ID CVE-2007-6423
Summary ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_nt:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:*:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:-:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:-:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:*
CVSS
Base: 7.8 (as of 30-10-2018 - 16:25)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:C
refmap via4
bid 27236
bugtraq 20080110 SecurityReason - Apache2 CSRF, XSS, Memory Corruption and Denial of Service Vulnerability
sreason 3523
statements via4
contributor Mark J Cox
lastmodified 2008-01-24
organization Red Hat
statement mod_proxy_balancer is included in the version of Apache HTTP Server as shipped in Red Hat Enterprise Linux 5 and Red Hat Application Stack v2. Red Hat was unable to reproduce this issue.
Last major update 30-10-2018 - 16:25
Published 12-01-2008 - 00:46
Back to Top