1. CVE-Search
  2. CVE-2006-0042
ID CVE-2006-0042
Summary Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers to cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
References
Vulnerable Configurations
  • cpe:2.3:a:apache:libapreq2:0.31:*:*:*:*:*:*:*
    cpe:2.3:a:apache:libapreq2:0.31:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:libapreq2:0.31_03:*:*:*:*:*:*:*
    cpe:2.3:a:apache:libapreq2:0.31_03:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:libapreq2:0.33:*:*:*:*:*:*:*
    cpe:2.3:a:apache:libapreq2:0.33:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:libapreq2:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:libapreq2:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:libapreq2:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:libapreq2:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:libapreq2:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:libapreq2:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:libapreq2:1.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:libapreq2:1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:libapreq2:1.33:*:*:*:*:*:*:*
    cpe:2.3:a:apache:libapreq2:1.33:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:libapreq2:1.34:*:*:*:*:*:*:*
    cpe:2.3:a:apache:libapreq2:1.34:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:libapreq2:2.01_03:dev:*:*:*:*:*:*
    cpe:2.3:a:apache:libapreq2:2.01_03:dev:*:*:*:*:*:*
  • cpe:2.3:a:apache:libapreq2:2.02_02:dev:*:*:*:*:*:*
    cpe:2.3:a:apache:libapreq2:2.02_02:dev:*:*:*:*:*:*
  • cpe:2.3:a:apache:libapreq2:2.03_04:dev:*:*:*:*:*:*
    cpe:2.3:a:apache:libapreq2:2.03_04:dev:*:*:*:*:*:*
  • cpe:2.3:a:apache:libapreq2:2.04_03:dev:*:*:*:*:*:*
    cpe:2.3:a:apache:libapreq2:2.04_03:dev:*:*:*:*:*:*
  • cpe:2.3:a:apache:libapreq2:2.05:dev:*:*:*:*:*:*
    cpe:2.3:a:apache:libapreq2:2.05:dev:*:*:*:*:*:*
  • cpe:2.3:a:apache:libapreq2:2.06:dev:*:*:*:*:*:*
    cpe:2.3:a:apache:libapreq2:2.06:dev:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 29-11-2018 - 15:45)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
bid 16710
confirm http://svn.apache.org/viewcvs.cgi/httpd/apreq/tags/v2_07/CHANGES?rev=376998&view=markup
debian DSA-1000
gentoo GLSA-200604-08
secunia
  • 18846
  • 19139
  • 19658
sreason 737
vupen ADV-2006-0645
xf libapreq2-parsing-dos(24917)
Last major update 29-11-2018 - 15:45
Published 18-02-2006 - 21:02
Last modified 29-11-2018 - 15:45
Back to Top