CVE - CVE-2007-1862

CVE-ID
CVE-2007-1862	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:24553 URL:http://www.securityfocus.com/bid/24553 CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=186219 CONFIRM:http://httpd.apache.org/security/vulnerabilities_22.html CONFIRM:http://issues.apache.org/bugzilla/show_bug.cgi?id=41551 CONFIRM:http://people.apache.org/~covener/2.2.x-mod_memcache-poolmgmt.diff CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html FEDORA:FEDORA-2007-2214 URL:http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html GENTOO:GLSA-200711-06 URL:http://security.gentoo.org/glsa/glsa-200711-06.xml MANDRIVA:MDKSA-2007:127 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:127 MANDRIVA:MDVSA-2013:150 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 MLIST:[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E MLIST:[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E MLIST:[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E MLIST:[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E OSVDB:38641 URL:http://osvdb.org/38641 SECUNIA:26273 URL:http://secunia.com/advisories/26273 SECUNIA:26842 URL:http://secunia.com/advisories/26842 SECUNIA:27563 URL:http://secunia.com/advisories/27563 VUPEN:ADV-2007-2231 URL:http://www.vupen.com/english/advisories/2007/2231 VUPEN:ADV-2007-2727 URL:http://www.vupen.com/english/advisories/2007/2727
Assigning CNA
Red Hat, Inc.
Date Entry Created
20070404	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070404)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select “Other” from dropdown)