JLSEC-2026-398

curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTPS URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request HTTP...

Siemens SIMATIC S7-1500 Double Free (CVE-2022-42915)

curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTPS URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request HTTP...

K6878: Apache Rewrite module (mod_rewrite) vulnerabilities CVE-2006-3747

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

AZL-11368 CVE-2022-42915 affecting package curl for versions less than 7.86.0-1

curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTPS URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request HTTP...

ALPINE-CVE-2022-42915

curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTPS URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request HTTP...

Apache Server mod_rewrite Module LDAP Scheme Handling Buffer Overflow (CVE-2006-3747)

The Apache HTTP server is the most popular web server in use on the Internet. Over two-thirds of web hosts on the Internet run the application in order to serve content. The server is capable of being utilized with numerous different options and configurations, with a wide variety of plug-in...

Ubuntu 5.04 / 5.10 / 6.06 LTS : apache2 vulnerability (USN-328-1)

Mark Dowd discovered an off-by-one buffer overflow in the modrewrite module's ldap scheme handling. On systems which activate 'RewriteEngine on', a remote attacker could exploit certain rewrite rules to crash Apache, or potentially even execute arbitrary code this has not been verified...

SOL6878 - Apache Rewrite module (mod_rewrite) vulnerabilities CVE-2006-3747

This security advisory describes an off-by-one error, which means the bits are shifted to the left or the right by one value, in the LDAP scheme handling of the Apache Rewrite module. The vulnerability within the Apache Rewrite module allows remote attackers to cause a Denial of Service attack or...

SUSE-SA:2006:043: apache,apache2

The remote host is missing the patch for the advisory SUSE-SA:2006:043 apache,apache2. The following security problem was fixed in the Apache and Apache 2 web servers: modrewrite: Fix an off-by-one security problem in the ldap scheme handling. For some RewriteRules this could lead to a pointer...

Fedora Core 5 : httpd-2.2.2-1.2 (2006-863)

This update fixes a security issue in the modrewrite module. Mark Dowd of McAfee Avert Labs reported an off-by-one security problem in the LDAP scheme handling of the modrewrite module. Where RewriteEngine was enabled, and for certain RewriteRules, this could lead to a pointer being written out o...

CVE-2006-3747

Off-by-one error in the ldap scheme handling in the Rewrite module modrewrite in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via...

DEBIAN-CVE-2006-3747

Off-by-one error in the ldap scheme handling in the Rewrite module modrewrite in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via...