CVE-2007-1863

Severity

50%

Complexity

99%

Confidentiality

48%

cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.

cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

Type

Apple Mac OS X Server

First reported 17 years ago

2007-06-27 17:30:00

Last updated 6 years ago

2018-10-16 16:40:00

Affected Software

Apple Mac OS X Server 10.0

10.0

Apple Mac OS X Server 10.1

10.1

Apple Mac OS X Server 10.1.1

10.1.1

Apple Mac OS X Server 10.1.2

10.1.2

Apple Mac OS X Server 10.1.3

10.1.3

Apple Mac OS X Server 10.1.4

10.1.4

Apple Mac OS X Server 10.1.5

10.1.5

Apple Mac OS X Server 10.2

10.2

Apple Mac OS X Server 10.2.1

10.2.1

Apple Mac OS X Server 10.2.2

10.2.2

Apple Mac OS X Server 10.2.3

10.2.3

Apple Mac OS X Server 10.2.4

10.2.4

Apple Mac OS X Server 10.2.5

10.2.5

Apple Mac OS X Server 10.2.6

10.2.6

Apple Mac OS X Server 10.2.7

10.2.7

Apple Mac OS X Server 10.2.8

10.2.8

Apple Mac OS X Server 10.3

10.3

Apple Mac OS X Server 10.3.1

10.3.1

Apple Mac OS X Server 10.3.2

10.3.2

Apple Mac OS X Server 10.3.3

10.3.3

Apple Mac OS X Server 10.3.4

10.3.4

Apple Mac OS X Server 10.3.5

10.3.5

Apple Mac OS X Server 10.3.6

10.3.6

Apple Mac OS X Server 10.3.7

10.3.7

Apple Mac OS X Server 10.3.8

10.3.8

Apple Mac OS X Server 10.3.9

10.3.9

Apple Mac OS X Server 10.4

10.4

Apple Mac OS X Server 10.4.1

10.4.1

Apple Mac OS X Server 10.4.2

10.4.2

Apple Mac OS X Server 10.4.3

10.4.3

Apple Mac OS X Server 10.4.4

10.4.4

Apple Mac OS X Server 10.4.5

10.4.5

Apple Mac OS X Server 10.4.6

10.4.6

Apple Mac OS X Server 10.4.7

10.4.7

Apple Mac OS X Server 10.4.8

10.4.8

Apple Mac OS X Server 10.4.9

10.4.9

References

http://bugs.gentoo.org/show_bug.cgi?id=186219

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=244658

SSRT071447

http://httpd.apache.org/security/vulnerabilities_20.html

http://httpd.apache.org/security/vulnerabilities_22.html

APPLE-SA-2008-05-28

[security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server

37079

RHSA-2007:0534

RHSA-2007:0556

25830

25873

25920

26273

26443

26508

26822

26842

26993

27037

27563

27732

28606

30430

GLSA-200711-06

http://support.avaya.com/elmodocs2/security/ASA-2007-353.htm

http://svn.apache.org/viewvc?view=rev&revision=535617

http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html

MDKSA-2007:140

MDKSA-2007:141

SUSE-SA:2007:061

FEDORA-2007-2214

RHSA-2007:0557

20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server

24649

1018303

2007-0026

USN-499-1

TA08-150A

US Government Resource

ADV-2007-2727

ADV-2007-3283

ADV-2007-3386

ADV-2008-0233

ADV-2008-1697

PK49355

PK52702

https://issues.rpath.com/browse/RPL-1500

[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

oval:org.mitre.oval:def:9824

RHSA-2007:0533

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.