CVE-2007-3303Code Injection in Apache Http Server

CWE-94Code Injection7 documents7 sources
Severity
4.9MEDIUMNVD
EPSS
0.1%
top 75.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Http Server
Timeline
PublishedJun 20
Latest updateMay 1

Description

Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.

CVSS vector

AV:L/AC:L/C:N/I:N/A:CExploitability: 3.9 | Impact: 6.9

Affected Packages1 packages

NVDapache/http_server2.0.59, 2.2.4+1

🔴Vulnerability Details

3
GHSA
GHSA-hxj5-ccfq-hvjx: Apache httpd 22022-05-01
OSV
CVE-2007-3303: Apache httpd 22007-06-20
CVEList
CVE-2007-3303: Apache httpd 22007-06-20

📋Vendor Advisories

2
Debian
CVE-2007-3303: apache2 - Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users t...2007
Red Hat
CVE-2007-3303: Apache httpd 2

💬Community

1
Bugzilla
CVE-2007-3303 httpd worker DoS2007-06-21
CVE-2007-3303 — Code Injection in Apache Http Server | cvebase