CVE-2011-3607
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2011-3607
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Apache HTTP Server ‘ap_pregsub()’函数本地权限提升漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Apache HTTP Server是美国阿帕奇(Apache)软件基金会的一款开源网页服务器。该服务器具有快速、可靠且可通过简单的API进行扩充的特点。 Apache HTTP Server在"ap_pregsub()"函数的实现上存在本地权限提升漏洞。本地攻击者可利用此漏洞以提升的权限执行任意代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2011-3607
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2011-3607
Please Login to view more intelligence information
- http://support.apple.com/kb/HT5501x_refsource_CONFIRM
- https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/811422x_refsource_CONFIRM
- http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.htmlx_refsource_CONFIRM
- https://bugzilla.redhat.com/show_bug.cgi?id=750935x_refsource_CONFIRM
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlx_refsource_CONFIRM
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041vendor-advisoryx_refsource_HP
- http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.htmlvendor-advisoryx_refsource_APPLE
- http://archives.neohapsis.com/archives/fulldisclosure/2011-11/0023.htmlmailing-listx_refsource_FULLDISC
- https://nvd.nist.gov/vuln/detail/CVE-2011-3607
Same Patch Batch · n/a · 2011-11-08 · 11 CVEs total
| CVE-2011-2446 | Adobe Shockwave Player ‘DIRapi’库任意代码执行漏洞 | |
| CVE-2011-2447 | Adobe Shockwave Player 任意代码执行漏洞 | |
| CVE-2011-2448 | Adobe Shockwave Player ‘DIRapi’库任意代码执行漏洞 | |
| CVE-2011-2449 | Adobe Shockwave Player ‘TextXtra’ 模块任意代码执行漏洞 | |
| CVE-2011-4000 | ChaSen 缓冲区溢出漏洞 | |
| CVE-2011-2004 | Microsoft Windows 内核拒绝服务漏洞 | |
| CVE-2011-2013 | Windows TCP/IP 远程执行代码漏洞 | |
| CVE-2011-2014 | Microsoft Windows 特权提升漏洞 | |
| CVE-2011-2016 | Microsoft Windows 远程执行代码漏洞 | |
| CVE-2011-4415 | Apache HTTP Server ‘server/util.c’ 输入验证漏洞 |
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-6667
PgBouncer missing authorization check in KILL_CLIENT admin c - CVE-2026-6666
PgBouncer crash in kill_pool_logins_server_error - CVE-2026-6665
PgBouncer buffer overflow in SCRAM - CVE-2026-6664
PgBouncer integer overflow in PgBouncer network packet parsi - CVE-2026-8127
eladmin Users API Endpoint UserController.java checkLevel ac
V. Comments for CVE-2011-3607
No comments yet