FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-1863

This CVE name corresponds to:

Entered Topic
2007-09-11 apache -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-1863 at cve.mitre.org

Details

Type Candidate
Name CVE-2007-1863
Phase Assigned(20070404)

Description

cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.

References

Source Reference
BUGTRAQ 20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server
MLIST [security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server
MISC http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=244658
CONFIRM http://svn.apache.org/viewvc?view=rev&revision=535617
CONFIRM https://issues.rpath.com/browse/RPL-1500
CONFIRM http://httpd.apache.org/security/vulnerabilities_20.html
CONFIRM http://httpd.apache.org/security/vulnerabilities_22.html
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-353.htm
CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=186219
CONFIRM http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html
AIXAPAR PK49355
AIXAPAR PK52702
APPLE APPLE-SA-2008-05-28
FEDORA FEDORA-2007-2214
GENTOO GLSA-200711-06
HP HPSBUX02262
HP SSRT071447
MANDRIVA MDKSA-2007:140
MANDRIVA MDKSA-2007:141
REDHAT RHSA-2007:0534
REDHAT RHSA-2007:0556
REDHAT RHSA-2007:0533
REDHAT RHSA-2007:0557
SUSE SUSE-SA:2007:061
TRUSTIX 2007-0026
UBUNTU USN-499-1
CERT TA08-150A
BID 24649
OSVDB 37079
OVAL oval:org.mitre.oval:def:9824
SECUNIA 28606
VUPEN ADV-2007-2727
VUPEN ADV-2007-3283
VUPEN ADV-2007-3386
VUPEN ADV-2008-1697
SECTRACK 1018303
SECUNIA 25830
SECUNIA 25873
SECUNIA 25920
SECUNIA 26273
SECUNIA 26443
SECUNIA 26508
SECUNIA 26822
SECUNIA 26842
SECUNIA 26993
SECUNIA 27037
SECUNIA 27563
SECUNIA 27732
SECUNIA 28606
SECUNIA 30430
VUPEN ADV-2008-0233

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.