CVE-2007-1863 — Apache Http Server vulnerability

8 documents8 sources

Severity

5.0MEDIUMNVD

EPSS

28.0%

top 3.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Http Server Apple MAC OS X Server

Timeline

PublishedJun 27

Latest updateMay 1

Description

cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDapache/http_server2.0.37 — 2.0.61+1

▶NVDapple/mac_os_x_server36 versions+35

🔴Vulnerability Details

GHSA

GHSA-hcvj-926w-fhhh: cache_util↗2022-05-01

▶

CVEList

CVE-2007-1863: cache_util↗2007-06-27

▶

OSV

CVE-2007-1863: cache_util↗2007-06-27

▶

📋Vendor Advisories

Ubuntu

Apache vulnerabilities↗2007-08-17

▶

Red Hat

httpd mod_cache segfault↗2007-05-02

▶

Debian

CVE-2007-1863: apache2 - cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching...↗2007

▶

💬Community

Bugzilla

CVE-2007-1863 httpd mod_cache segfault↗2007-06-18

▶