ID CVE-2007-1863
Summary cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
References
Vulnerable Configurations
  • Apple Mac OS X Server 10.0
    cpe:2.3:o:apple:mac_os_x_server:10.0
  • Apple Mac OS X Server 10.1
    cpe:2.3:o:apple:mac_os_x_server:10.1
  • Apple Mac OS X Server 10.1.1
    cpe:2.3:o:apple:mac_os_x_server:10.1.1
  • Apple Mac OS X Server 10.1.2
    cpe:2.3:o:apple:mac_os_x_server:10.1.2
  • Apple Mac OS X Server 10.1.3
    cpe:2.3:o:apple:mac_os_x_server:10.1.3
  • Apple Mac OS X Server 10.1.4
    cpe:2.3:o:apple:mac_os_x_server:10.1.4
  • Apple Mac OS X Server 10.1.5
    cpe:2.3:o:apple:mac_os_x_server:10.1.5
  • Apple Mac OS X Server 10.2
    cpe:2.3:o:apple:mac_os_x_server:10.2
  • Apple Mac OS X Server 10.2.1
    cpe:2.3:o:apple:mac_os_x_server:10.2.1
  • Apple Mac OS X Server 10.2.2
    cpe:2.3:o:apple:mac_os_x_server:10.2.2
  • Apple Mac OS X Server 10.2.3
    cpe:2.3:o:apple:mac_os_x_server:10.2.3
  • Apple Mac OS X Server 10.2.4
    cpe:2.3:o:apple:mac_os_x_server:10.2.4
  • Apple Mac OS X Server 10.2.5
    cpe:2.3:o:apple:mac_os_x_server:10.2.5
  • Apple Mac OS X Server 10.2.6
    cpe:2.3:o:apple:mac_os_x_server:10.2.6
  • Apple Mac OS X Server 10.2.7
    cpe:2.3:o:apple:mac_os_x_server:10.2.7
  • Apple Mac OS X Server 10.2.8
    cpe:2.3:o:apple:mac_os_x_server:10.2.8
  • Apple Mac OS X Server 10.3
    cpe:2.3:o:apple:mac_os_x_server:10.3
  • Apple Mac OS X Server 10.3.1
    cpe:2.3:o:apple:mac_os_x_server:10.3.1
  • Apple Mac OS X Server 10.3.2
    cpe:2.3:o:apple:mac_os_x_server:10.3.2
  • Apple Mac OS X Server 10.3.3
    cpe:2.3:o:apple:mac_os_x_server:10.3.3
  • Apple Mac OS X Server 10.3.4
    cpe:2.3:o:apple:mac_os_x_server:10.3.4
  • Apple Mac OS X Server 10.3.5
    cpe:2.3:o:apple:mac_os_x_server:10.3.5
  • Apple Mac OS X Server 10.3.6
    cpe:2.3:o:apple:mac_os_x_server:10.3.6
  • Apple Mac OS X Server 10.3.7
    cpe:2.3:o:apple:mac_os_x_server:10.3.7
  • Apple Mac OS X Server 10.3.8
    cpe:2.3:o:apple:mac_os_x_server:10.3.8
  • Apple Mac OS X Server 10.3.9
    cpe:2.3:o:apple:mac_os_x_server:10.3.9
  • Apple Mac OS X Server 10.4
    cpe:2.3:o:apple:mac_os_x_server:10.4
  • Apple Mac OS X Server 10.4.1
    cpe:2.3:o:apple:mac_os_x_server:10.4.1
  • Apple Mac OS X Server 10.4.2
    cpe:2.3:o:apple:mac_os_x_server:10.4.2
  • Apple Mac OS X Server 10.4.3
    cpe:2.3:o:apple:mac_os_x_server:10.4.3
  • Apple Mac OS X Server 10.4.4
    cpe:2.3:o:apple:mac_os_x_server:10.4.4
  • Apple Mac OS X Server 10.4.5
    cpe:2.3:o:apple:mac_os_x_server:10.4.5
  • Apple Mac OS X Server 10.4.6
    cpe:2.3:o:apple:mac_os_x_server:10.4.6
  • Apple Mac OS X Server 10.4.7
    cpe:2.3:o:apple:mac_os_x_server:10.4.7
  • Apple Mac OS X Server 10.4.8
    cpe:2.3:o:apple:mac_os_x_server:10.4.8
  • Apple Mac OS X Server 10.4.9
    cpe:2.3:o:apple:mac_os_x_server:10.4.9
CVSS
Base: 5.0 (as of 29-06-2007 - 16:01)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_5_3.NASL
    description The remote host is running a version of Mac OS X 10.5.x that is prior to 10.5.3. Mac OS X 10.5.3 contains security fixes for a number of programs.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 32477
    published 2008-05-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32477
    title Mac OS X 10.5.x < 10.5.3 Multiple Vulnerabilities
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2008-003.NASL
    description The remote host is running a version of Mac OS X 10.4 that does not have the security update 2008-003 applied. This update contains security fixes for a number of programs.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 32478
    published 2008-05-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32478
    title Mac OS X Multiple Vulnerabilities (Security Update 2008-003)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20070627_HTTPD_ON_SL3.NASL
    description A flaw was found in the Apache HTTP Server mod_status module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. On Red Hat Enterprise Linux the server-status page is not enabled by default and it is best practice to not make this publicly available. (CVE-2006-5752) A flaw was found in the Apache HTTP Server mod_cache module. On sites where caching is enabled, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-1863)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60221
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60221
    title Scientific Linux Security Update : httpd on SL3.x i386/x86_64
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0534.NASL
    description From Red Hat Security Advisory 2007:0534 : Updated Apache httpd packages that correct two security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the Apache HTTP Server mod_status module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. On Red Hat Enterprise Linux the server-status page is not enabled by default and it is best practice to not make this publicly available. (CVE-2006-5752) A bug was found in the Apache HTTP Server mod_cache module. On sites where caching is enabled, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-1863) Users of httpd should upgrade to these updated packages, which contain backported patches to correct these issues. Users should restart Apache after installing this update.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67531
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67531
    title Oracle Linux 4 : httpd (ELSA-2007-0534)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200711-06.NASL
    description The remote host is affected by the vulnerability described in GLSA-200711-06 (Apache: Multiple vulnerabilities) Multiple cross-site scripting vulnerabilities have been discovered in mod_status and mod_autoindex (CVE-2006-5752, CVE-2007-4465). An error has been discovered in the recall_headers() function in mod_mem_cache (CVE-2007-1862). The mod_cache module does not properly sanitize requests before processing them (CVE-2007-1863). The Prefork module does not properly check PID values before sending signals (CVE-2007-3304). The mod_proxy module does not correctly check headers before processing them (CVE-2007-3847). Impact : A remote attacker could exploit one of these vulnerabilities to inject arbitrary script or HTML content, obtain sensitive information or cause a Denial of Service. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 27823
    published 2007-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27823
    title GLSA-200711-06 : Apache: Multiple vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-2214.NASL
    description This update includes the latest stable release of the Apache HTTP Server. A flaw was found in the Apache HTTP Server mod_proxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is configured, an attacker could cause a similar crash if a user could be persuaded to visit a malicious site using the proxy. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-3847) A flaw was found in the mod_autoindex module. On sites where directory listings are used, and the AddDefaultCharset directive has been removed from the configuration, a cross-site-scripting attack may be possible against browsers which do not correctly derive the response character set following the rules in RFC 2616. (CVE-2007-4465) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 27758
    published 2007-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27758
    title Fedora 7 : httpd-2.2.6-1.fc7 (2007-2214)
  • NASL family Web Servers
    NASL id APACHE_2_2_6.NASL
    description According to its banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.6. It is, therefore, affected by the following vulnerabilities : - A denial of service vulnerability in mod_proxy. - A cross-site scripting vulnerability in mod_status. - A local denial of service vulnerability associated with the Prefork MPM module. - An information leak in mod_cache. - A denial of service vulnerability in mod_cache. In addition, it offers a workaround for a cross-site scripting issue in mod_autoindex. Note that the remote web server may not actually be affected by these vulnerabilities. Nessus did not try to determine whether any of the affected modules are in use on the remote server or to check for the issues themselves.
    last seen 2019-02-21
    modified 2018-06-29
    plugin id 26023
    published 2007-09-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26023
    title Apache 2.2.x < 2.2.6 Multiple Vulnerabilities (DoS, XSS, Info Disc)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-499-1.NASL
    description Stefan Esser discovered that mod_status did not force a character set, which could result in browsers becoming vulnerable to XSS attacks when processing the output. If a user were tricked into viewing server status output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. By default, mod_status is disabled in Ubuntu. (CVE-2006-5752) Niklas Edmundsson discovered that the mod_cache module could be made to crash using a specially crafted request. A remote user could use this to cause a denial of service if Apache was configured to use a threaded worker. By default, mod_cache is disabled in Ubuntu. (CVE-2007-1863) A flaw was discovered in the signal handling of Apache. A local attacker could trick Apache into sending SIGUSR1 to other processes. The vulnerable code was only present in Ubuntu Feisty. (CVE-2007-3304). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 28102
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28102
    title Ubuntu 6.06 LTS / 6.10 / 7.04 : apache2 vulnerabilities (USN-499-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0533.NASL
    description From Red Hat Security Advisory 2007:0533 : Updated Apache httpd packages that correct two security issues and two bugs are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the Apache HTTP Server mod_status module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. On Red Hat Enterprise Linux the server-status page is not enabled by default and it is best practice to not make this publicly available. (CVE-2006-5752) A flaw was found in the Apache HTTP Server mod_cache module. On sites where caching is enabled, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-1863) In addition, two bugs were fixed : * when the ProxyErrorOverride directive was enabled, responses with 3xx status-codes would be overriden at the proxy. This has been changed so that only 4xx and 5xx responses are overriden. * the 'ProxyTimeout' directive was not inherited across virtual host definitions. Users of httpd should upgrade to these updated packages, which contain backported patches to correct these issues. Users should restart Apache after installing this update.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67530
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67530
    title Oracle Linux 3 : httpd (ELSA-2007-0533)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0556.NASL
    description Updated Apache httpd packages that correct three security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. The Apache HTTP Server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the Apache HTTP Server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of service (CVE-2007-3304). This issue is not exploitable on Red Hat Enterprise Linux 5 if using the default SELinux targeted policy. A flaw was found in the Apache HTTP Server mod_status module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. On Red Hat Enterprise Linux the server-status page is not enabled by default and it is best practice to not make this publicly available. (CVE-2006-5752) A bug was found in the Apache HTTP Server mod_cache module. On sites where caching is enabled, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-1863) Users of httpd should upgrade to these updated packages, which contain backported patches to correct these issues. Users should restart Apache after installing this update.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 25610
    published 2007-06-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25610
    title RHEL 5 : httpd (RHSA-2007:0556)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0533.NASL
    description Updated Apache httpd packages that correct two security issues and two bugs are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the Apache HTTP Server mod_status module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. On Red Hat Enterprise Linux the server-status page is not enabled by default and it is best practice to not make this publicly available. (CVE-2006-5752) A flaw was found in the Apache HTTP Server mod_cache module. On sites where caching is enabled, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-1863) In addition, two bugs were fixed : * when the ProxyErrorOverride directive was enabled, responses with 3xx status-codes would be overriden at the proxy. This has been changed so that only 4xx and 5xx responses are overriden. * the 'ProxyTimeout' directive was not inherited across virtual host definitions. Users of httpd should upgrade to these updated packages, which contain backported patches to correct these issues. Users should restart Apache after installing this update.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 25622
    published 2007-06-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25622
    title RHEL 3 : httpd (RHSA-2007:0533)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0534.NASL
    description Updated Apache httpd packages that correct two security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the Apache HTTP Server mod_status module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. On Red Hat Enterprise Linux the server-status page is not enabled by default and it is best practice to not make this publicly available. (CVE-2006-5752) A bug was found in the Apache HTTP Server mod_cache module. On sites where caching is enabled, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-1863) Users of httpd should upgrade to these updated packages, which contain backported patches to correct these issues. Users should restart Apache after installing this update.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 25609
    published 2007-06-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25609
    title RHEL 4 : httpd (RHSA-2007:0534)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20070626_HTTPD_ON_SL5_X.NASL
    description The Apache HTTP Server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the Apache HTTP Server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of service (CVE-2007-3304). This issue is not exploitable on Scientific Linux 5 if using the default SELinux targeted policy. A flaw was found in the Apache HTTP Server mod_status module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. On Scientific Linux the server-status page is not enabled by default and it is best practice to not make this publicly available. (CVE-2006-5752) A bug was found in the Apache HTTP Server mod_cache module. On sites where caching is enabled, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-1863)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60217
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60217
    title Scientific Linux Security Update : httpd on SL5.x, SL4.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_APACHE2-4669.NASL
    description Several bugs were fixed in the Apache2 webserver : These include the following security issues : - mod_status: Fix a possible XSS attack against a site with a public server-status page and ExtendedStatus enabled, for browsers which perform charset 'detection'. (CVE-2006-5752) - mod_cache: Prevent a segmentation fault if attributes are listed in a Cache-Control header without any value. (CVE-2007-1863) - prefork, worker, event MPMs: Ensure that the parent process cannot be forced to kill processes outside its process group. (CVE-2007-3304) - mod_proxy: Prevent reading past the end of a buffer when parsing date-related headers. PR 41144. (CVE-2007-3847) - mod_autoindex: Add in ContentType and Charset options to IndexOptions directive. This allows the admin to explicitly set the content-type and charset of the generated page. (CVE-2007-4465) and the following non-security issues : - get_module_list: replace loadmodule.conf atomically - Use File::Temp to create good tmpdir in logresolve.pl2 (httpd-2.x.x-logresolve.patchs)
    last seen 2019-02-21
    modified 2013-07-20
    plugin id 29373
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29373
    title SuSE 10 Security Update : apache2 (ZYPP Patch Number 4669)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0533.NASL
    description Updated Apache httpd packages that correct two security issues and two bugs are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the Apache HTTP Server mod_status module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. On Red Hat Enterprise Linux the server-status page is not enabled by default and it is best practice to not make this publicly available. (CVE-2006-5752) A flaw was found in the Apache HTTP Server mod_cache module. On sites where caching is enabled, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-1863) In addition, two bugs were fixed : * when the ProxyErrorOverride directive was enabled, responses with 3xx status-codes would be overriden at the proxy. This has been changed so that only 4xx and 5xx responses are overriden. * the 'ProxyTimeout' directive was not inherited across virtual host definitions. Users of httpd should upgrade to these updated packages, which contain backported patches to correct these issues. Users should restart Apache after installing this update.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 25613
    published 2007-06-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25613
    title CentOS 3 : httpd (CESA-2007:0533)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-140.NASL
    description A vulnerability was discovered in the the Apache mod_status module that could lead to a cross-site scripting attack on sites where the server-status page was publically accessible and ExtendedStatus was enabled (CVE-2006-5752). A vulnerability was found in the Apache mod_cache module that could cause the httpd server child process to crash if it was sent a carefully crafted request. This could lead to a denial of service if using a threaded MPM (CVE-2007-1863). The Apache server also did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the server could manipulate the scoreboard and cause arbitrary processes to be terminated (CVE-2007-3304). Updated packages have been patched to prevent the above issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 25670
    published 2007-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25670
    title Mandrake Linux Security Advisory : apache (MDKSA-2007:140)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0556.NASL
    description Updated Apache httpd packages that correct three security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. The Apache HTTP Server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the Apache HTTP Server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of service (CVE-2007-3304). This issue is not exploitable on Red Hat Enterprise Linux 5 if using the default SELinux targeted policy. A flaw was found in the Apache HTTP Server mod_status module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. On Red Hat Enterprise Linux the server-status page is not enabled by default and it is best practice to not make this publicly available. (CVE-2006-5752) A bug was found in the Apache HTTP Server mod_cache module. On sites where caching is enabled, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-1863) Users of httpd should upgrade to these updated packages, which contain backported patches to correct these issues. Users should restart Apache after installing this update.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 25579
    published 2007-06-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25579
    title CentOS 5 : httpd (CESA-2007:0556)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_APACHE2-4666.NASL
    description Several bugs were fixed in the Apache2 webserver : These include the following security issues : - CVE-2006-5752: mod_status: Fix a possible XSS attack against a site with a public server-status page and ExtendedStatus enabled, for browsers which perform charset 'detection'. - CVE-2007-1863: mod_cache: Prevent a segmentation fault if attributes are listed in a Cache-Control header without any value. - CVE-2007-3304: prefork, worker, event MPMs: Ensure that the parent process cannot be forced to kill processes outside its process group. - CVE-2007-3847: mod_proxy: Prevent reading past the end of a buffer when parsing date-related headers. PR 41144. - CVE-2007-4465: mod_autoindex: Add in ContentType and Charset options to IndexOptions directive. This allows the admin to explicitly set the content-type and charset of the generated page. and the following non-security issues : - get_module_list: replace loadmodule.conf atomically - Use File::Temp to create good tmpdir in logresolve.pl2 (httpd-2.x.x-logresolve.patchs)
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 28282
    published 2007-11-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28282
    title openSUSE 10 Security Update : apache2 (apache2-4666)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_C115271D602B11DC898C001921AB2FA4.NASL
    description Apache HTTP server project reports : The following potential security flaws are addressed : - CVE-2007-3847: mod_proxy: Prevent reading past the end of a buffer when parsing date-related headers. - CVE-2007-1863: mod_cache: Prevent a segmentation fault if attributes are listed in a Cache-Control header without any value. - CVE-2007-3304: prefork, worker, event MPMs: Ensure that the parent process cannot be forced to kill processes outside its process group. - CVE-2006-5752: mod_status: Fix a possible XSS attack against a site with a public server-status page and ExtendedStatus enabled, for browsers which perform charset 'detection'. Reported by Stefan Esser. - CVE-2006-1862: mod_mem_cache: Copy headers into longer lived storage; header names and values could previously point to cleaned up storage.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 26039
    published 2007-09-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26039
    title FreeBSD : apache -- multiple vulnerabilities (c115271d-602b-11dc-898c-001921ab2fa4)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-0704.NASL
    description The Apache HTTP Server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the Apache HTTP Server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of service (CVE-2007-3304). This issue is not exploitable on Fedora if using the default SELinux targeted policy. A flaw was found in the Apache HTTP Server mod_status module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. On Fedora the server-status page is not enabled by default and it is best practice to not make this publicly available. (CVE-2006-5752) A bug was found in the Apache HTTP Server mod_cache module. On sites where caching is enabled, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-1863) A bug was found in the mod_mem_cache module. On sites where caching is enabled using this module, an information leak could occur which revealed portions of sensitive memory to remote users. (CVE-2007-1862) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 27675
    published 2007-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27675
    title Fedora 7 : httpd-2.2.4-4.1.fc7 (2007-0704)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0534.NASL
    description Updated Apache httpd packages that correct two security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the Apache HTTP Server mod_status module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. On Red Hat Enterprise Linux the server-status page is not enabled by default and it is best practice to not make this publicly available. (CVE-2006-5752) A bug was found in the Apache HTTP Server mod_cache module. On sites where caching is enabled, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-1863) Users of httpd should upgrade to these updated packages, which contain backported patches to correct these issues. Users should restart Apache after installing this update.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 25578
    published 2007-06-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25578
    title CentOS 4 : httpd (CESA-2007:0534)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0556.NASL
    description From Red Hat Security Advisory 2007:0556 : Updated Apache httpd packages that correct three security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. The Apache HTTP Server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the Apache HTTP Server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of service (CVE-2007-3304). This issue is not exploitable on Red Hat Enterprise Linux 5 if using the default SELinux targeted policy. A flaw was found in the Apache HTTP Server mod_status module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. On Red Hat Enterprise Linux the server-status page is not enabled by default and it is best practice to not make this publicly available. (CVE-2006-5752) A bug was found in the Apache HTTP Server mod_cache module. On sites where caching is enabled, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-1863) Users of httpd should upgrade to these updated packages, which contain backported patches to correct these issues. Users should restart Apache after installing this update.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67533
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67533
    title Oracle Linux 5 : httpd (ELSA-2007-0556)
oval via4
accepted 2013-04-29T04:22:33.675-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
family unix
id oval:org.mitre.oval:def:9824
status accepted
submitted 2010-07-09T03:56:16-04:00
title cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
version 24
redhat via4
advisories
  • bugzilla
    id 245112
    title CVE-2006-5752 httpd mod_status XSS
    oval
    AND
    • comment Red Hat Enterprise Linux 3 is installed
      oval oval:com.redhat.rhsa:tst:20060015001
    • OR
      • AND
        • comment httpd is earlier than 0:2.0.46-67.ent
          oval oval:com.redhat.rhsa:tst:20070533002
        • comment httpd is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060619003
      • AND
        • comment httpd-devel is earlier than 0:2.0.46-67.ent
          oval oval:com.redhat.rhsa:tst:20070533006
        • comment httpd-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060619005
      • AND
        • comment mod_ssl is earlier than 0:2.0.46-67.ent
          oval oval:com.redhat.rhsa:tst:20070533004
        • comment mod_ssl is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060619009
    rhsa
    id RHSA-2007:0533
    released 2007-06-27
    severity Moderate
    title RHSA-2007:0533: httpd security update (Moderate)
  • bugzilla
    id 245112
    title CVE-2006-5752 httpd mod_status XSS
    oval
    AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhsa:tst:20060016001
    • OR
      • AND
        • comment httpd is earlier than 0:2.0.52-32.2.ent
          oval oval:com.redhat.rhsa:tst:20070534002
        • comment httpd is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060619003
      • AND
        • comment httpd-devel is earlier than 0:2.0.52-32.2.ent
          oval oval:com.redhat.rhsa:tst:20070534008
        • comment httpd-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060619005
      • AND
        • comment httpd-manual is earlier than 0:2.0.52-32.2.ent
          oval oval:com.redhat.rhsa:tst:20070534004
        • comment httpd-manual is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060619011
      • AND
        • comment httpd-suexec is earlier than 0:2.0.52-32.2.ent
          oval oval:com.redhat.rhsa:tst:20070534010
        • comment httpd-suexec is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070534011
      • AND
        • comment mod_ssl is earlier than 0:2.0.52-32.2.ent
          oval oval:com.redhat.rhsa:tst:20070534006
        • comment mod_ssl is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060619009
    rhsa
    id RHSA-2007:0534
    released 2007-06-26
    severity Moderate
    title RHSA-2007:0534: httpd security update (Moderate)
  • rhsa
    id RHSA-2007:0556
  • rhsa
    id RHSA-2007:0557
rpms
  • httpd-0:2.0.46-67.ent
  • httpd-devel-0:2.0.46-67.ent
  • mod_ssl-0:2.0.46-67.ent
  • httpd-0:2.0.52-32.2.ent
  • httpd-devel-0:2.0.52-32.2.ent
  • httpd-manual-0:2.0.52-32.2.ent
  • httpd-suexec-0:2.0.52-32.2.ent
  • mod_ssl-0:2.0.52-32.2.ent
  • httpd-0:2.2.3-7.el5
  • httpd-devel-0:2.2.3-7.el5
  • httpd-manual-0:2.2.3-7.el5
  • mod_ssl-0:2.2.3-7.el5
refmap via4
aixapar
  • PK49355
  • PK52702
apple APPLE-SA-2008-05-28
bid 24649
bugtraq 20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server
cert TA08-150A
confirm
fedora FEDORA-2007-2214
gentoo GLSA-200711-06
hp
  • HPSBUX02262
  • SSRT071447
mandriva
  • MDKSA-2007:140
  • MDKSA-2007:141
misc http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=244658
mlist [security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server
osvdb 37079
sectrack 1018303
secunia
  • 25830
  • 25873
  • 25920
  • 26273
  • 26443
  • 26508
  • 26822
  • 26842
  • 26993
  • 27037
  • 27563
  • 27732
  • 28606
  • 30430
suse SUSE-SA:2007:061
trustix 2007-0026
ubuntu USN-499-1
vupen
  • ADV-2007-2727
  • ADV-2007-3283
  • ADV-2007-3386
  • ADV-2008-0233
  • ADV-2008-1697
statements via4
contributor Mark J Cox
lastmodified 2008-07-02
organization Apache
statement Fixed in Apache HTTP Server 2.2.6 and 2.0.61: http://httpd.apache.org/security/vulnerabilities_22.html http://httpd.apache.org/security/vulnerabilities_20.html
Last major update 30-10-2012 - 22:32
Published 27-06-2007 - 13:30
Last modified 16-10-2018 - 12:40
Back to Top