CVE - CVE-2007-3847

CVE-ID
CVE-2007-3847	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server URL:http://www.securityfocus.com/archive/1/505990/100/0/threaded MLIST:[apache-cvs] 20070801 svn commit: r561616 - in /httpd/httpd/trunk: CHANGES URL:http://marc.info/?l=apache-cvs&m=118592992309395&w=2 MLIST:[apache-httpd-dev] 20070801 Re: svn commit: r561616 - in /httpd/httpd/trunk: CHANGES modules/proxy/proxy_util.c URL:http://marc.info/?l=apache-httpd-dev&m=118595556504202&w=2 MLIST:[apache-httpd-dev] 20070801 Re: svn commit: r561616 - in /httpd/httpd/trunk: CHANGES modules/proxy/proxy_util.c URL:http://marc.info/?l=apache-httpd-dev&m=118595953217856&w=2 MLIST:[security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server URL:http://lists.vmware.com/pipermail/security-announce/2009/000062.html CONFIRM:http://httpd.apache.org/security/vulnerabilities_20.html CONFIRM:http://httpd.apache.org/security/vulnerabilities_22.html CONFIRM:https://issues.rpath.com/browse/RPL-1710 CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=186219 CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2007-500.htm CONFIRM:http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951 CONFIRM:http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html CONFIRM:http://docs.info.apple.com/article.html?artnum=307562 CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html AIXAPAR:PK50469 URL:http://www-1.ibm.com/support/docview.wss?uid=swg1PK50469 AIXAPAR:PK52702 URL:http://www-1.ibm.com/support/docview.wss?uid=swg1PK52702 APPLE:APPLE-SA-2008-03-18 URL:http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html APPLE:APPLE-SA-2008-05-28 URL:http://lists.apple.com/archives/security-announce/2008//May/msg00001.html FEDORA:FEDORA-2007-2214 URL:http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html FEDORA:FEDORA-2007-707 URL:https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00353.html GENTOO:GLSA-200711-06 URL:http://security.gentoo.org/glsa/glsa-200711-06.xml HP:HPSBUX02273 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01182588 HP:SSRT071476 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01182588 MANDRIVA:MDKSA-2007:235 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:235 REDHAT:RHSA-2007:0911 URL:http://www.redhat.com/support/errata/RHSA-2007-0911.html REDHAT:RHSA-2007:0746 URL:http://www.redhat.com/support/errata/RHSA-2007-0746.html REDHAT:RHSA-2007:0747 URL:http://www.redhat.com/support/errata/RHSA-2007-0747.html REDHAT:RHSA-2008:0005 URL:http://www.redhat.com/support/errata/RHSA-2008-0005.html SLACKWARE:SSA:2008-045-02 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.595748 SUSE:SUSE-SA:2007:061 URL:http://www.novell.com/linux/security/advisories/2007_61_apache2.html UBUNTU:USN-575-1 URL:http://www.ubuntu.com/usn/usn-575-1 CERT:TA08-150A URL:http://www.us-cert.gov/cas/techalerts/TA08-150A.html BID:25489 URL:http://www.securityfocus.com/bid/25489 OVAL:oval:org.mitre.oval:def:10525 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10525 VUPEN:ADV-2007-3020 URL:http://www.vupen.com/english/advisories/2007/3020 VUPEN:ADV-2007-3095 URL:http://www.vupen.com/english/advisories/2007/3095 VUPEN:ADV-2007-3283 URL:http://www.vupen.com/english/advisories/2007/3283 VUPEN:ADV-2007-3494 URL:http://www.vupen.com/english/advisories/2007/3494 VUPEN:ADV-2007-3955 URL:http://www.vupen.com/english/advisories/2007/3955 VUPEN:ADV-2008-0924 URL:http://www.vupen.com/english/advisories/2008/0924/references VUPEN:ADV-2008-1697 URL:http://www.vupen.com/english/advisories/2008/1697 SECTRACK:1018633 URL:http://www.securitytracker.com/id?1018633 SECUNIA:26636 URL:http://secunia.com/advisories/26636 SECUNIA:26722 URL:http://secunia.com/advisories/26722 SECUNIA:26790 URL:http://secunia.com/advisories/26790 SECUNIA:26842 URL:http://secunia.com/advisories/26842 SECUNIA:26952 URL:http://secunia.com/advisories/26952 SECUNIA:26993 URL:http://secunia.com/advisories/26993 SECUNIA:27209 URL:http://secunia.com/advisories/27209 SECUNIA:27563 URL:http://secunia.com/advisories/27563 SECUNIA:27593 URL:http://secunia.com/advisories/27593 SECUNIA:27732 URL:http://secunia.com/advisories/27732 SECUNIA:27882 URL:http://secunia.com/advisories/27882 SECUNIA:27971 URL:http://secunia.com/advisories/27971 SECUNIA:28467 URL:http://secunia.com/advisories/28467 SECUNIA:28749 URL:http://secunia.com/advisories/28749 SECUNIA:28606 URL:http://secunia.com/advisories/28606 SECUNIA:28922 URL:http://secunia.com/advisories/28922 SECUNIA:29420 URL:http://secunia.com/advisories/29420 SECUNIA:30430 URL:http://secunia.com/advisories/30430 VUPEN:ADV-2008-0233 URL:http://www.vupen.com/english/advisories/2008/0233
Assigning CNA
N/A
Date Entry Created
20070718	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070718)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org