5

CVE-2007-3847

The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheHTTP Server Version >= 2.0.35 < 2.0.61
ApacheHTTP Server Version >= 2.2.0 < 2.2.6
FedoraprojectFedora Version7
FedoraprojectFedora Core Version6
CanonicalUbuntu Linux Version6.06
CanonicalUbuntu Linux Version6.10
CanonicalUbuntu Linux Version7.04
CanonicalUbuntu Linux Version7.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 12.9% 0.958
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E
http://docs.info.apple.com/article.html?artnum=307562
Broken Link
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
Mailing List
http://www.vupen.com/english/advisories/2008/0924/references
Permissions Required
http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
Mailing List
http://secunia.com/advisories/29420
Not Applicable
http://secunia.com/advisories/30430
Not Applicable
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA08-150A.html
Third Party Advisory
US Government Resource
http://www.vupen.com/english/advisories/2008/1697
Permissions Required
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E
http://secunia.com/advisories/28749
Not Applicable
http://www.ubuntu.com/usn/usn-575-1
Third Party Advisory
http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951
Third Party Advisory
http://bugs.gentoo.org/show_bug.cgi?id=186219
Third Party Advisory
Issue Tracking
http://httpd.apache.org/security/vulnerabilities_22.html
Vendor Advisory
http://secunia.com/advisories/26842
Not Applicable
http://secunia.com/advisories/27563
Not Applicable
http://security.gentoo.org/glsa/glsa-200711-06.xml
Third Party Advisory
http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html
Third Party Advisory
Mailing List
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01182588
Broken Link
http://httpd.apache.org/security/vulnerabilities_20.html
Vendor Advisory
http://lists.vmware.com/pipermail/security-announce/2009/000062.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/26790
Not Applicable
http://secunia.com/advisories/26993
Not Applicable
http://secunia.com/advisories/27209
Not Applicable
http://secunia.com/advisories/27732
Not Applicable
http://secunia.com/advisories/28606
Not Applicable
http://www-1.ibm.com/support/docview.wss?uid=swg1PK52702
Third Party Advisory
http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html
Third Party Advisory
http://www.novell.com/linux/security/advisories/2007_61_apache2.html
Broken Link
http://www.securityfocus.com/archive/1/505990/100/0/threaded
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2007/3283
Permissions Required
http://www.vupen.com/english/advisories/2007/3494
Permissions Required
http://www.vupen.com/english/advisories/2008/0233
Permissions Required
https://issues.rpath.com/browse/RPL-1710
Broken Link
http://marc.info/?l=apache-cvs&m=118592992309395&w=2
Third Party Advisory
Mailing List
Issue Tracking
http://marc.info/?l=apache-httpd-dev&m=118595556504202&w=2
Third Party Advisory
Mailing List
Issue Tracking
http://marc.info/?l=apache-httpd-dev&m=118595953217856&w=2
Third Party Advisory
Mailing List
Issue Tracking
http://secunia.com/advisories/26636
Not Applicable
http://secunia.com/advisories/26722
Not Applicable
http://secunia.com/advisories/26952
Not Applicable
http://secunia.com/advisories/27593
Not Applicable
http://secunia.com/advisories/27882
Not Applicable
http://secunia.com/advisories/27971
Not Applicable
http://secunia.com/advisories/28467
Not Applicable
http://secunia.com/advisories/28922
Not Applicable
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.595748
Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2007-500.htm
Third Party Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg1PK50469
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:235
Broken Link
http://www.redhat.com/support/errata/RHSA-2007-0746.html
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0747.html
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0911.html
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0005.html
Third Party Advisory
http://www.securityfocus.com/bid/25489
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1018633
Third Party Advisory
Broken Link
VDB Entry
http://www.vupen.com/english/advisories/2007/3020
Permissions Required
http://www.vupen.com/english/advisories/2007/3095
Permissions Required
http://www.vupen.com/english/advisories/2007/3955
Permissions Required
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10525
Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00353.html
Third Party Advisory
Mailing List