Apache mod_proxy denial of service - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Apache mod_proxy denial of service
Published: 14.09.2007
Source: FULL-DISCLOSURE
SecurityVulns ID: 8155
Type: remote
Level: 5/10
Description: Buffer overread on server ersponse parsing.

Affected: APACHE : Apache 2.3
CVE: CVE-2007-3847 (The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.)

Original document RPATH, [Full-disclosure] rPSA-2007-0182-1 httpd mod_ssl (14.09.2007)

Discuss: Read or add your comments to this news (0 comments)