Published: 20/06/2007 Updated: 07/11/2023

CVSS v2 Base Score: 4.7 | Impact Score: 6.9 | Exploitability Score: 3.4

VMScore: 418

Vector: AV:L/AC:M/Au:N/C:N/I:N/A:C

Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache http server
fedoraproject fedora 7
redhat enterprise linux server 5.0
redhat enterprise linux workstation 5.0
redhat enterprise linux desktop 5.0
canonical ubuntu linux 7.04
canonical ubuntu linux 6.10
canonical ubuntu linux 6.06

Stefan Esser discovered that mod_status did not force a character set, which could result in browsers becoming vulnerable to XSS attacks when processing the output If a user were tricked into viewing server status output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such ...

NVD-CWE-noinfo http://security.psnc.pl/files/apache_report.pdf http://marc.info/?l=apache-httpd-dev&m=118252946632447&w=2 http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245111 http://svn.apache.org/viewvc?view=rev&revision=547987 http://httpd.apache.org/security/vulnerabilities_13.html http://httpd.apache.org/security/vulnerabilities_20.html http://httpd.apache.org/security/vulnerabilities_22.html http://support.avaya.com/elmodocs2/security/ASA-2007-353.htm http://support.avaya.com/elmodocs2/security/ASA-2007-363.htm https://issues.rpath.com/browse/RPL-1710 http://bugs.gentoo.org/show_bug.cgi?id=186219 http://www-1.ibm.com/support/search.wss?rs=0&q=PK50467&apar=only http://www-1.ibm.com/support/docview.wss?uid=swg1PK52702 http://www-1.ibm.com/support/docview.wss?uid=swg1PK53984 http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html http://security.gentoo.org/glsa/glsa-200711-06.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:140 http://www.mandriva.com/security/advisories?name=MDKSA-2007:142 http://www.redhat.com/errata/RHSA-2007-0532.html http://rhn.redhat.com/errata/RHSA-2007-0556.html http://www.redhat.com/support/errata/RHSA-2007-0557.html http://www.redhat.com/support/errata/RHSA-2007-0662.html ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc http://www.novell.com/linux/security/advisories/2007_61_apache2.html http://www.trustix.org/errata/2007/0026/http://www.ubuntu.com/usn/usn-499-1 http://www.securityfocus.com/bid/24215 http://www.securitytracker.com/id?1018304 http://secunia.com/advisories/25827 http://secunia.com/advisories/25830 http://secunia.com/advisories/25920 http://secunia.com/advisories/26211 http://secunia.com/advisories/26273 http://secunia.com/advisories/26443 http://secunia.com/advisories/26508 http://secunia.com/advisories/26611 http://secunia.com/advisories/26759 http://secunia.com/advisories/26790 http://secunia.com/advisories/26822 http://secunia.com/advisories/26842 http://secunia.com/advisories/26993 http://secunia.com/advisories/27121 http://secunia.com/advisories/27209 http://secunia.com/advisories/27563 http://secunia.com/advisories/27732 http://securityreason.com/securityalert/2814 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103179-1 http://secunia.com/advisories/28212 http://secunia.com/advisories/28224 http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html http://secunia.com/advisories/28606 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200032-1 http://www.redhat.com/support/errata/RHSA-2008-0261.html http://lists.vmware.com/pipermail/security-announce/2009/000062.html http://www.vupen.com/english/advisories/2008/0233 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01182588 http://www.vupen.com/english/advisories/2007/3494 http://www.vupen.com/english/advisories/2007/3100 http://www.vupen.com/english/advisories/2007/3420 http://www.vupen.com/english/advisories/2007/4305 http://www.vupen.com/english/advisories/2007/3283 http://www.vupen.com/english/advisories/2007/2727 http://osvdb.org/38939 https://exchange.xforce.ibmcloud.com/vulnerabilities/35095 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11589 http://www.securityfocus.com/archive/1/505990/100/0/threaded http://www.securityfocus.com/archive/1/471832/100/0/threaded http://www.securityfocus.com/archive/1/469899/100/0/threaded http://mail-archives.apache.org/mod_mbox/httpd-dev/200706.mbox/%3c20070629141032.GA15192%40redhat.com%3e https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E https://usn.ubuntu.com/499-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2007-3304

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect