CVE-2007-6422

Severity

40%

Complexity

80%

Confidentiality

48%

The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.

The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.

CVSS 2.0 Base Score 4. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P).

Overview

First reported 17 years ago

2008-01-08 18:46:00

Last updated 6 years ago

2018-10-30 16:25:00

Affected Software

Apache Software Foundation Apache HTTP Server

Apache Software Foundation Apache HTTP Server 2.2

2.2

Apache Software Foundation Apache HTTP Server 2.2.1

2.2.1

Apache Software Foundation Apache HTTP Server 2.2.2

2.2.2

Apache Software Foundation Apache HTTP Server 2.2.3

2.2.3

Apache Software Foundation Apache HTTP Server 2.2.4

2.2.4

Apache Software Foundation Apache HTTP Server 2.2.6

2.2.6

References

http://httpd.apache.org/security/vulnerabilities_22.html

SUSE-SA:2008:021

28526

Vendor Advisory

28749

Vendor Advisory

28977

Vendor Advisory

29348

Vendor Advisory

29640

Vendor Advisory

GLSA-200803-19

3523

MDVSA-2008:016

RHSA-2008:0008

RHSA-2008:0009

20080110 SecurityReason - Apache2 CSRF, XSS, Memory Corruption and Denial of Service Vulnerability

27236

USN-575-1

ADV-2008-0048

Vendor Advisory

apache-modproxybalancer-dos(39476)

[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

oval:org.mitre.oval:def:10181

oval:org.mitre.oval:def:8690

FEDORA-2008-1711

FEDORA-2008-1695

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.