Moderate

CVE-2007-6422 - Resource Management Errors vulnerability in Apache HTTP Server

Publication: 2008-01-08

Summary

The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.

Classification

CWE-399: Resource Management Errors

Risk level (CVSS 4)

Moderate

4.0

Access Vector

Network
Adjacent Network
Local

Access Complexity

Low
Medium
High

Authentication

None
Single
Multiple

Confident. Impact

Complete
Partial
None

Integrity Impact

Complete
Partial
None

Affected Products

Apache Http Server -
Apache Http Server 2.2
Apache Http Server 2.2.1
Apache Http Server 2.2.2
Apache Http Server 2.2.3
Apache Http Server 2.2.4
Apache Http Server 2.2.6

References

http://httpd.apache.org/security/vulnerabilities_22.html
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html
http://security.gentoo.org/glsa/glsa-200803-19.xml
http://securityreason.com/securityalert/3523
http://www.mandriva.com/security/advisories?name=MDVSA-2008:016
http://www.redhat.com/support/errata/RHSA-2008-0008.html
http://www.redhat.com/support/errata/RHSA-2008-0009.html
http://www.securityfocus.com/archive/1/486169/100/0/threaded
http://www.securityfocus.com/bid/27236
http://www.ubuntu.com/usn/usn-575-1
http://www.vupen.com/english/advisories/2008/0048
https://exchange.xforce.ibmcloud.com/vulnerabilities/39476
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00541.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00562.html