CVE-2007-6420 — Cross-Site Request Forgery in Apache Http Server

CWE-352 — Cross-Site Request Forgery9 documents8 sources

Severity

4.3MEDIUMNVD

EPSS

5.5%

top 9.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Http Server Canonical Ubuntu Linux

Timeline

PublishedJan 12

Latest updateMay 1

Description

Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDapache/http_server7 versions+6

Also affects: Ubuntu Linux 6.06, 7.10, 8.04

Patches

Patch: www.securityfocus.com ↗Patch: lists.apache.org ↗Patch: lists.apache.org ↗

🔴Vulnerability Details

GHSA

GHSA-6p65-8p9q-94p9: Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2↗2022-05-01

▶

CVEList

CVE-2007-6420: Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2↗2008-01-12

▶

OSV

CVE-2007-6420: Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2↗2008-01-12

▶

📋Vendor Advisories

Ubuntu

Apache vulnerabilities↗2009-03-10

▶

Red Hat

mod_proxy_balancer: mod_proxy_balancer CSRF↗2008-09-01

▶

Debian

CVE-2007-6420: apache2 - Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_p...↗2007

▶

💬Community

Bugzilla

CVE-2007-6420 mod_proxy_balancer: mod_proxy_balancer CSRF↗2008-11-11

▶

Bugzilla

Security: CVE-2008-2364, CVE-2007-6420: Apache 2.2.9 released, offers significant performance/security improvements↗2008-07-04

▶