CVE-2011-3607
EPSS 0.59%
Description
Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
How to fix CVE-2011-3607
To remediate CVE-2011-3607, upgrade the affected package to a fixed version below.
- Debian/apache2—upgrade to 2.2.21-4 or later
Is CVE-2011-3607 being exploited?
Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.2.21-4