CVE-2007-3847

CWE-125 — Out-of-bounds Read12 documents9 sources

Severity

5.0MEDIUM

EPSS

23.3%

top 4.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Http Server Canonical Ubuntu Linux Fedoraproject Fedora +1 more

Timeline

PublishedAug 23

Latest updateMay 1

Description

The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶NVDapache/http_server2.0.35 — 2.0.61+1

▶Debianapache2< 2.2.6-1+3

▶NVDfedoraproject/fedora_core6

Also affects: Fedora 7, Ubuntu Linux 6.06, 6.10, 7.04, 7.10

🔴Vulnerability Details

GHSA

GHSA-v7h4-gr67-jxvj: The date handling code in modules/proxy/proxy_util↗2022-05-01

▶

OSV

CVE-2007-3847: The date handling code in modules/proxy/proxy_util↗2007-08-23

▶

CVEList

CVE-2007-3847: The date handling code in modules/proxy/proxy_util↗2007-08-23

▶

📋Vendor Advisories

Ubuntu

Apache vulnerabilities↗2008-02-04

▶

Red Hat

httpd: out of bounds read↗2007-08-01

▶

Debian

CVE-2007-3847: apache2 - The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0...↗2007

▶

Apache

Apache httpd: CVE-2007-3847↗

▶

💬Community

Bugzilla

CVE-2007-3847 httpd out of bounds read [FC6]↗2007-08-03

▶

Bugzilla

CVE-2007-3847 httpd: out of bounds read↗2007-08-03

▶

Bugzilla

CVE-2007-3847 httpd out of bounds read [F7]↗2007-08-03

▶

Bugzilla

CVE-2007-3847 httpd out of bounds read [Fdevel]↗2007-08-03

▶