CVE-2007-3847 - CVE Reference - Advisories

Software Inspectors

	Scan Online

	Personal (PSI)

	Network (NSI 2.0) - NEW -

Solutions For

	Security Professionals

	Security Vendors

Free Solutions For

	Open Communities

	Journalists & Media

Secunia Advisories

	Search

	Historic Advisories

	Listed By Product

	Listed By Vendor

	Statistics / Graphs

	Secunia Research

	Report Vulnerability

	About Advisories

Virus Information

	Chronological List

	Last 10 Virus Alerts

	About Virus Information

Secunia Customers

	Customer Area

CVE Reference: CVE-2007-3847

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-3847

Description: The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.

CVE Status: Candidate

References: UBUNTU http://www.ubuntu.com/usn/usn-575-1 SUSE http://www.novell.com/linux/security/advisories/2007_61_apache2.html ST 1018633 SLACKWARE http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.595748 SAID Secunia Advisory: SA27732 Secunia Advisory: SA27593 Secunia Advisory: SA27563 Secunia Advisory: SA27209 Secunia Advisory: SA26993 Secunia Advisory: SA26952 Secunia Advisory: SA26842 Secunia Advisory: SA26790 Secunia Advisory: SA26636 Secunia Advisory: SA26722 Secunia Advisory: SA27882 Secunia Advisory: SA27971 Secunia Advisory: SA28467 Secunia Advisory: SA28749 Secunia Advisory: SA28606 Secunia Advisory: SA28922 Secunia Advisory: SA29420 REDHAT http://www.redhat.com/support/errata/RHSA-2008-0005.html http://www.redhat.com/support/errata/RHSA-2007-0747.html http://www.redhat.com/support/errata/RHSA-2007-0911.html http://www.redhat.com/support/errata/RHSA-2007-0746.html MLIST http://marc.info/?l=apache-httpd-dev&m=118595953217856&w=2 http://marc.info/?l=apache-httpd-dev&m=118595556504202&w=2 http://marc.info/?l=apache-cvs&m=118592992309395&w=2 MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2007:235 HP http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01182588 GENTOO http://security.gentoo.org/glsa/glsa-200711-06.xml FEDORA http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=186219 http://support.avaya.com/elmodocs2/security/ASA-2007-500.htm http://docs.info.apple.com/article.html?artnum=307562 http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951 http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html http://httpd.apache.org/security/vulnerabilities_20.html http://httpd.apache.org/security/vulnerabilities_22.html BID 25489 APPLE http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html AIXAPAR http://www-1.ibm.com/support/docview.wss?uid=swg1PK52702 http://www-1.ibm.com/support/docview.wss?uid=swg1PK50469

Return to the previous page.

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	Yahoo! Assistant yNotifier.dll ActiveX Control Code Execution

2.	Cyberfolio "rep" File Inclusion Vulnerability

3.	OpenKM Document Export Security Issue

4.	Zarafa Script Insertion Vulnerabilities

5.	TFTP Server SP Long Error Message Buffer Overflow

6.	Slackware update for thunderbird

7.	Maian Search Cross-Site Scripting and SQL Injection Vulnerabilities

8.	SazCart Multiple File Inclusion Vulnerabilities

9.	Slackware update for php

10.	InfoBiz Server "keywords" Cross-Site Scripting Vulnerability