Published: 23/08/2007 Updated: 13/02/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Subscribe to Http Server

The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache http server
fedoraproject fedora 7
fedoraproject fedora core 6
canonical ubuntu linux 7.04
canonical ubuntu linux 7.10
canonical ubuntu linux 6.10
canonical ubuntu linux 6.06

Debian Bug report logs - #441845 CVE-2007-3847: apache2 denial of service vulnerability (for threaded MPMs) in mod_proxy Package: apache2; Maintainer for apache2 is Debian Apache Maintainers <debian-apache@listsdebianorg>; Source for apache2 is src:apache2 (PTS, buildd, popcon) Reported by: Ramon Garcia Fernandez <ramon ...

It was discovered that Apache did not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a craf ...

CWE-125 http://marc.info/?l=apache-cvs&m=118592992309395&w=2 http://marc.info/?l=apache-httpd-dev&m=118595556504202&w=2 http://marc.info/?l=apache-httpd-dev&m=118595953217856&w=2 http://httpd.apache.org/security/vulnerabilities_20.html http://httpd.apache.org/security/vulnerabilities_22.html https://issues.rpath.com/browse/RPL-1710 http://bugs.gentoo.org/show_bug.cgi?id=186219 http://support.avaya.com/elmodocs2/security/ASA-2007-500.htm http://www-1.ibm.com/support/docview.wss?uid=swg1PK50469 http://www-1.ibm.com/support/docview.wss?uid=swg1PK52702 http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00353.html http://security.gentoo.org/glsa/glsa-200711-06.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:235 http://www.redhat.com/support/errata/RHSA-2007-0911.html http://www.redhat.com/support/errata/RHSA-2007-0746.html http://www.redhat.com/support/errata/RHSA-2007-0747.html http://www.novell.com/linux/security/advisories/2007_61_apache2.html http://www.securityfocus.com/bid/25489 http://www.securitytracker.com/id?1018633 http://secunia.com/advisories/26636 http://secunia.com/advisories/26722 http://secunia.com/advisories/26790 http://secunia.com/advisories/26842 http://secunia.com/advisories/26952 http://secunia.com/advisories/26993 http://secunia.com/advisories/27209 http://secunia.com/advisories/27563 http://secunia.com/advisories/27593 http://secunia.com/advisories/27732 http://secunia.com/advisories/27882 http://secunia.com/advisories/27971 http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951 http://www.redhat.com/support/errata/RHSA-2008-0005.html http://secunia.com/advisories/28467 http://www.ubuntu.com/usn/usn-575-1 http://secunia.com/advisories/28749 http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html http://secunia.com/advisories/28606 http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.595748 http://secunia.com/advisories/28922 http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://secunia.com/advisories/29420 http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://www.us-cert.gov/cas/techalerts/TA08-150A.html http://secunia.com/advisories/30430 http://lists.vmware.com/pipermail/security-announce/2009/000062.html http://www.vupen.com/english/advisories/2008/0233 http://www.vupen.com/english/advisories/2008/1697 http://www.vupen.com/english/advisories/2007/3494 http://www.vupen.com/english/advisories/2007/3020 http://www.vupen.com/english/advisories/2008/0924/references http://www.vupen.com/english/advisories/2007/3955 http://www.vupen.com/english/advisories/2007/3095 http://www.vupen.com/english/advisories/2007/3283 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01182588 http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10525 http://www.securityfocus.com/archive/1/505990/100/0/threaded https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=441845 https://usn.ubuntu.com/575-1/https://nvd.nist.gov

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook