mod_rewrite is an Apache module which allows rule-based modification of URL requests.
An off-by-one buffer overflow vulnerability in mod_rewrite allows command execution when the
**escape_absolute_uri** function attempts to separate tokens within an LDAP URL.
Upgrade to Apache HTTP Server version 1.3.37, 2.0.59, or 2.2.3 or higher.
Exploit works on Apache HTTP Server 2.0.58. The vulnerability is only exploitable when there exists a rule where the user can control the initial part of the rewritten URL. The rule must not contain a forbidden or gone flag [F or G] or the "noescape" [NE] flag.