CVE - CVE-2007-6422

CVE-ID
CVE-2007-6422	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:27236 URL:http://www.securityfocus.com/bid/27236 BUGTRAQ:20080110 SecurityReason - Apache2 CSRF, XSS, Memory Corruption and Denial of Service Vulnerability URL:http://www.securityfocus.com/archive/1/486169/100/0/threaded CONFIRM:http://httpd.apache.org/security/vulnerabilities_22.html FEDORA:FEDORA-2008-1695 URL:https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00562.html FEDORA:FEDORA-2008-1711 URL:https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00541.html GENTOO:GLSA-200803-19 URL:http://security.gentoo.org/glsa/glsa-200803-19.xml MANDRIVA:MDVSA-2008:016 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:016 MLIST:[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E MLIST:[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E MLIST:[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E MLIST:[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E OVAL:oval:org.mitre.oval:def:10181 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10181 OVAL:oval:org.mitre.oval:def:8690 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8690 REDHAT:RHSA-2008:0008 URL:http://www.redhat.com/support/errata/RHSA-2008-0008.html REDHAT:RHSA-2008:0009 URL:http://www.redhat.com/support/errata/RHSA-2008-0009.html SECUNIA:28526 URL:http://secunia.com/advisories/28526 SECUNIA:28749 URL:http://secunia.com/advisories/28749 SECUNIA:28977 URL:http://secunia.com/advisories/28977 SECUNIA:29348 URL:http://secunia.com/advisories/29348 SECUNIA:29640 URL:http://secunia.com/advisories/29640 SREASON:3523 URL:http://securityreason.com/securityalert/3523 SUSE:SUSE-SA:2008:021 URL:http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html UBUNTU:USN-575-1 URL:http://www.ubuntu.com/usn/usn-575-1 VUPEN:ADV-2008-0048 URL:http://www.vupen.com/english/advisories/2008/0048 XF:apache-modproxybalancer-dos(39476) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/39476
Assigning CNA
MITRE Corporation
Date Entry Created
20071217	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20071217)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select “Other” from dropdown)