Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6422

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2007-6422
Last Modified 12 Apr 2011 12:00:00
Published 08 Jan 2008 01:46:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2007-6422

Summary

The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.

Vulnerable Systems

Application

  • Apache Http Server 2.2

  • Apache Http Server 2.2.1

  • Apache Http Server 2.2.2

  • Apache Http Server 2.2.3

  • Apache Http Server 2.2.4

  • Apache Http Server 2.2.5

  • Apache Http Server 2.2.6


References

FEDORA - FEDORA-2008-1695

FEDORA - FEDORA-2008-1711

XF - apache-modproxybalancer-dos(39476)

VUPEN - ADV-2008-0048

UBUNTU - USN-575-1

BID - 27236

BUGTRAQ - 20080110 SecurityReason - Apache2 CSRF, XSS, Memory Corruption and Denial of Service Vulnerability

REDHAT - RHSA-2008:0009

REDHAT - RHSA-2008:0008

MANDRIVA - MDVSA-2008:016

SREASON - 3523

GENTOO - GLSA-200803-19

SECUNIA - 29640

SECUNIA - 29348

SECUNIA - 28977

SECUNIA - 28749

SECUNIA - 28526

SUSE - SUSE-SA:2008:021

CONFIRM - http://httpd.apache.org/security/vulnerabilities_22.html


Last Updated: 27 May 2016 10:46:30