CVE-2007-3847

Severity

50%

Complexity

99%

Confidentiality

48%

The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.

The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

First reported 17 years ago

2007-08-23 22:17:00

Last updated 6 years ago

2018-10-15 21:31:00

Affected Software

Apache Software Foundation Apache HTTP Server 2.3.0

2.3.0

References

http://bugs.gentoo.org/show_bug.cgi?id=186219

http://docs.info.apple.com/article.html?artnum=307562

HPSBUX02273

http://httpd.apache.org/security/vulnerabilities_20.html

http://httpd.apache.org/security/vulnerabilities_22.html

APPLE-SA-2008-05-28

APPLE-SA-2008-03-18

[security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server

[apache-cvs] 20070801 svn commit: r561616 - in /httpd/httpd/trunk: CHANGES

[apache-httpd-dev] 20070801 Re: svn commit: r561616 - in /httpd/httpd/trunk: CHANGES modules/proxy/proxy_util.c

[apache-httpd-dev] 20070801 Re: svn commit: r561616 - in /httpd/httpd/trunk: CHANGES modules/proxy/proxy_util.c

26636

26722

26790

26842

26952

26993

27209

27563

27593

27732

27882

27971

28467

28606

28749

28922

29420

30430

GLSA-200711-06

SSA:2008-045-02

http://support.avaya.com/elmodocs2/security/ASA-2007-500.htm

http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html

MDKSA-2007:235

SUSE-SA:2007:061

http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html

FEDORA-2007-2214

RHSA-2007:0746

RHSA-2007:0747

RHSA-2007:0911

RHSA-2008:0005

20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server

25489

1018633

USN-575-1

TA08-150A

US Government Resource

ADV-2007-3020

ADV-2007-3095

ADV-2007-3283

ADV-2007-3494

ADV-2007-3955

ADV-2008-0233

ADV-2008-0924

ADV-2008-1697

http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951

PK50469

PK52702

https://issues.rpath.com/browse/RPL-1710

[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

oval:org.mitre.oval:def:10525

FEDORA-2007-707

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.