IBM Support

PK29154: CVE-2006-3747 MOD_REWRITE ERROR

Fixes are available

6.1.0.7: WebSphere Application Server V6.1 Fix Pack 7 for Solaris
6.1.0.7: WebSphere Application Server V6.1 Fix Pack 7 for HP-UX
6.1.0.7: WebSphere Application Server V6.1 Fix Pack 7 for Linux
6.1.0.5: WebSphere Application Server V6.1.0 Fix Pack 5 for Linux
6.1.0.3: WebSphere Application Server V6.1.0 Fix Pack 3 for Linux
6.1.0.7: WebSphere Application Server V6.1 Fix Pack 7 for Windows
6.1.0.3: WebSphere Application Server V6.1.0 Fix Pack 3 for Windows
6.1.0.7 WebSphere Application Server V6.1 Fix Pack 7 for AIX
6.1.0.5: WebSphere Application Server V6.1.0 Fix Pack 5 for AIX
6.1.0.5: WebSphere Application Server V6.1.0 Fix Pack 5 for i5/OS
6.1.0.7: WebSphere Application Server V6.1 Fix Pack 7 for i5/OS
6.1.0.3: WebSphere Application Server V6.1.0 Fix Pack 3 for HP-UX
6.1.0.5: WebSphere Application Server V6.1.0 Fix Pack 5 for HP-UX
6.1.0.3: WebSphere Application Server V6.1.0 Fix Pack 3 for i5/OS
6.1.0.3: WebSphere Application Server V6.1.0 Fix Pack 3 for AIX
6.1.0.5: WebSphere Application Server V6.1.0 Fix Pack 5 for Windows
Java SDK 1.5 SR8 Cumulative Fix for WebSphere Application Server
Java SDK 1.5 SR8 Cumulative Fix for WebSphere Application Server
Java SDK 1.5 SR10 Cumulative Fix for WebSphere Application Server
6.1.0.31: Java SDK 1.5 SR11 FP1 Cumulative Fix for WebSphere Application Server
6.1.0.33: Java SDK 1.5 SR12 FP1 Cumulative Fix for WebSphere
6.1.0.29: Java SDK 1.5 SR11 Cumulative Fix for WebSphere Application Server
6.1.0.35: Java SDK 1.5 SR12 FP2 Cumulative Fix for WebSphere
6.1.0.37: Java SDK 1.5 SR12 FP3 Cumulative Fix for WebSphere
6.1.0.39: Java SDK 1.5 SR12 FP4 Cumulative Fix for WebSphere Application Server
6.1.0.41: Java SDK 1.5 SR12 FP5 Cumulative Fix for WebSphere Application Server
6.1.0.43: Java SDK 1.5 SR13 Cumulative Fix for WebSphere Application Server
6.1.0.45: Java SDK 1.5 SR14 Cumulative Fix for WebSphere Application Server
6.1.0.47: WebSphere Application Server V6.1 Fix Pack 47
6.1.0.47: Java SDK 1.5 SR16 Cumulative Fix for WebSphere Application Server
6.1.0.3: WebSphere Application Server V6.1.0 Fix Pack 3 for Solaris
6.1.0.5: WebSphere Application Server V6.1.0 Fix Pack 5 for Solaris
6.1.0.9: WebSphere Application Server V6.1 Fix Pack 9 for Solaris

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • mod_rewrite has a defect which, on the Windows platform with
IBM HTTP Server 6.x, can result in a web server child process
crash in configurations with mod_rewrite active.  The crash
can be triggered by a client request.
The Apache HTTP Server project has assigned CVE-2006-3747 to
this problem.
For IBM HTTP Server 6.x, CVE-2006-3747 applies only to the
Windows platform.

Local fix

  • 



Problem summary


    

  • mod_rewrite had a loop control defect in ldap scheme handling
which allowed a memory overlay with certain URLs from the
client.  This can only occur if mod_rewrite is activated,
if certain types of rewrite rules are enabled, and a client
sends a malicious request.
On most platforms, the memory overlay does not cause any
ill side-effect.
With IBM HTTP Server 6.x on Windows, the memory overlay can
cause a web server crash.
Because the types of mod_rewrite directives which enable the
vulnerability are common, it is strongly recommended that
customers with IBM HTTP Server 6.x on Windows apply the fix.
It is targeted for fix packs 6.1.0.3 and 6.0.2.15.
See PK29156 and PK29157 for applicability to other releases.

    



Problem conclusion


    

  • The loop control defect in mod_rewrite was corrected, thus
eliminating the possibility of a memory overlay when malicious
requests were processed.

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    PK29154
    • 

  • Reported component name
    IBM HTTP SERVER
    • 

  • Reported component ID
    5724J0801
    • 

  • Reported release
    60W
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2006-08-01
    • 

  • Closed date
    2006-08-14
    • 

  • Last modified date
    2006-10-04
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    IBM HTTP SERVER
    • 

  • Fixed component ID
    5724J0801
    • 



Applicable component levels


    

  • R60W  PSN
       UP
    • 

  • R61W  PSN
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTJ","label":"IBM HTTP Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.0","Line of Business":{"code":"LOB45","label":"Automation"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            07 September 2022
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback