Apache mod_rewrite has an off-by-one buffer overflow vulnerability. A remote attacker could cause a denial of service (application crash) and possibly execute arbitrary code using crafted URLs with certain rewrite rules that are not properly handled.
Apache versions 1.3.28 through 1.3.36
Apache versions 2.0.46 through 2.0.58
Apache versions 2.2.0 through 2.2.2
Upgrade to the latest version, available from Web site: