CVE - CVE-2007-3847

CVE-ID
CVE-2007-3847	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1018633 URL:http://www.securitytracker.com/id?1018633 MISC:20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server URL:http://www.securityfocus.com/archive/1/505990/100/0/threaded MISC:25489 URL:http://www.securityfocus.com/bid/25489 MISC:26636 URL:http://secunia.com/advisories/26636 MISC:26722 URL:http://secunia.com/advisories/26722 MISC:26790 URL:http://secunia.com/advisories/26790 MISC:26842 URL:http://secunia.com/advisories/26842 MISC:26952 URL:http://secunia.com/advisories/26952 MISC:26993 URL:http://secunia.com/advisories/26993 MISC:27209 URL:http://secunia.com/advisories/27209 MISC:27563 URL:http://secunia.com/advisories/27563 MISC:27593 URL:http://secunia.com/advisories/27593 MISC:27732 URL:http://secunia.com/advisories/27732 MISC:27882 URL:http://secunia.com/advisories/27882 MISC:27971 URL:http://secunia.com/advisories/27971 MISC:28467 URL:http://secunia.com/advisories/28467 MISC:28606 URL:http://secunia.com/advisories/28606 MISC:28749 URL:http://secunia.com/advisories/28749 MISC:28922 URL:http://secunia.com/advisories/28922 MISC:29420 URL:http://secunia.com/advisories/29420 MISC:30430 URL:http://secunia.com/advisories/30430 MISC:ADV-2007-3020 URL:~~http://www.vupen.com/english/advisories/2007/3020~~ (Obsolete source) MISC:ADV-2007-3095 URL:~~http://www.vupen.com/english/advisories/2007/3095~~ (Obsolete source) MISC:ADV-2007-3283 URL:~~http://www.vupen.com/english/advisories/2007/3283~~ (Obsolete source) MISC:ADV-2007-3494 URL:~~http://www.vupen.com/english/advisories/2007/3494~~ (Obsolete source) MISC:ADV-2007-3955 URL:~~http://www.vupen.com/english/advisories/2007/3955~~ (Obsolete source) MISC:ADV-2008-0233 URL:~~http://www.vupen.com/english/advisories/2008/0233~~ (Obsolete source) MISC:ADV-2008-0924 URL:~~http://www.vupen.com/english/advisories/2008/0924/references~~ (Obsolete source) MISC:ADV-2008-1697 URL:~~http://www.vupen.com/english/advisories/2008/1697~~ (Obsolete source) MISC:APPLE-SA-2008-03-18 URL:http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html MISC:APPLE-SA-2008-05-28 URL:http://lists.apple.com/archives/security-announce/2008//May/msg00001.html MISC:FEDORA-2007-2214 URL:http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html MISC:FEDORA-2007-707 URL:https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00353.html MISC:GLSA-200711-06 URL:http://security.gentoo.org/glsa/glsa-200711-06.xml MISC:HPSBUX02273 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01182588 MISC:MDKSA-2007:235 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2007:235~~ (Obsolete source) MISC:PK50469 URL:http://www-1.ibm.com/support/docview.wss?uid=swg1PK50469 MISC:PK52702 URL:http://www-1.ibm.com/support/docview.wss?uid=swg1PK52702 MISC:RHSA-2007:0746 URL:http://www.redhat.com/support/errata/RHSA-2007-0746.html MISC:RHSA-2007:0747 URL:http://www.redhat.com/support/errata/RHSA-2007-0747.html MISC:RHSA-2007:0911 URL:http://www.redhat.com/support/errata/RHSA-2007-0911.html MISC:RHSA-2008:0005 URL:http://www.redhat.com/support/errata/RHSA-2008-0005.html MISC:SSA:2008-045-02 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.595748 MISC:SSRT071476 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01182588 MISC:SUSE-SA:2007:061 URL:http://www.novell.com/linux/security/advisories/2007_61_apache2.html MISC:TA08-150A URL:http://www.us-cert.gov/cas/techalerts/TA08-150A.html MISC:USN-575-1 URL:http://www.ubuntu.com/usn/usn-575-1 MISC:[apache-cvs] 20070801 svn commit: r561616 - in /httpd/httpd/trunk: CHANGES URL:http://marc.info/?l=apache-cvs&m=118592992309395&w=2 MISC:[apache-httpd-dev] 20070801 Re: svn commit: r561616 - in /httpd/httpd/trunk: CHANGES modules/proxy/proxy_util.c URL:http://marc.info/?l=apache-httpd-dev&m=118595556504202&w=2 MISC:[apache-httpd-dev] 20070801 Re: svn commit: r561616 - in /httpd/httpd/trunk: CHANGES modules/proxy/proxy_util.c URL:http://marc.info/?l=apache-httpd-dev&m=118595953217856&w=2 MISC:[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ URL:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1073139 [4/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ URL:https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/ URL:https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ URL:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1073149 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ URL:https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1888194 [4/13] - /httpd/site/trunk/content/security/json/ URL:https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E MISC:[security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server URL:http://lists.vmware.com/pipermail/security-announce/2009/000062.html MISC:http://bugs.gentoo.org/show_bug.cgi?id=186219 URL:http://bugs.gentoo.org/show_bug.cgi?id=186219 MISC:http://docs.info.apple.com/article.html?artnum=307562 URL:http://docs.info.apple.com/article.html?artnum=307562 MISC:http://httpd.apache.org/security/vulnerabilities_20.html URL:http://httpd.apache.org/security/vulnerabilities_20.html MISC:http://httpd.apache.org/security/vulnerabilities_22.html URL:http://httpd.apache.org/security/vulnerabilities_22.html MISC:http://support.avaya.com/elmodocs2/security/ASA-2007-500.htm URL:http://support.avaya.com/elmodocs2/security/ASA-2007-500.htm MISC:http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951 URL:http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951 MISC:http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html URL:http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html MISC:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html URL:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html MISC:https://issues.rpath.com/browse/RPL-1710 URL:https://issues.rpath.com/browse/RPL-1710 MISC:oval:org.mitre.oval:def:10525 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10525
Assigning CNA
Red Hat, Inc.
Date Record Created
20070718	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070718)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)

Use of the CVE® List and the associated references from this website are subject to the terms of use. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999–2024, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation.