CVE - CVE-2007-1863

CVE-ID
CVE-2007-1863	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1018303 URL:http://www.securitytracker.com/id?1018303 MISC:2007-0026 URL:~~http://www.trustix.org/errata/2007/0026/~~ (Obsolete source - check if archived by the Wayback Machine) MISC:20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server URL:http://www.securityfocus.com/archive/1/505990/100/0/threaded MISC:24649 URL:http://www.securityfocus.com/bid/24649 MISC:25830 URL:http://secunia.com/advisories/25830 MISC:25873 URL:http://secunia.com/advisories/25873 MISC:25920 URL:http://secunia.com/advisories/25920 MISC:26273 URL:http://secunia.com/advisories/26273 MISC:26443 URL:http://secunia.com/advisories/26443 MISC:26508 URL:http://secunia.com/advisories/26508 MISC:26822 URL:http://secunia.com/advisories/26822 MISC:26842 URL:http://secunia.com/advisories/26842 MISC:26993 URL:http://secunia.com/advisories/26993 MISC:27037 URL:http://secunia.com/advisories/27037 MISC:27563 URL:http://secunia.com/advisories/27563 MISC:27732 URL:http://secunia.com/advisories/27732 MISC:28606 URL:http://secunia.com/advisories/28606 MISC:30430 URL:http://secunia.com/advisories/30430 MISC:37079 URL:~~http://osvdb.org/37079~~ (Obsolete source) MISC:ADV-2007-2727 URL:~~http://www.vupen.com/english/advisories/2007/2727~~ (Obsolete source) MISC:ADV-2007-3283 URL:~~http://www.vupen.com/english/advisories/2007/3283~~ (Obsolete source) MISC:ADV-2007-3386 URL:~~http://www.vupen.com/english/advisories/2007/3386~~ (Obsolete source) MISC:ADV-2008-0233 URL:~~http://www.vupen.com/english/advisories/2008/0233~~ (Obsolete source) MISC:ADV-2008-1697 URL:~~http://www.vupen.com/english/advisories/2008/1697~~ (Obsolete source) MISC:APPLE-SA-2008-05-28 URL:http://lists.apple.com/archives/security-announce/2008//May/msg00001.html MISC:FEDORA-2007-2214 URL:http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html MISC:GLSA-200711-06 URL:http://security.gentoo.org/glsa/glsa-200711-06.xml MISC:HPSBUX02262 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 MISC:MDKSA-2007:140 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2007:140~~ (Obsolete source) MISC:MDKSA-2007:141 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2007:141~~ (Obsolete source) MISC:PK49355 URL:http://www-1.ibm.com/support/docview.wss?uid=swg1PK49355 MISC:PK52702 URL:http://www-1.ibm.com/support/docview.wss?uid=swg1PK52702 MISC:RHSA-2007:0533 URL:https://rhn.redhat.com/errata/RHSA-2007-0533.html MISC:RHSA-2007:0534 URL:http://rhn.redhat.com/errata/RHSA-2007-0534.html MISC:RHSA-2007:0556 URL:http://rhn.redhat.com/errata/RHSA-2007-0556.html MISC:RHSA-2007:0557 URL:http://www.redhat.com/support/errata/RHSA-2007-0557.html MISC:SSRT071447 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 MISC:SUSE-SA:2007:061 URL:http://www.novell.com/linux/security/advisories/2007_61_apache2.html MISC:TA08-150A URL:http://www.us-cert.gov/cas/techalerts/TA08-150A.html MISC:USN-499-1 URL:http://www.ubuntu.com/usn/usn-499-1 MISC:[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ URL:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1073139 [4/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ URL:https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/ URL:https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ URL:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1073149 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ URL:https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1888194 [4/13] - /httpd/site/trunk/content/security/json/ URL:https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210422 svn commit: r1074079 [2/3] - in /websites/staging/httpd/trunk/content: ./ apreq/ contribute/ contributors/ dev/ docs-project/ docs/ info/ mod_fcgid/ mod_ftp/ mod_mbox/ mod_smtpd/ modules/ security/ test/ test/flood/ URL:https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E MISC:[security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server URL:http://lists.vmware.com/pipermail/security-announce/2009/000062.html MISC:http://bugs.gentoo.org/show_bug.cgi?id=186219 URL:http://bugs.gentoo.org/show_bug.cgi?id=186219 MISC:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=244658 URL:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=244658 MISC:http://httpd.apache.org/security/vulnerabilities_20.html URL:http://httpd.apache.org/security/vulnerabilities_20.html MISC:http://httpd.apache.org/security/vulnerabilities_22.html URL:http://httpd.apache.org/security/vulnerabilities_22.html MISC:http://support.avaya.com/elmodocs2/security/ASA-2007-353.htm URL:http://support.avaya.com/elmodocs2/security/ASA-2007-353.htm MISC:http://svn.apache.org/viewvc?view=rev&revision=535617 URL:http://svn.apache.org/viewvc?view=rev&revision=535617 MISC:http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html URL:http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html MISC:https://issues.rpath.com/browse/RPL-1500 URL:https://issues.rpath.com/browse/RPL-1500 MISC:oval:org.mitre.oval:def:9824 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9824
Assigning CNA
Red Hat, Inc.
Date Record Created
20070404	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070404)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)

Site Map | Terms of Use | Privacy Policy | Contact Us | Follow CVE

Use of the CVE® List and the associated references from this website are subject to the terms of use. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999–2024, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation.