025-11-11 07:49:57 |
| EXPLOITDB | exploitdb_EDB-41769 |
2025-11-11 15:05:24 | 2025-11-11 08:43:19 |
版本与语言
当前版本:
v4
主要语言:
EN
支持语言:
EN
ZH
其他标识符:
:
:
安全公告
暂无安全公告信息
变更历史
v4
EXPLOITDB
2025-11-11 16:43:19
references_count: 48 → 52; tags_count: 0 → 3; data_sources: ['cnnvd', 'cve', 'nvd'] → ['cnnvd', 'cve', 'exploitdb', 'nvd']
查看详细变更
- references_count: 48 -> 52
- tags_count: 0 -> 3
- data_sources: ['cnnvd', 'cve', 'nvd'] -> ['cnnvd', 'cve', 'exploitdb', 'nvd']
v3
CNNVD
2025-11-11 15:49:57
vulnerability_type: 未提取 → 数字错误; cnnvd_id: 未提取 → CNNVD-201111-112; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
- vulnerability_type: 未提取 -> 数字错误
- cnnvd_id: 未提取 -> CNNVD-201111-112
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2
NVD
2025-11-11 15:42:07
cvss_score: 未提取 → 4.4; cvss_vector: NOT_EXTRACTED → AV:L/AC:M/Au:N/C:P/I:P/A:P; cvss_version: NOT_EXTRACTED → 2.0; affected_products_count: 0 → 53; references_count: 52 → 48; data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
- cvss_score: 未提取 -> 4.4
- cvss_vector: NOT_EXTRACTED -> AV:L/AC:M/Au:N/C:P/I:P/A:P
- cvss_version: NOT_EXTRACTED -> 2.0
- affected_products_count: 0 -> 53
- references_count: 52 -> 48
- data_sources: ['cve'] -> ['cve', 'nvd']