ID CVE-2007-3847
Summary The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
References
Vulnerable Configurations
  • Apache Software Foundation Apache HTTP Server 2.3.0
    cpe:2.3:a:apache:http_server:2.3.0
CVSS
Base: 5.0 (as of 24-08-2007 - 16:03)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-707.NASL
    description This update includes the latest release of httpd, fixing two security issues. A flaw was found in the mod_proxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is configured, an attacker could cause a similar crash if a user could be persuaded to visit a malicious site using the proxy. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-3847) A flaw was found in the mod_autoindex module. On sites where directory listings are used, and the AddDefaultCharset directive has been removed from the configuration, a cross-site-scripting attack may be possible against browsers which do not correctly derive the response character set following the rules in RFC 2616. (CVE-2007-4465) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 26114
    published 2007-09-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26114
    title Fedora Core 6 : httpd-2.2.6-1.fc6 (2007-707)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_5_3.NASL
    description The remote host is running a version of Mac OS X 10.5.x that is prior to 10.5.3. Mac OS X 10.5.3 contains security fixes for a number of programs.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 32477
    published 2008-05-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32477
    title Mac OS X 10.5.x < 10.5.3 Multiple Vulnerabilities
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2008-003.NASL
    description The remote host is running a version of Mac OS X 10.4 that does not have the security update 2008-003 applied. This update contains security fixes for a number of programs.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 32478
    published 2008-05-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32478
    title Mac OS X Multiple Vulnerabilities (Security Update 2008-003)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2008-045-02.NASL
    description New apache 1.3.41 packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and 11.0 to fix security issues. A new matching mod_ssl package is also provided.
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 31100
    published 2008-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31100
    title Slackware 10.0 / 10.1 / 10.2 / 11.0 / 8.1 / 9.0 / 9.1 : apache (SSA:2008-045-02)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200711-06.NASL
    description The remote host is affected by the vulnerability described in GLSA-200711-06 (Apache: Multiple vulnerabilities) Multiple cross-site scripting vulnerabilities have been discovered in mod_status and mod_autoindex (CVE-2006-5752, CVE-2007-4465). An error has been discovered in the recall_headers() function in mod_mem_cache (CVE-2007-1862). The mod_cache module does not properly sanitize requests before processing them (CVE-2007-1863). The Prefork module does not properly check PID values before sending signals (CVE-2007-3304). The mod_proxy module does not correctly check headers before processing them (CVE-2007-3847). Impact : A remote attacker could exploit one of these vulnerabilities to inject arbitrary script or HTML content, obtain sensitive information or cause a Denial of Service. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 27823
    published 2007-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27823
    title GLSA-200711-06 : Apache: Multiple vulnerabilities
  • NASL family Web Servers
    NASL id ORACLE_HTTP_SERVER_CPU_JUL_2013.NASL
    description According to its banner, the version of Oracle HTTP Server installed on the remote host is potentially affected by multiple vulnerabilities. Note that Nessus did not verify if patches or workarounds have been applied.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 69301
    published 2013-08-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69301
    title Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-2214.NASL
    description This update includes the latest stable release of the Apache HTTP Server. A flaw was found in the Apache HTTP Server mod_proxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is configured, an attacker could cause a similar crash if a user could be persuaded to visit a malicious site using the proxy. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-3847) A flaw was found in the mod_autoindex module. On sites where directory listings are used, and the AddDefaultCharset directive has been removed from the configuration, a cross-site-scripting attack may be possible against browsers which do not correctly derive the response character set following the rules in RFC 2616. (CVE-2007-4465) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 27758
    published 2007-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27758
    title Fedora 7 : httpd-2.2.6-1.fc7 (2007-2214)
  • NASL family Web Servers
    NASL id APACHE_2_2_6.NASL
    description According to its banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.6. It is, therefore, affected by the following vulnerabilities : - A denial of service vulnerability in mod_proxy. - A cross-site scripting vulnerability in mod_status. - A local denial of service vulnerability associated with the Prefork MPM module. - An information leak in mod_cache. - A denial of service vulnerability in mod_cache. In addition, it offers a workaround for a cross-site scripting issue in mod_autoindex. Note that the remote web server may not actually be affected by these vulnerabilities. Nessus did not try to determine whether any of the affected modules are in use on the remote server or to check for the issues themselves.
    last seen 2019-02-21
    modified 2018-06-29
    plugin id 26023
    published 2007-09-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26023
    title Apache 2.2.x < 2.2.6 Multiple Vulnerabilities (DoS, XSS, Info Disc)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0747.NASL
    description Updated httpd packages that fix a security issue, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular and freely-available Web server. A flaw was found in the Apache HTTP Server mod_proxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is configured, an attacker could cause a similar crash if a user could be persuaded to visit a malicious site using the proxy. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-3847) As well, these updated packages fix the following bugs : * the default '/etc/logrotate.d/httpd' script incorrectly invoked the kill command, instead of using the '/sbin/service httpd restart' command. If you configured the httpd PID to be in a location other than '/var/run/httpd.pid', the httpd logs failed to be rotated. This has been resolved in these updated packages. * Set-Cookie headers with a status code of 3xx are not forwarded to clients when the 'ProxyErrorOverride' directive is enabled. These responses are overridden at the proxy. Only the responses with status codes of 4xx and 5xx are overridden in these updated packages. * mod_proxy did not correctly handle percent-encoded characters (ie %20) when configured as a reverse proxy. * invalid HTTP status codes could be logged if output filters returned errors. * the 'ProxyTimeout' directive was not inherited across virtual host definitions. * in some cases the Content-Length header was dropped from HEAD responses. This resulted in certain sites not working correctly with mod_proxy, such as www.windowsupdate.com. This update adds the following enhancements : * a new configuration option has been added, 'ServerTokens Full-Release', which adds the package release to the server version string, which is returned in the 'Server' response header. * a new module has been added, mod_version, which allows configuration files to be written containing sections, which are evaluated only if the version of httpd used matches a specified condition. Users of httpd are advised to upgrade to these updated packages, which resolve these issues and add these enhancements.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 67056
    published 2013-06-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67056
    title CentOS 4 : httpd (CESA-2007:0747)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2008-002.NASL
    description The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-002 applied. This update contains several security fixes for a number of programs.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 31605
    published 2008-03-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31605
    title Mac OS X Multiple Vulnerabilities (Security Update 2008-002)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0005.NASL
    description Updated Apache httpd packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the mod_imap module. On sites where mod_imap was enabled and an imagemap file was publicly available, a cross-site scripting attack was possible. (CVE-2007-5000) A flaw was found in the mod_autoindex module. On sites where directory listings are used, and the 'AddDefaultCharset' directive has been removed from the configuration, a cross-site scripting attack was possible against Web browsers which did not correctly derive the response character set following the rules in RFC 2616. (CVE-2007-4465) A flaw was found in the mod_proxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is configured, an attacker could cause a similar crash if a user could be persuaded to visit a malicious site using the proxy. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-3847) A flaw was found in the mod_status module. On sites where mod_status was enabled and the status pages were publicly available, a cross-site scripting attack was possible. (CVE-2007-6388) A flaw was found in the mod_proxy_ftp module. On sites where mod_proxy_ftp was enabled and a forward proxy was configured, a cross-site scripting attack was possible against Web browsers which did not correctly derive the response character set following the rules in RFC 2616. (CVE-2008-0005) Users of Apache httpd should upgrade to these updated packages, which contain backported patches to resolve these issues. Users should restart httpd after installing this update.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 29975
    published 2008-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29975
    title RHEL 3 : httpd (RHSA-2008:0005)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0747.NASL
    description Updated httpd packages that fix a security issue, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular and freely-available Web server. A flaw was found in the Apache HTTP Server mod_proxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is configured, an attacker could cause a similar crash if a user could be persuaded to visit a malicious site using the proxy. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-3847) As well, these updated packages fix the following bugs : * the default '/etc/logrotate.d/httpd' script incorrectly invoked the kill command, instead of using the '/sbin/service httpd restart' command. If you configured the httpd PID to be in a location other than '/var/run/httpd.pid', the httpd logs failed to be rotated. This has been resolved in these updated packages. * Set-Cookie headers with a status code of 3xx are not forwarded to clients when the 'ProxyErrorOverride' directive is enabled. These responses are overridden at the proxy. Only the responses with status codes of 4xx and 5xx are overridden in these updated packages. * mod_proxy did not correctly handle percent-encoded characters (ie %20) when configured as a reverse proxy. * invalid HTTP status codes could be logged if output filters returned errors. * the 'ProxyTimeout' directive was not inherited across virtual host definitions. * in some cases the Content-Length header was dropped from HEAD responses. This resulted in certain sites not working correctly with mod_proxy, such as www.windowsupdate.com. This update adds the following enhancements : * a new configuration option has been added, 'ServerTokens Full-Release', which adds the package release to the server version string, which is returned in the 'Server' response header. * a new module has been added, mod_version, which allows configuration files to be written containing sections, which are evaluated only if the version of httpd used matches a specified condition. Users of httpd are advised to upgrade to these updated packages, which resolve these issues and add these enhancements.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 28240
    published 2007-11-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28240
    title RHEL 4 : httpd (RHSA-2007:0747)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0746.NASL
    description Updated httpd packages that fix a security issue, fix various bugs, and add enhancements, are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular and freely-available Web server. A flaw was found in the Apache HTTP Server mod_proxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is configured, an attacker could cause a similar crash if a user could be persuaded to visit a malicious site using the proxy. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-3847) As well, these updated packages fix the following bugs : * Set-Cookie headers with a status code of 3xx are not forwarded to clients when the 'ProxyErrorOverride' directive is enabled. These responses are overridden at the proxy. Only the responses with status codes of 4xx and 5xx are overridden in these updated packages. * the default '/etc/logrotate.d/httpd' script incorrectly invoked the kill command, instead of using the '/sbin/service httpd restart' command. If you configured the httpd PID to be in a location other than '/var/run/httpd.pid', the httpd logs failed to be rotated. This has been resolved in these updated packages. * the 'ProxyTimeout' directive was not inherited across virtual host definitions. * the logresolve utility was unable to read lines longer the 1024 bytes. This update adds the following enhancements : * a new configuration option has been added, 'ServerTokens Full-Release', which adds the package release to the server version string, which is returned in the 'Server' response header. * a new module has been added, mod_version, which allows configuration files to be written containing sections, which are evaluated only if the version of httpd used matches a specified condition. Users of httpd are advised to upgrade to these updated packages, which resolve these issues and add these enhancements.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 27834
    published 2007-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27834
    title RHEL 5 : httpd (RHSA-2007:0746)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2008-0005.NASL
    description From Red Hat Security Advisory 2008:0005 : Updated Apache httpd packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the mod_imap module. On sites where mod_imap was enabled and an imagemap file was publicly available, a cross-site scripting attack was possible. (CVE-2007-5000) A flaw was found in the mod_autoindex module. On sites where directory listings are used, and the 'AddDefaultCharset' directive has been removed from the configuration, a cross-site scripting attack was possible against Web browsers which did not correctly derive the response character set following the rules in RFC 2616. (CVE-2007-4465) A flaw was found in the mod_proxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is configured, an attacker could cause a similar crash if a user could be persuaded to visit a malicious site using the proxy. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-3847) A flaw was found in the mod_status module. On sites where mod_status was enabled and the status pages were publicly available, a cross-site scripting attack was possible. (CVE-2007-6388) A flaw was found in the mod_proxy_ftp module. On sites where mod_proxy_ftp was enabled and a forward proxy was configured, a cross-site scripting attack was possible against Web browsers which did not correctly derive the response character set following the rules in RFC 2616. (CVE-2008-0005) Users of Apache httpd should upgrade to these updated packages, which contain backported patches to resolve these issues. Users should restart httpd after installing this update.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67631
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67631
    title Oracle Linux 3 : httpd (ELSA-2008-0005)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_APACHE2-4669.NASL
    description Several bugs were fixed in the Apache2 webserver : These include the following security issues : - mod_status: Fix a possible XSS attack against a site with a public server-status page and ExtendedStatus enabled, for browsers which perform charset 'detection'. (CVE-2006-5752) - mod_cache: Prevent a segmentation fault if attributes are listed in a Cache-Control header without any value. (CVE-2007-1863) - prefork, worker, event MPMs: Ensure that the parent process cannot be forced to kill processes outside its process group. (CVE-2007-3304) - mod_proxy: Prevent reading past the end of a buffer when parsing date-related headers. PR 41144. (CVE-2007-3847) - mod_autoindex: Add in ContentType and Charset options to IndexOptions directive. This allows the admin to explicitly set the content-type and charset of the generated page. (CVE-2007-4465) and the following non-security issues : - get_module_list: replace loadmodule.conf atomically - Use File::Temp to create good tmpdir in logresolve.pl2 (httpd-2.x.x-logresolve.patchs)
    last seen 2019-02-21
    modified 2013-07-20
    plugin id 29373
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29373
    title SuSE 10 Security Update : apache2 (ZYPP Patch Number 4669)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20080115_HTTPD_ON_SL3_X.NASL
    description A flaw was found in the mod_proxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is configured, an attacker could cause a similar crash if a user could be persuaded to visit a malicious site using the proxy. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-3847) A flaw was found in the mod_autoindex module. On sites where directory listings are used, and the 'AddDefaultCharset' directive has been removed from the configuration, a cross-site scripting attack might have been possible against Web browsers which do not correctly derive the response character set following the rules in RFC 2616. (CVE-2007-4465) A flaw was found in the mod_imagemap module. On sites where mod_imagemap was enabled and an imagemap file was publicly available, a cross-site scripting attack was possible. (CVE-2007-5000) A flaw was found in the mod_status module. On sites where mod_status was enabled and the status pages were publicly available, a cross-site scripting attack was possible. (CVE-2007-6388) A flaw was found in the mod_proxy_balancer module. On sites where mod_proxy_balancer was enabled, a cross-site scripting attack against an authorized user was possible. (CVE-2007-6421) A flaw was found in the mod_proxy_balancer module. On sites where mod_proxy_balancer was enabled, an authorized user could send a carefully crafted request that would cause the Apache child process handling that request to crash. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-6422) A flaw was found in the mod_proxy_ftp module. On sites where mod_proxy_ftp was enabled and a forward proxy was configured, a cross-site scripting attack was possible against Web browsers which do not correctly derive the response character set following the rules in RFC 2616. (CVE-2008-0005)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60345
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60345
    title Scientific Linux Security Update : httpd on SL3.x, SL4.x, SL5.x i386/x86_64
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20071115_HTTPD_ON_SL4_X.NASL
    description A flaw was found in the Apache HTTP Server mod_proxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is configured, an attacker could cause a similar crash if a user could be persuaded to visit a malicious site using the proxy. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-3847) As well, these updated packages fix the following bugs : - the default '/etc/logrotate.d/httpd' script incorrectly invoked the kill command, instead of using the '/sbin/service httpd restart' command. If you configured the httpd PID to be in a location other than '/var/run/httpd.pid', the httpd logs failed to be rotated. This has been resolved in these updated packages. - Set-Cookie headers with a status code of 3xx are not forwarded to clients when the 'ProxyErrorOverride' directive is enabled. These responses are overridden at the proxy. Only the responses with status codes of 4xx and 5xx are overridden in these updated packages. - mod_proxy did not correctly handle percent-encoded characters (ie %20) when configured as a reverse proxy. - invalid HTTP status codes could be logged if output filters returned errors. - the 'ProxyTimeout' directive was not inherited across virtual host definitions. - in some cases the Content-Length header was dropped from HEAD responses. This resulted in certain sites not working correctly with mod_proxy, such as www.windowsupdate.com. This update adds the following enhancements : - a new configuration option has been added, 'ServerTokens Full-Release', which adds the package release to the server version string, which is returned in the 'Server' response header. - a new module has been added, mod_version, which allows configuration files to be written containing sections, which are evaluated only if the version of httpd used matches a specified condition.
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60302
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60302
    title Scientific Linux Security Update : httpd on SL4.x i386/x86_64
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20071109_HTTPD_ON_SL5.NASL
    description Problem description : A flaw was found in the Apache HTTP Server mod_proxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is configured, an attacker could cause a similar crash if a user could be persuaded to visit a malicious site using the proxy. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-3847) As well, these updated packages fix the following bugs : - Set-Cookie headers with a status code of 3xx are not forwarded to clients when the 'ProxyErrorOverride' directive is enabled. These responses are overridden at the proxy. Only the responses with status codes of 4xx and 5xx are overridden in these updated packages. - the default '/etc/logrotate.d/httpd' script incorrectly invoked the kill command, instead of using the '/sbin/service httpd restart' command. If you configured the httpd PID to be in a location other than '/var/run/httpd.pid', the httpd logs failed to be rotated. This has been resolved in these updated packages. - the 'ProxyTimeout' directive was not inherited across virtual host definitions. - the logresolve utility was unable to read lines longer the 1024 bytes. This update adds the following enhancements : - a new configuration option has been added, 'ServerTokens Full-Release', which adds the package release to the server version string, which is returned in the 'Server' response header. - a new module has been added, mod_version, which allows configuration files to be written containing sections, which are evaluated only if the version of httpd used matches a specified condition.
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60295
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60295
    title Scientific Linux Security Update : httpd on SL5.x
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2008-0005.NASL
    description Updated Apache httpd packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the mod_imap module. On sites where mod_imap was enabled and an imagemap file was publicly available, a cross-site scripting attack was possible. (CVE-2007-5000) A flaw was found in the mod_autoindex module. On sites where directory listings are used, and the 'AddDefaultCharset' directive has been removed from the configuration, a cross-site scripting attack was possible against Web browsers which did not correctly derive the response character set following the rules in RFC 2616. (CVE-2007-4465) A flaw was found in the mod_proxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is configured, an attacker could cause a similar crash if a user could be persuaded to visit a malicious site using the proxy. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-3847) A flaw was found in the mod_status module. On sites where mod_status was enabled and the status pages were publicly available, a cross-site scripting attack was possible. (CVE-2007-6388) A flaw was found in the mod_proxy_ftp module. On sites where mod_proxy_ftp was enabled and a forward proxy was configured, a cross-site scripting attack was possible against Web browsers which did not correctly derive the response character set following the rules in RFC 2616. (CVE-2008-0005) Users of Apache httpd should upgrade to these updated packages, which contain backported patches to resolve these issues. Users should restart httpd after installing this update.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 29966
    published 2008-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29966
    title CentOS 3 : httpd (CESA-2008:0005)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-235.NASL
    description A flaw in the Apache mod_proxy module was found that could potentially lead to a denial of service is using a threaded Multi-Processing Module. On sites where a reverse proxy is configured, a remote attacker could send a special reequest that would cause the Apache child process handling the request to crash. Likewise, a similar crash could occur on sites with a forward proxy configured if a user could be persuaded to visit a malicious site using the proxy (CVE-2007-3847). A flaw in the Apache mod_autoindex module was found. On sites where directory listings are used and the AddDefaultCharset directive was removed from the configuration, a cross-site-scripting attack could be possible against browsers that to not correctly derive the response character set according to the rules in RGC 2616 (CVE-2007-4465). The updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 29202
    published 2007-12-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29202
    title Mandrake Linux Security Advisory : apache (MDKSA-2007:235)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_APACHE2-4666.NASL
    description Several bugs were fixed in the Apache2 webserver : These include the following security issues : - CVE-2006-5752: mod_status: Fix a possible XSS attack against a site with a public server-status page and ExtendedStatus enabled, for browsers which perform charset 'detection'. - CVE-2007-1863: mod_cache: Prevent a segmentation fault if attributes are listed in a Cache-Control header without any value. - CVE-2007-3304: prefork, worker, event MPMs: Ensure that the parent process cannot be forced to kill processes outside its process group. - CVE-2007-3847: mod_proxy: Prevent reading past the end of a buffer when parsing date-related headers. PR 41144. - CVE-2007-4465: mod_autoindex: Add in ContentType and Charset options to IndexOptions directive. This allows the admin to explicitly set the content-type and charset of the generated page. and the following non-security issues : - get_module_list: replace loadmodule.conf atomically - Use File::Temp to create good tmpdir in logresolve.pl2 (httpd-2.x.x-logresolve.patchs)
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 28282
    published 2007-11-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28282
    title openSUSE 10 Security Update : apache2 (apache2-4666)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_C115271D602B11DC898C001921AB2FA4.NASL
    description Apache HTTP server project reports : The following potential security flaws are addressed : - CVE-2007-3847: mod_proxy: Prevent reading past the end of a buffer when parsing date-related headers. - CVE-2007-1863: mod_cache: Prevent a segmentation fault if attributes are listed in a Cache-Control header without any value. - CVE-2007-3304: prefork, worker, event MPMs: Ensure that the parent process cannot be forced to kill processes outside its process group. - CVE-2006-5752: mod_status: Fix a possible XSS attack against a site with a public server-status page and ExtendedStatus enabled, for browsers which perform charset 'detection'. Reported by Stefan Esser. - CVE-2006-1862: mod_mem_cache: Copy headers into longer lived storage; header names and values could previously point to cleaned up storage.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 26039
    published 2007-09-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26039
    title FreeBSD : apache -- multiple vulnerabilities (c115271d-602b-11dc-898c-001921ab2fa4)
  • NASL family Web Servers
    NASL id APACHE_1_3_41.NASL
    description According to its banner, the version of Apache 1.3.x running on the remote host is prior to 1.3.41. It is, therefore, affected by multiple vulnerabilities : - A denial of service issue in mod_proxy when parsing date-related headers. (CVE-2007-3847) - A cross-site scripting issue involving mod_imap. (CVE-2007-5000). - A cross-site scripting issue in mod_status involving the refresh parameter. (CVE-2007-6388) - A cross-site scripting issue using UTF-7 encoding in mod_proxy_ftp exists because it does not define a charset. (CVE-2008-0005) Note that the remote web server may not actually be affected by these vulnerabilities. Nessus did not try to determine whether the affected modules are in use or to check for the issues themselves.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 31408
    published 2008-03-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31408
    title Apache 1.3.x < 1.3.41 Multiple Vulnerabilities (DoS, XSS)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-575-1.NASL
    description It was discovered that Apache did not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. This was only vulnerable in Ubuntu 6.06. (CVE-2006-3918) It was discovered that when configured as a proxy server and using a threaded MPM, Apache did not properly sanitize its input. A remote attacker could send Apache crafted date headers and cause a denial of service via application crash. By default, mod_proxy is disabled in Ubuntu. (CVE-2007-3847) It was discovered that mod_autoindex did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. (CVE-2007-4465) It was discovered that mod_imap/mod_imagemap did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. By default, mod_imap/mod_imagemap is disabled in Ubuntu. (CVE-2007-5000) It was discovered that mod_status when status pages were available, allowed for cross-site scripting attacks. By default, mod_status is disabled in Ubuntu. (CVE-2007-6388) It was discovered that mod_proxy_balancer did not sanitize its input, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. By default, mod_proxy_balancer is disabled in Ubuntu. This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-6421) It was discovered that mod_proxy_balancer could be made to dereference a NULL pointer. A remote attacker could send a crafted request and cause a denial of service via application crash. By default, mod_proxy_balancer is disabled in Ubuntu. This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-6422) It was discovered that mod_proxy_ftp did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. By default, mod_proxy_ftp is disabled in Ubuntu. (CVE-2008-0005). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 30184
    published 2008-02-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=30184
    title Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : apache2 vulnerabilities (USN-575-1)
oval via4
accepted 2013-04-29T04:06:26.355-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
family unix
id oval:org.mitre.oval:def:10525
status accepted
submitted 2010-07-09T03:56:16-04:00
title The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
version 24
redhat via4
advisories
  • bugzilla
    id 250731
    title CVE-2007-3847 httpd out of bounds read
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment httpd is earlier than 0:2.2.3-11.el5
          oval oval:com.redhat.rhsa:tst:20070746002
        • comment httpd is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070556003
      • AND
        • comment httpd-devel is earlier than 0:2.2.3-11.el5
          oval oval:com.redhat.rhsa:tst:20070746008
        • comment httpd-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070556005
      • AND
        • comment httpd-manual is earlier than 0:2.2.3-11.el5
          oval oval:com.redhat.rhsa:tst:20070746004
        • comment httpd-manual is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070556009
      • AND
        • comment mod_ssl is earlier than 0:2.2.3-11.el5
          oval oval:com.redhat.rhsa:tst:20070746006
        • comment mod_ssl is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070556007
    rhsa
    id RHSA-2007:0746
    released 2007-11-07
    severity Moderate
    title RHSA-2007:0746: httpd security, bug fix, and enhancement update (Moderate)
  • bugzilla
    id 250731
    title CVE-2007-3847 httpd out of bounds read
    oval
    AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhba:tst:20070304001
    • OR
      • AND
        • comment httpd is earlier than 0:2.0.52-38.ent
          oval oval:com.redhat.rhsa:tst:20070747002
        • comment httpd is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060619003
      • AND
        • comment httpd-devel is earlier than 0:2.0.52-38.ent
          oval oval:com.redhat.rhsa:tst:20070747006
        • comment httpd-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060619005
      • AND
        • comment httpd-manual is earlier than 0:2.0.52-38.ent
          oval oval:com.redhat.rhsa:tst:20070747010
        • comment httpd-manual is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060619011
      • AND
        • comment httpd-suexec is earlier than 0:2.0.52-38.ent
          oval oval:com.redhat.rhsa:tst:20070747004
        • comment httpd-suexec is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070534011
      • AND
        • comment mod_ssl is earlier than 0:2.0.52-38.ent
          oval oval:com.redhat.rhsa:tst:20070747008
        • comment mod_ssl is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060619009
    rhsa
    id RHSA-2007:0747
    released 2007-11-15
    severity Moderate
    title RHSA-2007:0747: httpd security, bug fix, and enhancement update (Moderate)
  • rhsa
    id RHSA-2007:0911
  • rhsa
    id RHSA-2008:0005
rpms
  • httpd-0:2.2.3-11.el5
  • httpd-devel-0:2.2.3-11.el5
  • httpd-manual-0:2.2.3-11.el5
  • mod_ssl-0:2.2.3-11.el5
  • httpd-0:2.0.52-38.ent
  • httpd-devel-0:2.0.52-38.ent
  • httpd-manual-0:2.0.52-38.ent
  • httpd-suexec-0:2.0.52-38.ent
  • mod_ssl-0:2.0.52-38.ent
  • httpd-0:2.0.46-70.ent
  • httpd-devel-0:2.0.46-70.ent
  • mod_ssl-0:2.0.46-70.ent
refmap via4
aixapar
  • PK50469
  • PK52702
apple
  • APPLE-SA-2008-03-18
  • APPLE-SA-2008-05-28
bid 25489
bugtraq 20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server
cert TA08-150A
confirm
fedora
  • FEDORA-2007-2214
  • FEDORA-2007-707
gentoo GLSA-200711-06
hp
  • HPSBUX02273
  • SSRT071476
mandriva MDKSA-2007:235
mlist
  • [apache-cvs] 20070801 svn commit: r561616 - in /httpd/httpd/trunk: CHANGES
  • [apache-httpd-dev] 20070801 Re: svn commit: r561616 - in /httpd/httpd/trunk: CHANGES modules/proxy/proxy_util.c
  • [security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server
sectrack 1018633
secunia
  • 26636
  • 26722
  • 26790
  • 26842
  • 26952
  • 26993
  • 27209
  • 27563
  • 27593
  • 27732
  • 27882
  • 27971
  • 28467
  • 28606
  • 28749
  • 28922
  • 29420
  • 30430
slackware SSA:2008-045-02
suse SUSE-SA:2007:061
ubuntu USN-575-1
vupen
  • ADV-2007-3020
  • ADV-2007-3095
  • ADV-2007-3283
  • ADV-2007-3494
  • ADV-2007-3955
  • ADV-2008-0233
  • ADV-2008-0924
  • ADV-2008-1697
statements via4
contributor Mark J Cox
lastmodified 2008-07-02
organization Apache
statement Fixed in Apache HTTP Server 2.2.6 and 2.0.61: http://httpd.apache.org/security/vulnerabilities_22.html http://httpd.apache.org/security/vulnerabilities_20.html
Last major update 17-07-2013 - 11:25
Published 23-08-2007 - 18:17
Last modified 15-10-2018 - 17:31
Back to Top