CVE - CVE-2007-1863

CVE-ID
CVE-2007-1863	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server URL:http://www.securityfocus.com/archive/1/505990/100/0/threaded MLIST:[security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server URL:http://lists.vmware.com/pipermail/security-announce/2009/000062.html MISC:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=244658 CONFIRM:http://svn.apache.org/viewvc?view=rev&revision=535617 CONFIRM:https://issues.rpath.com/browse/RPL-1500 CONFIRM:http://httpd.apache.org/security/vulnerabilities_20.html CONFIRM:http://httpd.apache.org/security/vulnerabilities_22.html CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2007-353.htm CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=186219 CONFIRM:http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html AIXAPAR:PK49355 URL:http://www-1.ibm.com/support/docview.wss?uid=swg1PK49355 AIXAPAR:PK52702 URL:http://www-1.ibm.com/support/docview.wss?uid=swg1PK52702 APPLE:APPLE-SA-2008-05-28 URL:http://lists.apple.com/archives/security-announce/2008//May/msg00001.html FEDORA:FEDORA-2007-2214 URL:http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html GENTOO:GLSA-200711-06 URL:http://security.gentoo.org/glsa/glsa-200711-06.xml HP:HPSBUX02262 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 HP:SSRT071447 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 MANDRIVA:MDKSA-2007:140 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:140 MANDRIVA:MDKSA-2007:141 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:141 REDHAT:RHSA-2007:0534 URL:http://rhn.redhat.com/errata/RHSA-2007-0534.html REDHAT:RHSA-2007:0556 URL:http://rhn.redhat.com/errata/RHSA-2007-0556.html REDHAT:RHSA-2007:0533 URL:https://rhn.redhat.com/errata/RHSA-2007-0533.html REDHAT:RHSA-2007:0557 URL:http://www.redhat.com/support/errata/RHSA-2007-0557.html SUSE:SUSE-SA:2007:061 URL:http://www.novell.com/linux/security/advisories/2007_61_apache2.html TRUSTIX:2007-0026 URL:http://www.trustix.org/errata/2007/0026/ UBUNTU:USN-499-1 URL:http://www.ubuntu.com/usn/usn-499-1 CERT:TA08-150A URL:http://www.us-cert.gov/cas/techalerts/TA08-150A.html BID:24649 URL:http://www.securityfocus.com/bid/24649 OSVDB:37079 URL:http://osvdb.org/37079 OVAL:oval:org.mitre.oval:def:9824 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9824 VUPEN:ADV-2007-2727 URL:http://www.vupen.com/english/advisories/2007/2727 VUPEN:ADV-2007-3283 URL:http://www.vupen.com/english/advisories/2007/3283 VUPEN:ADV-2007-3386 URL:http://www.vupen.com/english/advisories/2007/3386 VUPEN:ADV-2008-1697 URL:http://www.vupen.com/english/advisories/2008/1697 SECTRACK:1018303 URL:http://www.securitytracker.com/id?1018303 SECUNIA:25830 URL:http://secunia.com/advisories/25830 SECUNIA:25873 URL:http://secunia.com/advisories/25873 SECUNIA:25920 URL:http://secunia.com/advisories/25920 SECUNIA:26273 URL:http://secunia.com/advisories/26273 SECUNIA:26443 URL:http://secunia.com/advisories/26443 SECUNIA:26508 URL:http://secunia.com/advisories/26508 SECUNIA:26822 URL:http://secunia.com/advisories/26822 SECUNIA:26842 URL:http://secunia.com/advisories/26842 SECUNIA:26993 URL:http://secunia.com/advisories/26993 SECUNIA:27037 URL:http://secunia.com/advisories/27037 SECUNIA:27563 URL:http://secunia.com/advisories/27563 SECUNIA:27732 URL:http://secunia.com/advisories/27732 SECUNIA:28606 URL:http://secunia.com/advisories/28606 SECUNIA:30430 URL:http://secunia.com/advisories/30430 VUPEN:ADV-2008-0233 URL:http://www.vupen.com/english/advisories/2008/0233
Assigning CNA
N/A
Date Entry Created
20070404	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070404)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org