FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-3847

This CVE name corresponds to:

Entered Topic
2007-09-11 apache -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-3847 at cve.mitre.org

Details

Type Candidate
Name CVE-2007-3847
Phase Assigned(20070718)

Description

The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.

References

Source Reference
BUGTRAQ 20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server
MLIST [apache-cvs] 20070801 svn commit: r561616 - in /httpd/httpd/trunk: CHANGES
MLIST [apache-httpd-dev] 20070801 Re: svn commit: r561616 - in /httpd/httpd/trunk: CHANGES modules/proxy/proxy_util.c
MLIST [apache-httpd-dev] 20070801 Re: svn commit: r561616 - in /httpd/httpd/trunk: CHANGES modules/proxy/proxy_util.c
MLIST [security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server
CONFIRM http://httpd.apache.org/security/vulnerabilities_20.html
CONFIRM http://httpd.apache.org/security/vulnerabilities_22.html
CONFIRM https://issues.rpath.com/browse/RPL-1710
CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=186219
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-500.htm
CONFIRM http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951
CONFIRM http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html
CONFIRM http://docs.info.apple.com/article.html?artnum=307562
CONFIRM http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
AIXAPAR PK50469
AIXAPAR PK52702
APPLE APPLE-SA-2008-03-18
APPLE APPLE-SA-2008-05-28
FEDORA FEDORA-2007-2214
FEDORA FEDORA-2007-707
GENTOO GLSA-200711-06
HP HPSBUX02273
HP SSRT071476
MANDRIVA MDKSA-2007:235
REDHAT RHSA-2007:0911
REDHAT RHSA-2007:0746
REDHAT RHSA-2007:0747
REDHAT RHSA-2008:0005
SLACKWARE SSA:2008-045-02
SUSE SUSE-SA:2007:061
UBUNTU USN-575-1
CERT TA08-150A
BID 25489
OVAL oval:org.mitre.oval:def:10525
SECUNIA 28606
VUPEN ADV-2007-3020
VUPEN ADV-2007-3095
VUPEN ADV-2007-3283
VUPEN ADV-2007-3494
VUPEN ADV-2007-3955
VUPEN ADV-2008-0924
VUPEN ADV-2008-1697
SECTRACK 1018633
SECUNIA 26636
SECUNIA 26722
SECUNIA 26790
SECUNIA 26842
SECUNIA 26952
SECUNIA 26993
SECUNIA 27209
SECUNIA 27563
SECUNIA 27593
SECUNIA 27732
SECUNIA 27882
SECUNIA 27971
SECUNIA 28467
SECUNIA 28749
SECUNIA 28606
SECUNIA 28922
SECUNIA 29420
SECUNIA 30430
VUPEN ADV-2008-0233

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.