4.3

CVE-2007-6420

Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheHTTP Server Version2.2.0
ApacheHTTP Server Version2.2.2
ApacheHTTP Server Version2.2.3
ApacheHTTP Server Version2.2.4
ApacheHTTP Server Version2.2.5
ApacheHTTP Server Version2.2.6
ApacheHTTP Server Version2.2.8
CanonicalUbuntu Linux Version6.06
CanonicalUbuntu Linux Version7.10
CanonicalUbuntu Linux Version8.04
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 9.11% 0.947
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
Patch
Vendor Advisory
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
Vendor Advisory
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
Patch
Vendor Advisory
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
Patch
Vendor Advisory
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
Mailing List
http://secunia.com/advisories/32222
Not Applicable
http://support.apple.com/kb/HT3216
Third Party Advisory
http://www.securityfocus.com/bid/31681
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2008/2780
Permissions Required
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
Patch
Vendor Advisory
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
Patch
Vendor Advisory
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
Patch
Vendor Advisory
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
Patch
Vendor Advisory
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
Patch
Vendor Advisory
http://secunia.com/advisories/34219
Not Applicable
http://www.ubuntu.com/usn/USN-731-1
Third Party Advisory
https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E
Patch
Vendor Advisory
https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E
Patch
Vendor Advisory
https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E
Patch
Vendor Advisory
http://securityreason.com/securityalert/3523
Third Party Advisory
http://www.securityfocus.com/archive/1/486169/100/0/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/27236
Patch
Third Party Advisory
VDB Entry
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html
Broken Link
http://marc.info/?l=bugtraq&m=123376588623823&w=2
Third Party Advisory
http://secunia.com/advisories/31026
Not Applicable
http://secunia.com/advisories/33797
Not Applicable
http://security.gentoo.org/glsa/glsa-200807-06.xml
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0966.html
Third Party Advisory
http://www.securityfocus.com/archive/1/494858/100/0/threaded
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2009/0320
Permissions Required
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8371
Broken Link