CVE-2007-3304

Severity

47%

Complexity

34%

Confidentiality

115%

Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."

Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."

CVSS 2.0 Base Score 4.7. CVSS Attack Vector: local. CVSS Attack Complexity: medium. CVSS Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:C).

Overview

Type

Apache Software Foundation

First reported 17 years ago

2007-06-20 22:30:00

Last updated 6 years ago

2018-10-16 16:48:00

Affected Software

Apache Software Foundation Apache HTTP Server 1.3.37

1.3.37

Apache Software Foundation HTTP Server 2.0.59

2.0.59

Apache Software Foundation Apache HTTP Server 2.2.4

2.2.4

References

20070701-01-P

http://bugs.gentoo.org/show_bug.cgi?id=186219

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245111

HPSBUX02273

http://httpd.apache.org/security/vulnerabilities_13.html

http://httpd.apache.org/security/vulnerabilities_20.html

http://httpd.apache.org/security/vulnerabilities_22.html

[security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server

[apache-httpd-dev] 20070629 Re: [PATCH] pid safety checks for 2.2.x

[apache-httpd-dev] 20070622 Re: PID table changes (was Re: svn commit: r547987 - in /httpd/httpd/trunk)

38939

RHSA-2007:0556

25827

Vendor Advisory

25830

Vendor Advisory

25920

Vendor Advisory

26211

Vendor Advisory

26273

Vendor Advisory

26443

Vendor Advisory

26508

Vendor Advisory

26611

Vendor Advisory

26759

Vendor Advisory

26790

Vendor Advisory

26822

Vendor Advisory

26842

Vendor Advisory

26993

Vendor Advisory

27121

27209

27563

27732

28212

28224

28606

GLSA-200711-06

http://security.psnc.pl/files/apache_report.pdf

2814

103179

200032

http://support.avaya.com/elmodocs2/security/ASA-2007-353.htm

http://support.avaya.com/elmodocs2/security/ASA-2007-363.htm

http://svn.apache.org/viewvc?view=rev&revision=547987

http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html

MDKSA-2007:140

MDKSA-2007:142

SUSE-SA:2007:061

FEDORA-2007-2214

RHSA-2007:0532

RHSA-2007:0557

RHSA-2007:0662

RHSA-2008:0261

20070529 Apache httpd vulenrabilities

20070619 Apache Prefork MPM vulnerabilities - Report

20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server

24215

1018304

2007-0026

USN-499-1

ADV-2007-2727

ADV-2007-3100

ADV-2007-3283

ADV-2007-3420

ADV-2007-3494

ADV-2007-4305

ADV-2008-0233

PK52702

PK53984

PK50467

apache-child-process-dos(35095)

https://issues.rpath.com/browse/RPL-1710

[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

oval:org.mitre.oval:def:11589

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.