ID CVE-2007-3304
Summary Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
References
Vulnerable Configurations
  • Apache Software Foundation Apache HTTP Server 1.3.37
    cpe:2.3:a:apache:http_server:1.3.37
  • Apache Software Foundation HTTP Server 2.0.59
    cpe:2.3:a:apache:http_server:2.0.59
  • Apache Software Foundation Apache HTTP Server 2.2.4
    cpe:2.3:a:apache:http_server:2.2.4
CVSS
Base: 4.7 (as of 21-06-2007 - 16:20)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
nessus via4
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0662.NASL
    description Updated Apache httpd packages that correct a security issue are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. The Apache HTTP Server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the Apache HTTP Server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of service. (CVE-2007-3304). Users of httpd should upgrade to these updated packages, which contain backported patches to correct this issue. Users should restart Apache after installing this update.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 25713
    published 2007-07-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25713
    title CentOS 3 / 4 : httpd (CESA-2007:0662)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0263.NASL
    description Red Hat Network Proxy Server version 5.0.2 is now available. This update includes fixes for a number of security issues in Red Hat Network Proxy Server components. This update has been rated as having low security impact by the Red Hat Security Response Team. The Red Hat Network Proxy Server 5.0.2 release corrects several security vulnerabilities in several shipped components. In a typical operating environment, these components are not exposed to users of Proxy Server in a vulnerable manner. These security updates will reduce risk in unique Proxy Server environments. Multiple flaws were fixed in the Apache HTTPD server. These flaws could result in a cross-site scripting or denial-of-service attack. (CVE-2007-6388, CVE-2007-5000, CVE-2007-3304, CVE-2006-5752) A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349) A denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329) Users of Red Hat Network Proxy Server 5.0 are advised to upgrade to 5.0.2, which resolves these issues.
    last seen 2019-02-21
    modified 2017-01-10
    plugin id 63853
    published 2013-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63853
    title RHEL 4 : Proxy Server (RHSA-2008:0263)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20070713_HTTPD_ON_SL4_X.NASL
    description The Apache HTTP Server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the Apache HTTP Server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of service. (CVE-2007-3304).
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60226
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60226
    title Scientific Linux Security Update : httpd on SL4.x, SL3.x i386/x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0662.NASL
    description Updated Apache httpd packages that correct a security issue are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. The Apache HTTP Server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the Apache HTTP Server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of service. (CVE-2007-3304). Users of httpd should upgrade to these updated packages, which contain backported patches to correct this issue. Users should restart Apache after installing this update.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 25725
    published 2007-07-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25725
    title RHEL 3 / 4 : httpd (RHSA-2007:0662)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0662.NASL
    description From Red Hat Security Advisory 2007:0662 : Updated Apache httpd packages that correct a security issue are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. The Apache HTTP Server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the Apache HTTP Server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of service. (CVE-2007-3304). Users of httpd should upgrade to these updated packages, which contain backported patches to correct this issue. Users should restart Apache after installing this update.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67539
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67539
    title Oracle Linux 3 / 4 : httpd (ELSA-2007-0662)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200711-06.NASL
    description The remote host is affected by the vulnerability described in GLSA-200711-06 (Apache: Multiple vulnerabilities) Multiple cross-site scripting vulnerabilities have been discovered in mod_status and mod_autoindex (CVE-2006-5752, CVE-2007-4465). An error has been discovered in the recall_headers() function in mod_mem_cache (CVE-2007-1862). The mod_cache module does not properly sanitize requests before processing them (CVE-2007-1863). The Prefork module does not properly check PID values before sending signals (CVE-2007-3304). The mod_proxy module does not correctly check headers before processing them (CVE-2007-3847). Impact : A remote attacker could exploit one of these vulnerabilities to inject arbitrary script or HTML content, obtain sensitive information or cause a Denial of Service. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 27823
    published 2007-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27823
    title GLSA-200711-06 : Apache: Multiple vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0523.NASL
    description Red Hat Network Proxy Server version 4.2.3 is now available. This update includes fixes for a number of security issues in Red Hat Network Proxy Server components. This update has been rated as having low security impact by the Red Hat Security Response Team. The Red Hat Network Proxy Server 4.2.3 release corrects several security vulnerabilities in several shipped components. In a typical operating environment, these components are not exposed to users of Proxy Server in a vulnerable manner. These security updates will reduce risk in unique Proxy Server environments. Multiple flaws were fixed in the Apache HTTPD server. These flaws could result in a cross-site scripting or denial-of-service attack. (CVE-2007-6388, CVE-2007-5000, CVE-2007-4465, CVE-2007-3304, CVE-2006-5752, CVE-2006-3918, CVE-2005-3352) A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349) Multiple flaws in mod_ssl. (CVE-2004-0488, CVE-2004-0700, CVE-2004-0885) A denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329) Users of Red Hat Network Proxy Server 4.2 are advised to upgrade to 4.2.3, which resolves these issues.
    last seen 2019-02-21
    modified 2017-01-10
    plugin id 63857
    published 2013-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63857
    title RHEL 3 / 4 : Proxy Server (RHSA-2008:0523)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-2214.NASL
    description This update includes the latest stable release of the Apache HTTP Server. A flaw was found in the Apache HTTP Server mod_proxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is configured, an attacker could cause a similar crash if a user could be persuaded to visit a malicious site using the proxy. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-3847) A flaw was found in the mod_autoindex module. On sites where directory listings are used, and the AddDefaultCharset directive has been removed from the configuration, a cross-site-scripting attack may be possible against browsers which do not correctly derive the response character set following the rules in RFC 2616. (CVE-2007-4465) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 27758
    published 2007-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27758
    title Fedora 7 : httpd-2.2.6-1.fc7 (2007-2214)
  • NASL family Web Servers
    NASL id APACHE_2_2_6.NASL
    description According to its banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.6. It is, therefore, affected by the following vulnerabilities : - A denial of service vulnerability in mod_proxy. - A cross-site scripting vulnerability in mod_status. - A local denial of service vulnerability associated with the Prefork MPM module. - An information leak in mod_cache. - A denial of service vulnerability in mod_cache. In addition, it offers a workaround for a cross-site scripting issue in mod_autoindex. Note that the remote web server may not actually be affected by these vulnerabilities. Nessus did not try to determine whether any of the affected modules are in use on the remote server or to check for the issues themselves.
    last seen 2019-02-21
    modified 2018-06-29
    plugin id 26023
    published 2007-09-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26023
    title Apache 2.2.x < 2.2.6 Multiple Vulnerabilities (DoS, XSS, Info Disc)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-499-1.NASL
    description Stefan Esser discovered that mod_status did not force a character set, which could result in browsers becoming vulnerable to XSS attacks when processing the output. If a user were tricked into viewing server status output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. By default, mod_status is disabled in Ubuntu. (CVE-2006-5752) Niklas Edmundsson discovered that the mod_cache module could be made to crash using a specially crafted request. A remote user could use this to cause a denial of service if Apache was configured to use a threaded worker. By default, mod_cache is disabled in Ubuntu. (CVE-2007-1863) A flaw was discovered in the signal handling of Apache. A local attacker could trick Apache into sending SIGUSR1 to other processes. The vulnerable code was only present in Ubuntu Feisty. (CVE-2007-3304). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 28102
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28102
    title Ubuntu 6.06 LTS / 6.10 / 7.04 : apache2 vulnerabilities (USN-499-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0556.NASL
    description Updated Apache httpd packages that correct three security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. The Apache HTTP Server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the Apache HTTP Server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of service (CVE-2007-3304). This issue is not exploitable on Red Hat Enterprise Linux 5 if using the default SELinux targeted policy. A flaw was found in the Apache HTTP Server mod_status module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. On Red Hat Enterprise Linux the server-status page is not enabled by default and it is best practice to not make this publicly available. (CVE-2006-5752) A bug was found in the Apache HTTP Server mod_cache module. On sites where caching is enabled, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-1863) Users of httpd should upgrade to these updated packages, which contain backported patches to correct these issues. Users should restart Apache after installing this update.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 25610
    published 2007-06-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25610
    title RHEL 5 : httpd (RHSA-2007:0556)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20070626_HTTPD_ON_SL5_X.NASL
    description The Apache HTTP Server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the Apache HTTP Server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of service (CVE-2007-3304). This issue is not exploitable on Scientific Linux 5 if using the default SELinux targeted policy. A flaw was found in the Apache HTTP Server mod_status module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. On Scientific Linux the server-status page is not enabled by default and it is best practice to not make this publicly available. (CVE-2006-5752) A bug was found in the Apache HTTP Server mod_cache module. On sites where caching is enabled, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-1863)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60217
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60217
    title Scientific Linux Security Update : httpd on SL5.x, SL4.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_APACHE2-4669.NASL
    description Several bugs were fixed in the Apache2 webserver : These include the following security issues : - mod_status: Fix a possible XSS attack against a site with a public server-status page and ExtendedStatus enabled, for browsers which perform charset 'detection'. (CVE-2006-5752) - mod_cache: Prevent a segmentation fault if attributes are listed in a Cache-Control header without any value. (CVE-2007-1863) - prefork, worker, event MPMs: Ensure that the parent process cannot be forced to kill processes outside its process group. (CVE-2007-3304) - mod_proxy: Prevent reading past the end of a buffer when parsing date-related headers. PR 41144. (CVE-2007-3847) - mod_autoindex: Add in ContentType and Charset options to IndexOptions directive. This allows the admin to explicitly set the content-type and charset of the generated page. (CVE-2007-4465) and the following non-security issues : - get_module_list: replace loadmodule.conf atomically - Use File::Temp to create good tmpdir in logresolve.pl2 (httpd-2.x.x-logresolve.patchs)
    last seen 2019-02-21
    modified 2013-07-20
    plugin id 29373
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29373
    title SuSE 10 Security Update : apache2 (ZYPP Patch Number 4669)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0261.NASL
    description Red Hat Network Satellite Server version 5.0.2 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server components. This update has been rated as having moderate security impact by the Red Hat Security Response Team. During an internal security review, a cross-site scripting flaw was found that affected the Red Hat Network channel search feature. (CVE-2007-5961) This release also corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server. In a typical operating environment, these components are not exposed to users of Satellite Server in a vulnerable manner. These security updates will reduce risk in unique Satellite Server environments. Multiple flaws were fixed in the Apache HTTPD server. These flaws could result in a cross-site scripting, denial-of-service, or information disclosure attacks. (CVE-2004-0885, CVE-2006-5752, CVE-2006-7197, CVE-2007-1860, CVE-2007-3304, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388) A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349) A denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329) Multiple cross-site scripting flaws were fixed in the image map feature in the JFreeChart package. (CVE-2007-6306) Multiple flaws were fixed in the IBM Java 1.4.2 Runtime. (CVE-2007-0243, CVE-2007-2435, CVE-2007-2788, CVE-2007-2789) Two arbitrary code execution flaws were fixed in the OpenMotif package. (CVE-2005-3964, CVE-2005-0605) A flaw which could result in weak encryption was fixed in the perl-Crypt-CBC package. (CVE-2006-0898) Multiple flaws were fixed in the Tomcat package. (CVE-2008-0128, CVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358, CVE-2007-1355, CVE-2007-2450, CVE-2007-2449, CVE-2007-0450, CVE-2006-7196, CVE-2006-7195, CVE-2006-3835, CVE-2006-0254, CVE-2005-2090, CVE-2005-4838, CVE-2005-3510) Users of Red Hat Network Satellite Server 5.0 are advised to upgrade to 5.0.2, which resolves these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 43835
    published 2010-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43835
    title RHEL 4 : Satellite Server (RHSA-2008:0261)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-140.NASL
    description A vulnerability was discovered in the the Apache mod_status module that could lead to a cross-site scripting attack on sites where the server-status page was publically accessible and ExtendedStatus was enabled (CVE-2006-5752). A vulnerability was found in the Apache mod_cache module that could cause the httpd server child process to crash if it was sent a carefully crafted request. This could lead to a denial of service if using a threaded MPM (CVE-2007-1863). The Apache server also did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the server could manipulate the scoreboard and cause arbitrary processes to be terminated (CVE-2007-3304). Updated packages have been patched to prevent the above issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 25670
    published 2007-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25670
    title Mandrake Linux Security Advisory : apache (MDKSA-2007:140)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0524.NASL
    description Red Hat Network Satellite Server version 4.2.3 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server components. This update has been rated as having low security impact by the Red Hat Security Response Team. This release corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server 4.2. In a typical operating environment, these components are not exposed to users of Satellite Server in a vulnerable manner. These security updates will reduce risk in unique Satellite Server environments. Multiple flaws were fixed in the Apache HTTPD server. These flaws could result in a cross-site scripting, denial-of-service, or information disclosure attacks. (CVE-2004-0885, CVE-2006-5752, CVE-2006-7197, CVE-2007-1860, CVE-2007-3304, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388) A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349) A denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329) Multiple cross-site scripting flaws were fixed in the image map feature in the JFreeChart package. (CVE-2007-6306) Multiple flaws were fixed in the IBM Java 1.4.2 Runtime. (CVE-2007-0243, CVE-2007-2435, CVE-2007-2788, CVE-2007-2789) Multiple flaws were fixed in the OpenMotif package. (CVE-2004-0687, CVE-2004-0688, CVE-2004-0914, CVE-2005-3964, CVE-2005-0605) A flaw which could result in weak encryption was fixed in the perl-Crypt-CBC package. (CVE-2006-0898) Multiple flaws were fixed in the Tomcat package. (CVE-2008-0128, CVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358, CVE-2007-1355, CVE-2007-2450, CVE-2007-2449, CVE-2007-0450, CVE-2006-7196, CVE-2006-7195, CVE-2006-3835, CVE-2006-0254, CVE-2005-2090, CVE-2005-4838, CVE-2005-3510) Users of Red Hat Network Satellite Server 4.2 are advised to upgrade to 4.2.3, which resolves these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 43837
    published 2010-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43837
    title RHEL 3 / 4 : Satellite Server (RHSA-2008:0524)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0532.NASL
    description Updated Apache httpd packages that correct two security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. The Apache HTTP Server did not verify that a process was an Apache child process before sending it signals. A local attacker who has the ability to run scripts on the Apache HTTP Server could manipulate the scoreboard and cause arbitrary processes to be terminated, which could lead to a denial of service. (CVE-2007-3304) A flaw was found in the Apache HTTP Server mod_status module. Sites with the server-status page publicly accessible and ExtendedStatus enabled were vulnerable to a cross-site scripting attack. On Red Hat Enterprise Linux the server-status page is not enabled by default and it is best practice to not make this publicly available. (CVE-2006-5752) Users of Apache should upgrade to these updated packages, which contain backported patches to correct these issues. Users should restart Apache after installing this update.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 25608
    published 2007-06-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25608
    title RHEL 2.1 : apache (RHSA-2007:0532)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0556.NASL
    description Updated Apache httpd packages that correct three security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. The Apache HTTP Server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the Apache HTTP Server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of service (CVE-2007-3304). This issue is not exploitable on Red Hat Enterprise Linux 5 if using the default SELinux targeted policy. A flaw was found in the Apache HTTP Server mod_status module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. On Red Hat Enterprise Linux the server-status page is not enabled by default and it is best practice to not make this publicly available. (CVE-2006-5752) A bug was found in the Apache HTTP Server mod_cache module. On sites where caching is enabled, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-1863) Users of httpd should upgrade to these updated packages, which contain backported patches to correct these issues. Users should restart Apache after installing this update.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 25579
    published 2007-06-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25579
    title CentOS 5 : httpd (CESA-2007:0556)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_APACHE2-4666.NASL
    description Several bugs were fixed in the Apache2 webserver : These include the following security issues : - CVE-2006-5752: mod_status: Fix a possible XSS attack against a site with a public server-status page and ExtendedStatus enabled, for browsers which perform charset 'detection'. - CVE-2007-1863: mod_cache: Prevent a segmentation fault if attributes are listed in a Cache-Control header without any value. - CVE-2007-3304: prefork, worker, event MPMs: Ensure that the parent process cannot be forced to kill processes outside its process group. - CVE-2007-3847: mod_proxy: Prevent reading past the end of a buffer when parsing date-related headers. PR 41144. - CVE-2007-4465: mod_autoindex: Add in ContentType and Charset options to IndexOptions directive. This allows the admin to explicitly set the content-type and charset of the generated page. and the following non-security issues : - get_module_list: replace loadmodule.conf atomically - Use File::Temp to create good tmpdir in logresolve.pl2 (httpd-2.x.x-logresolve.patchs)
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 28282
    published 2007-11-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28282
    title openSUSE 10 Security Update : apache2 (apache2-4666)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_C115271D602B11DC898C001921AB2FA4.NASL
    description Apache HTTP server project reports : The following potential security flaws are addressed : - CVE-2007-3847: mod_proxy: Prevent reading past the end of a buffer when parsing date-related headers. - CVE-2007-1863: mod_cache: Prevent a segmentation fault if attributes are listed in a Cache-Control header without any value. - CVE-2007-3304: prefork, worker, event MPMs: Ensure that the parent process cannot be forced to kill processes outside its process group. - CVE-2006-5752: mod_status: Fix a possible XSS attack against a site with a public server-status page and ExtendedStatus enabled, for browsers which perform charset 'detection'. Reported by Stefan Esser. - CVE-2006-1862: mod_mem_cache: Copy headers into longer lived storage; header names and values could previously point to cleaned up storage.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 26039
    published 2007-09-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26039
    title FreeBSD : apache -- multiple vulnerabilities (c115271d-602b-11dc-898c-001921ab2fa4)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-0704.NASL
    description The Apache HTTP Server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the Apache HTTP Server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of service (CVE-2007-3304). This issue is not exploitable on Fedora if using the default SELinux targeted policy. A flaw was found in the Apache HTTP Server mod_status module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. On Fedora the server-status page is not enabled by default and it is best practice to not make this publicly available. (CVE-2006-5752) A bug was found in the Apache HTTP Server mod_cache module. On sites where caching is enabled, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-1863) A bug was found in the mod_mem_cache module. On sites where caching is enabled using this module, an information leak could occur which revealed portions of sensitive memory to remote users. (CVE-2007-1862) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 27675
    published 2007-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27675
    title Fedora 7 : httpd-2.2.4-4.1.fc7 (2007-0704)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0556.NASL
    description From Red Hat Security Advisory 2007:0556 : Updated Apache httpd packages that correct three security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. The Apache HTTP Server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the Apache HTTP Server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of service (CVE-2007-3304). This issue is not exploitable on Red Hat Enterprise Linux 5 if using the default SELinux targeted policy. A flaw was found in the Apache HTTP Server mod_status module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. On Red Hat Enterprise Linux the server-status page is not enabled by default and it is best practice to not make this publicly available. (CVE-2006-5752) A bug was found in the Apache HTTP Server mod_cache module. On sites where caching is enabled, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-1863) Users of httpd should upgrade to these updated packages, which contain backported patches to correct these issues. Users should restart Apache after installing this update.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67533
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67533
    title Oracle Linux 5 : httpd (ELSA-2007-0556)
oval via4
accepted 2013-04-29T04:14:49.970-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
family unix
id oval:org.mitre.oval:def:11589
status accepted
submitted 2010-07-09T03:56:16-04:00
title Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
version 24
redhat via4
advisories
  • bugzilla
    id 245112
    title CVE-2006-5752 httpd mod_status XSS
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment httpd is earlier than 0:2.2.3-7.el5
          oval oval:com.redhat.rhsa:tst:20070556002
        • comment httpd is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070556003
      • AND
        • comment httpd-devel is earlier than 0:2.2.3-7.el5
          oval oval:com.redhat.rhsa:tst:20070556004
        • comment httpd-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070556005
      • AND
        • comment httpd-manual is earlier than 0:2.2.3-7.el5
          oval oval:com.redhat.rhsa:tst:20070556008
        • comment httpd-manual is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070556009
      • AND
        • comment mod_ssl is earlier than 0:2.2.3-7.el5
          oval oval:com.redhat.rhsa:tst:20070556006
        • comment mod_ssl is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070556007
    rhsa
    id RHSA-2007:0556
    released 2007-06-26
    severity Moderate
    title RHSA-2007:0556: httpd security update (Moderate)
  • bugzilla
    id 245111
    title CVE-2007-3304 httpd scoreboard lack of PID protection
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 3 is installed
        oval oval:com.redhat.rhsa:tst:20060015001
      • OR
        • AND
          • comment httpd is earlier than 0:2.0.46-68.ent
            oval oval:com.redhat.rhsa:tst:20070662002
          • comment httpd is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060619003
        • AND
          • comment httpd-devel is earlier than 0:2.0.46-68.ent
            oval oval:com.redhat.rhsa:tst:20070662004
          • comment httpd-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060619005
        • AND
          • comment mod_ssl is earlier than 0:2.0.46-68.ent
            oval oval:com.redhat.rhsa:tst:20070662006
          • comment mod_ssl is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060619009
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhsa:tst:20060016001
      • OR
        • AND
          • comment httpd is earlier than 0:2.0.52-32.3.ent
            oval oval:com.redhat.rhsa:tst:20070662009
          • comment httpd is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060619003
        • AND
          • comment httpd-devel is earlier than 0:2.0.52-32.3.ent
            oval oval:com.redhat.rhsa:tst:20070662015
          • comment httpd-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060619005
        • AND
          • comment httpd-manual is earlier than 0:2.0.52-32.3.ent
            oval oval:com.redhat.rhsa:tst:20070662013
          • comment httpd-manual is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060619011
        • AND
          • comment httpd-suexec is earlier than 0:2.0.52-32.3.ent
            oval oval:com.redhat.rhsa:tst:20070662010
          • comment httpd-suexec is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070534011
        • AND
          • comment mod_ssl is earlier than 0:2.0.52-32.3.ent
            oval oval:com.redhat.rhsa:tst:20070662012
          • comment mod_ssl is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060619009
    rhsa
    id RHSA-2007:0662
    released 2007-07-13
    severity Moderate
    title RHSA-2007:0662: httpd security update (Moderate)
  • rhsa
    id RHSA-2007:0532
  • rhsa
    id RHSA-2007:0557
  • rhsa
    id RHSA-2008:0261
rpms
  • httpd-0:2.2.3-7.el5
  • httpd-devel-0:2.2.3-7.el5
  • httpd-manual-0:2.2.3-7.el5
  • mod_ssl-0:2.2.3-7.el5
  • httpd-0:2.0.46-68.ent
  • httpd-devel-0:2.0.46-68.ent
  • mod_ssl-0:2.0.46-68.ent
  • httpd-0:2.0.52-32.3.ent
  • httpd-devel-0:2.0.52-32.3.ent
  • httpd-manual-0:2.0.52-32.3.ent
  • httpd-suexec-0:2.0.52-32.3.ent
  • mod_ssl-0:2.0.52-32.3.ent
refmap via4
aixapar
  • PK50467
  • PK52702
  • PK53984
bid 24215
bugtraq
  • 20070529 Apache httpd vulenrabilities
  • 20070619 Apache Prefork MPM vulnerabilities - Report
  • 20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server
confirm
fedora FEDORA-2007-2214
gentoo GLSA-200711-06
hp
  • HPSBUX02273
  • SSRT071476
mandriva
  • MDKSA-2007:140
  • MDKSA-2007:142
misc
mlist
  • [apache-httpd-dev] 20070622 Re: PID table changes (was Re: svn commit: r547987 - in /httpd/httpd/trunk)
  • [apache-httpd-dev] 20070629 Re: [PATCH] pid safety checks for 2.2.x
  • [security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server
osvdb 38939
sectrack 1018304
secunia
  • 25827
  • 25830
  • 25920
  • 26211
  • 26273
  • 26443
  • 26508
  • 26611
  • 26759
  • 26790
  • 26822
  • 26842
  • 26993
  • 27121
  • 27209
  • 27563
  • 27732
  • 28212
  • 28224
  • 28606
sgi 20070701-01-P
sreason 2814
sunalert
  • 103179
  • 200032
suse SUSE-SA:2007:061
trustix 2007-0026
ubuntu USN-499-1
vupen
  • ADV-2007-2727
  • ADV-2007-3100
  • ADV-2007-3283
  • ADV-2007-3420
  • ADV-2007-3494
  • ADV-2007-4305
  • ADV-2008-0233
xf apache-child-process-dos(35095)
statements via4
contributor Mark J Cox
lastmodified 2008-07-02
organization Apache
statement Fixed in Apache HTTP Server 2.2.6, 2.0.61, and 1.3.39: http://httpd.apache.org/security/vulnerabilities_22.html http://httpd.apache.org/security/vulnerabilities_20.html http://httpd.apache.org/security/vulnerabilities_13.html
Last major update 30-10-2012 - 22:38
Published 20-06-2007 - 18:30
Last modified 16-10-2018 - 12:48
Back to Top