ID |
CVE-2007-3304
|
Summary |
Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer." |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:apache:http_server:1.3.37:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.37:*:*:*:*:*:*:*
-
cpe:2.3:a:apache:http_server:2.0.59:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.59:*:*:*:*:*:*:*
-
cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*
|
CVSS |
Base: | 4.7 (as of 06-06-2021 - 11:15) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
LOCAL |
MEDIUM |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
NONE |
NONE |
COMPLETE |
|
cvss-vector
via4
|
AV:L/AC:M/Au:N/C:N/I:N/A:C
|
oval
via4
|
accepted | 2013-04-29T04:14:49.970-04:00 | class | vulnerability | contributors | name | Aharon Chernin | organization | SCAP.com, LLC |
name | Dragos Prisaca | organization | G2, Inc. |
| definition_extensions | comment | The operating system installed on the system is Red Hat Enterprise Linux 3 | oval | oval:org.mitre.oval:def:11782 |
comment | CentOS Linux 3.x | oval | oval:org.mitre.oval:def:16651 |
comment | The operating system installed on the system is Red Hat Enterprise Linux 4 | oval | oval:org.mitre.oval:def:11831 |
comment | CentOS Linux 4.x | oval | oval:org.mitre.oval:def:16636 |
comment | Oracle Linux 4.x | oval | oval:org.mitre.oval:def:15990 |
comment | The operating system installed on the system is Red Hat Enterprise Linux 5 | oval | oval:org.mitre.oval:def:11414 |
comment | The operating system installed on the system is CentOS Linux 5.x | oval | oval:org.mitre.oval:def:15802 |
comment | Oracle Linux 5.x | oval | oval:org.mitre.oval:def:15459 |
| description | Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer." | family | unix | id | oval:org.mitre.oval:def:11589 | status | accepted | submitted | 2010-07-09T03:56:16-04:00 | title | Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer." | version | 30 |
|
redhat
via4
|
|
refmap
via4
|
aixapar | | bid | 24215 | bugtraq | - 20070529 Apache httpd vulenrabilities
- 20070619 Apache Prefork MPM vulnerabilities - Report
- 20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server
| confirm | | fedora | FEDORA-2007-2214 | gentoo | GLSA-200711-06 | hp | | mandriva | - MDKSA-2007:140
- MDKSA-2007:142
| misc | | mlist | - [apache-httpd-dev] 20070622 Re: PID table changes (was Re: svn commit: r547987 - in /httpd/httpd/trunk)
- [apache-httpd-dev] 20070629 Re: [PATCH] pid safety checks for 2.2.x
- [httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
- [httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
- [httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
- [httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
- [httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
- [httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
- [httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
- [httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
- [security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server
| osvdb | 38939 | sectrack | 1018304 | secunia | - 25827
- 25830
- 25920
- 26211
- 26273
- 26443
- 26508
- 26611
- 26759
- 26790
- 26822
- 26842
- 26993
- 27121
- 27209
- 27563
- 27732
- 28212
- 28224
- 28606
| sgi | 20070701-01-P | sreason | 2814 | sunalert | | suse | SUSE-SA:2007:061 | trustix | 2007-0026 | ubuntu | USN-499-1 | vupen | - ADV-2007-2727
- ADV-2007-3100
- ADV-2007-3283
- ADV-2007-3420
- ADV-2007-3494
- ADV-2007-4305
- ADV-2008-0233
| xf | apache-child-process-dos(35095) |
|
statements
via4
|
contributor | Mark J Cox | lastmodified | 2008-07-02 | organization | Apache | statement | Fixed in Apache HTTP Server 2.2.6, 2.0.61, and 1.3.39:
http://httpd.apache.org/security/vulnerabilities_22.html
http://httpd.apache.org/security/vulnerabilities_20.html
http://httpd.apache.org/security/vulnerabilities_13.html |
|
Last major update |
06-06-2021 - 11:15 |
Published |
20-06-2007 - 22:30 |
Last modified |
06-06-2021 - 11:15 |