CVE-2007-6422 — Apache Http Server vulnerability

CWE-3997 documents7 sources

Severity

4.0MEDIUMNVD

EPSS

5.5%

top 9.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Http Server

Timeline

PublishedJan 8

Latest updateMay 1

Description

The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

▶NVDapache/http_server6 versions+5

🔴Vulnerability Details

GHSA

GHSA-qmrc-358m-f76x: The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2↗2022-05-01

▶

OSV

CVE-2007-6422: The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2↗2008-01-08

▶

CVEList

CVE-2007-6422: The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2↗2008-01-08

▶

📋Vendor Advisories

Ubuntu

Apache vulnerabilities↗2008-02-04

▶

Red Hat

httpd mod_proxy_balancer crash↗2008-01-01

▶

Debian

CVE-2007-6422: apache2 - The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2....↗2007

▶