Vulnerability Description
Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Http Server | 2.0.58 |
References
- http://secunia.com/advisories/21490ExploitVendor Advisory
- http://securityreason.com/securityalert/1370
- http://www.osvdb.org/27913
- http://www.securityfocus.com/archive/1/442882/100/0/threaded
- http://www.securityfocus.com/archive/1/443487/100/200/threaded
- http://www.securityfocus.com/bid/19447Exploit
- http://www.vupen.com/english/advisories/2006/3265
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28357
- http://secunia.com/advisories/21490ExploitVendor Advisory
- http://securityreason.com/securityalert/1370
- http://www.osvdb.org/27913
- http://www.securityfocus.com/archive/1/442882/100/0/threaded
- http://www.securityfocus.com/archive/1/443487/100/200/threaded
- http://www.securityfocus.com/bid/19447Exploit
- http://www.vupen.com/english/advisories/2006/3265
FAQ
What is CVE-2006-4110?
CVE-2006-4110 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive S...
How severe is CVE-2006-4110?
CVE-2006-4110 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-4110?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Http Server.