ID
VAR-E-200705-0518
CVE
cve_id: | CVE-2007-3304 | Trust: 0.3 |
TITLE
Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
Trust: 0.3
DESCRIPTION
Apache is prone to multiple denial-of-service vulnerabilities.
An attacker with the ability to execute arbitrary server-side script-code can exploit these issues to stop arbitrary services on the affected computer in the context of the master webserver process; other attacks may also be possible.
Trust: 0.3
AFFECTED PRODUCTS
vendor: | vmware | model: | workstation | scope: | eq | version: | 6.5.2 | Trust: 0.3 |
vendor: | vmware | model: | workstation | scope: | eq | version: | 6.5.1 | Trust: 0.3 |
vendor: | vmware | model: | player | scope: | eq | version: | 2.5.2 | Trust: 0.3 |
vendor: | vmware | model: | player | scope: | eq | version: | 2.5.1 | Trust: 0.3 |
vendor: | vmware | model: | ace | scope: | eq | version: | 2.5.2 | Trust: 0.3 |
vendor: | vmware | model: | ace | scope: | eq | version: | 2.5.1 | Trust: 0.3 |
vendor: | ubuntu | model: | linux sparc | scope: | eq | version: | 7.04 | Trust: 0.3 |
vendor: | ubuntu | model: | linux powerpc | scope: | eq | version: | 7.04 | Trust: 0.3 |
vendor: | ubuntu | model: | linux i386 | scope: | eq | version: | 7.04 | Trust: 0.3 |
vendor: | ubuntu | model: | linux amd64 | scope: | eq | version: | 7.04 | Trust: 0.3 |
vendor: | ubuntu | model: | linux sparc | scope: | eq | version: | 6.10 | Trust: 0.3 |
vendor: | ubuntu | model: | linux powerpc | scope: | eq | version: | 6.10 | Trust: 0.3 |
vendor: | ubuntu | model: | linux i386 | scope: | eq | version: | 6.10 | Trust: 0.3 |
vendor: | ubuntu | model: | linux amd64 | scope: | eq | version: | 6.10 | Trust: 0.3 |
vendor: | ubuntu | model: | linux lts sparc | scope: | eq | version: | 6.06 | Trust: 0.3 |
vendor: | ubuntu | model: | linux lts powerpc | scope: | eq | version: | 6.06 | Trust: 0.3 |
vendor: | ubuntu | model: | linux lts i386 | scope: | eq | version: | 6.06 | Trust: 0.3 |
vendor: | ubuntu | model: | linux lts amd64 | scope: | eq | version: | 6.06 | Trust: 0.3 |
vendor: | turbolinux | model: | server | scope: | eq | version: | 10.0x86 | Trust: 0.3 |
vendor: | turbolinux | model: | server | scope: | eq | version: | 10.0.0x64 | Trust: 0.3 |
vendor: | turbolinux | model: | fuji | scope: | eq | version: | 0 | Trust: 0.3 |
vendor: | turbolinux | model: | appliance server | scope: | eq | version: | 2.0 | Trust: 0.3 |
vendor: | trustix | model: | secure linux | scope: | eq | version: | 3.0.5 | Trust: 0.3 |
vendor: | trustix | model: | secure linux | scope: | eq | version: | 3.0 | Trust: 0.3 |
vendor: | trustix | model: | secure linux | scope: | eq | version: | 2.2 | Trust: 0.3 |
vendor: | trustix | model: | operating system enterprise server | scope: | eq | version: | 2.0 | Trust: 0.3 |
vendor: | suse | model: | linux enterprise server | scope: | eq | version: | 9 | Trust: 0.3 |
vendor: | suse | model: | linux enterprise server sp1 | scope: | eq | version: | 10 | Trust: 0.3 |
vendor: | suse | model: | linux enterprise sdk 10.sp1 | scope: | - | version: | - | Trust: 0.3 |
vendor: | suse | model: | linux enterprise sdk | scope: | eq | version: | 10 | Trust: 0.3 |
vendor: | suse | model: | opensuse | scope: | eq | version: | 10.3 | Trust: 0.3 |
vendor: | sun | model: | solaris 9 x86 | scope: | - | version: | - | Trust: 0.3 |
vendor: | sun | model: | solaris 9 sparc | scope: | - | version: | - | Trust: 0.3 |
vendor: | sun | model: | solaris 8 x86 | scope: | - | version: | - | Trust: 0.3 |
vendor: | sun | model: | solaris 8 sparc | scope: | - | version: | - | Trust: 0.3 |
vendor: | sun | model: | solaris 10 x86 | scope: | - | version: | - | Trust: 0.3 |
vendor: | sgi | model: | propack sp6 | scope: | eq | version: | 3.0 | Trust: 0.3 |
vendor: | s u s e | model: | opensuse | scope: | eq | version: | 10.2 | Trust: 0.3 |
vendor: | s u s e | model: | open-enterprise-server | scope: | eq | version: | 0 | Trust: 0.3 |
vendor: | s u s e | model: | novell linux pos | scope: | eq | version: | 9 | Trust: 0.3 |
vendor: | s u s e | model: | novell linux desktop sdk | scope: | eq | version: | 9.0 | Trust: 0.3 |
vendor: | s u s e | model: | novell linux desktop | scope: | eq | version: | 9.0 | Trust: 0.3 |
vendor: | s u s e | model: | linux professional oss | scope: | eq | version: | 10.0 | Trust: 0.3 |
vendor: | s u s e | model: | linux professional | scope: | eq | version: | 10.1 | Trust: 0.3 |
vendor: | s u s e | model: | linux personal oss | scope: | eq | version: | 10.0 | Trust: 0.3 |
vendor: | s u s e | model: | linux personal | scope: | eq | version: | 10.1 | Trust: 0.3 |
vendor: | rpath | model: | linux | scope: | eq | version: | 1 | Trust: 0.3 |
vendor: | redhat | model: | network satellite (for rhel | scope: | eq | version: | 4)4.2 | Trust: 0.3 |
vendor: | redhat | model: | network proxy (for rhel | scope: | eq | version: | 3)4.2 | Trust: 0.3 |
vendor: | redhat | model: | enterprise linux ws | scope: | eq | version: | 4 | Trust: 0.3 |
vendor: | redhat | model: | enterprise linux ws | scope: | eq | version: | 3 | Trust: 0.3 |
vendor: | redhat | model: | enterprise linux ws ia64 | scope: | eq | version: | 2.1 | Trust: 0.3 |
vendor: | redhat | model: | enterprise linux ws | scope: | eq | version: | 2.1 | Trust: 0.3 |
vendor: | redhat | model: | enterprise linux es | scope: | eq | version: | 4 | Trust: 0.3 |
vendor: | redhat | model: | enterprise linux es | scope: | eq | version: | 3 | Trust: 0.3 |
vendor: | redhat | model: | enterprise linux es ia64 | scope: | eq | version: | 2.1 | Trust: 0.3 |
vendor: | redhat | model: | enterprise linux es | scope: | eq | version: | 2.1 | Trust: 0.3 |
vendor: | redhat | model: | enterprise linux desktop workstation client | scope: | eq | version: | 5 | Trust: 0.3 |
vendor: | redhat | model: | desktop | scope: | eq | version: | 4.0 | Trust: 0.3 |
vendor: | redhat | model: | desktop | scope: | eq | version: | 3.0 | Trust: 0.3 |
vendor: | redhat | model: | certificate server | scope: | eq | version: | 7.3 | Trust: 0.3 |
vendor: | redhat | model: | advanced workstation for the itanium processor ia64 | scope: | eq | version: | 2.1 | Trust: 0.3 |
vendor: | redhat | model: | advanced workstation for the itanium processor | scope: | eq | version: | 2.1 | Trust: 0.3 |
vendor: | red | model: | hat red hat network satellite server | scope: | eq | version: | 5.0 | Trust: 0.3 |
vendor: | red | model: | hat network satellite (for rhel | scope: | eq | version: | 3)4.2 | Trust: 0.3 |
vendor: | red | model: | hat network proxy (for rhel | scope: | eq | version: | 4)5.0 | Trust: 0.3 |
vendor: | red | model: | hat network proxy (for rhel | scope: | eq | version: | 4)4.2 | Trust: 0.3 |
vendor: | red | model: | hat enterprise linux desktop client | scope: | eq | version: | 5 | Trust: 0.3 |
vendor: | red | model: | hat enterprise linux as | scope: | eq | version: | 4 | Trust: 0.3 |
vendor: | red | model: | hat enterprise linux as | scope: | eq | version: | 3 | Trust: 0.3 |
vendor: | red | model: | hat enterprise linux as ia64 | scope: | eq | version: | 2.1 | Trust: 0.3 |
vendor: | red | model: | hat enterprise linux as | scope: | eq | version: | 2.1 | Trust: 0.3 |
vendor: | red | model: | hat enterprise linux server | scope: | eq | version: | 5 | Trust: 0.3 |
vendor: | mandriva | model: | linux mandrake x86 64 | scope: | eq | version: | 2007.1 | Trust: 0.3 |
vendor: | mandriva | model: | linux mandrake | scope: | eq | version: | 2007.1 | Trust: 0.3 |
vendor: | mandriva | model: | linux mandrake x86 64 | scope: | eq | version: | 2007.0 | Trust: 0.3 |
vendor: | mandriva | model: | linux mandrake | scope: | eq | version: | 2007.0 | Trust: 0.3 |
vendor: | mandrakesoft | model: | multi network firewall | scope: | eq | version: | 2.0 | Trust: 0.3 |
vendor: | mandrakesoft | model: | corporate server x86 64 | scope: | eq | version: | 4.0 | Trust: 0.3 |
vendor: | mandrakesoft | model: | corporate server x86 64 | scope: | eq | version: | 3.0 | Trust: 0.3 |
vendor: | mandrakesoft | model: | corporate server | scope: | eq | version: | 3.0 | Trust: 0.3 |
vendor: | mandrakesoft | model: | corporate server | scope: | eq | version: | 4.0 | Trust: 0.3 |
vendor: | ibm | model: | websphere application server | scope: | eq | version: | 6.0.1 | Trust: 0.3 |
vendor: | ibm | model: | http server | scope: | eq | version: | 6.1.0.13 | Trust: 0.3 |
vendor: | ibm | model: | http server | scope: | eq | version: | 6.0.2.23 | Trust: 0.3 |
vendor: | hp | model: | hp-ux b.11.31 | scope: | - | version: | - | Trust: 0.3 |
vendor: | hp | model: | hp-ux b.11.23 | scope: | - | version: | - | Trust: 0.3 |
vendor: | hp | model: | hp-ux b.11.11 | scope: | - | version: | - | Trust: 0.3 |
vendor: | gentoo | model: | linux | scope: | - | version: | - | Trust: 0.3 |
vendor: | fujitsu | model: | interstage studio standard-j edition | scope: | eq | version: | 9.0 | Trust: 0.3 |
vendor: | fujitsu | model: | interstage studio standard-j edition | scope: | eq | version: | 8.0.1 | Trust: 0.3 |
vendor: | fujitsu | model: | interstage studio enterprise edition | scope: | eq | version: | 9.0 | Trust: 0.3 |
vendor: | fujitsu | model: | interstage studio enterprise edition | scope: | eq | version: | 8.0.1 | Trust: 0.3 |
vendor: | fujitsu | model: | interstage job workload server | scope: | eq | version: | 8.1 | Trust: 0.3 |
vendor: | fujitsu | model: | interstage business application server enterprise | scope: | eq | version: | 8.0.0 | Trust: 0.3 |
vendor: | fujitsu | model: | interstage apworks standard-j edition | scope: | eq | version: | 8.0 | Trust: 0.3 |
vendor: | fujitsu | model: | interstage apworks modelers-j edition | scope: | eq | version: | 7.0 | Trust: 0.3 |
vendor: | fujitsu | model: | interstage apworks modelers-j edition 6.0a | scope: | - | version: | - | Trust: 0.3 |
vendor: | fujitsu | model: | interstage apworks modelers-j edition | scope: | eq | version: | 6.0 | Trust: 0.3 |
vendor: | fujitsu | model: | interstage apworks enterprise edition | scope: | eq | version: | 8.0 | Trust: 0.3 |
vendor: | fujitsu | model: | interstage application server web-j edition | scope: | eq | version: | 5.0 | Trust: 0.3 |
vendor: | fujitsu | model: | interstage application server standard-j edition a | scope: | eq | version: | 9.0 | Trust: 0.3 |
vendor: | fujitsu | model: | interstage application server standard-j edition | scope: | eq | version: | 9.0 | Trust: 0.3 |
vendor: | fujitsu | model: | interstage application server standard-j edition | scope: | eq | version: | 8.0.2 | Trust: 0.3 |
vendor: | fujitsu | model: | interstage application server standard-j edition | scope: | eq | version: | 8.0.1 | Trust: 0.3 |
vendor: | fujitsu | model: | interstage application server standard-j edition | scope: | eq | version: | 8.0 | Trust: 0.3 |
vendor: | fujitsu | model: | interstage application server standard edition | scope: | eq | version: | 5.0 | Trust: 0.3 |
vendor: | fujitsu | model: | interstage application server plus developer | scope: | eq | version: | 5.0.1 | Trust: 0.3 |
vendor: | fujitsu | model: | interstage application server plus developer | scope: | eq | version: | 7.0 | Trust: 0.3 |
vendor: | fujitsu | model: | interstage application server plus developer | scope: | eq | version: | 6.0 | Trust: 0.3 |
vendor: | fujitsu | model: | interstage application server plus | scope: | eq | version: | 7.0.1 | Trust: 0.3 |
vendor: | fujitsu | model: | interstage application server plus | scope: | eq | version: | 5.0.1 | Trust: 0.3 |
vendor: | fujitsu | model: | interstage application server plus | scope: | eq | version: | 7.0 | Trust: 0.3 |
vendor: | fujitsu | model: | interstage application server plus | scope: | eq | version: | 6.0 | Trust: 0.3 |
vendor: | fujitsu | model: | interstage application server enterprise edition a | scope: | eq | version: | 9.0 | Trust: 0.3 |
vendor: | fujitsu | model: | interstage application server enterprise edition | scope: | eq | version: | 9.0 | Trust: 0.3 |
vendor: | fujitsu | model: | interstage application server enterprise edition | scope: | eq | version: | 8.0.2 | Trust: 0.3 |
vendor: | fujitsu | model: | interstage application server enterprise edition | scope: | eq | version: | 8.0.1 | Trust: 0.3 |
vendor: | fujitsu | model: | interstage application server enterprise edition | scope: | eq | version: | 8.0 | Trust: 0.3 |
vendor: | fujitsu | model: | interstage application server enterprise edition | scope: | eq | version: | 7.0.1 | Trust: 0.3 |
vendor: | fujitsu | model: | interstage application server enterprise edition | scope: | eq | version: | 5.0.1 | Trust: 0.3 |
vendor: | fujitsu | model: | interstage application server enterprise edition | scope: | eq | version: | 7.0 | Trust: 0.3 |
vendor: | fujitsu | model: | interstage application server enterprise edition 6.0a | scope: | - | version: | - | Trust: 0.3 |
vendor: | fujitsu | model: | interstage application server enterprise edition | scope: | eq | version: | 6.0 | Trust: 0.3 |
vendor: | fujitsu | model: | interstage application server enterprise edition | scope: | eq | version: | 5.0 | Trust: 0.3 |
vendor: | avaya | model: | ses | scope: | eq | version: | 2.0 | Trust: 0.3 |
vendor: | avaya | model: | messaging storage server mm3.0 | scope: | - | version: | - | Trust: 0.3 |
vendor: | avaya | model: | messaging storage server | scope: | eq | version: | 2.0 | Trust: 0.3 |
vendor: | avaya | model: | messaging storage server | scope: | eq | version: | 1.0 | Trust: 0.3 |
vendor: | avaya | model: | messaging storage server | scope: | - | version: | - | Trust: 0.3 |
vendor: | avaya | model: | message networking mn | scope: | eq | version: | 3.1 | Trust: 0.3 |
vendor: | avaya | model: | message networking | scope: | - | version: | - | Trust: 0.3 |
vendor: | avaya | model: | intuity lx | scope: | eq | version: | 2.0 | Trust: 0.3 |
vendor: | avaya | model: | intuity lx | scope: | - | version: | - | Trust: 0.3 |
vendor: | avaya | model: | interactive response | scope: | eq | version: | 1.3 | Trust: 0.3 |
vendor: | avaya | model: | interactive response | scope: | eq | version: | 3.0 | Trust: 0.3 |
vendor: | avaya | model: | interactive response | scope: | eq | version: | 2.0 | Trust: 0.3 |
vendor: | avaya | model: | emmc | scope: | eq | version: | 1.021 | Trust: 0.3 |
vendor: | avaya | model: | emmc | scope: | eq | version: | 1.017 | Trust: 0.3 |
vendor: | avaya | model: | emmc | scope: | eq | version: | 0 | Trust: 0.3 |
vendor: | avaya | model: | communication manager | scope: | eq | version: | 2.0.1 | Trust: 0.3 |
vendor: | avaya | model: | communication manager | scope: | eq | version: | 2.0 | Trust: 0.3 |
vendor: | avaya | model: | communication manager | scope: | eq | version: | 4.0 | Trust: 0.3 |
vendor: | avaya | model: | communication manager | scope: | eq | version: | 3.1 | Trust: 0.3 |
vendor: | avaya | model: | communication manager | scope: | eq | version: | 3.0 | Trust: 0.3 |
vendor: | avaya | model: | aura sip enablement services | scope: | eq | version: | 3.1.1 | Trust: 0.3 |
vendor: | avaya | model: | aura sip enablement services | scope: | eq | version: | 3.0 | Trust: 0.3 |
vendor: | avaya | model: | aura application enablement services | scope: | eq | version: | 4.0.1 | Trust: 0.3 |
vendor: | avaya | model: | aura application enablement services | scope: | eq | version: | 3.1.3 | Trust: 0.3 |
vendor: | avaya | model: | aura application enablement services | scope: | eq | version: | 4.0 | Trust: 0.3 |
vendor: | avaya | model: | aura application enablement services | scope: | eq | version: | 3.1 | Trust: 0.3 |
vendor: | avaya | model: | aura application enablement services | scope: | eq | version: | 3.0 | Trust: 0.3 |
vendor: | apache | model: | software foundation mpm prefork | scope: | eq | version: | 0 | Trust: 0.3 |
vendor: | apache | model: | software foundation apache | scope: | eq | version: | 2.2.4 | Trust: 0.3 |
vendor: | apache | model: | software foundation apache | scope: | eq | version: | 2.0.59 | Trust: 0.3 |
vendor: | apache | model: | software foundation apache | scope: | eq | version: | 1.3.37 | Trust: 0.3 |
vendor: | apache | model: | software foundation apache | scope: | ne | version: | 2.2.6 | Trust: 0.3 |
vendor: | apache | model: | software foundation apache 2.3.38-dev | scope: | ne | version: | - | Trust: 0.3 |
vendor: | apache | model: | software foundation apache 2.0.60-dev | scope: | ne | version: | - | Trust: 0.3 |
EXPLOIT
An attacker must have the ability to exploit arbitrary code in a worker process to exploit this issue. This may be accomplished through exploiting other latent vulnerabilities (e.g. remote file-include issues).
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Design Error
Trust: 0.3
CREDITS
The PSNC Security Team is credited with discovering these vulnerabilities.
Trust: 0.3
EXTERNAL IDS
db: | NVD | id: | CVE-2007-3304 | Trust: 0.3 |
db: | BID | id: | 24215 | Trust: 0.3 |
REFERENCES
url: | http://rhn.redhat.com/errata/rhsa-2008-0263.html | Trust: 0.3 |
url: | http://rhn.redhat.com/errata/rhsa-2007-0556.html | Trust: 0.3 |
url: | http://www-1.ibm.com/support/docview.wss?uid=swg1pk52702 | Trust: 0.3 |
url: | http://www-1.ibm.com/support/docview.wss?uid=swg1pk53984 | Trust: 0.3 |
url: | http://httpd.apache.org/security/vulnerabilities_20.html | Trust: 0.3 |
url: | http://httpd.apache.org/security/vulnerabilities_13.html | Trust: 0.3 |
url: | http://rhn.redhat.com/errata/rhsa-2008-0524.html | Trust: 0.3 |
url: | https://rhn.redhat.com/errata/rhsa-2007-0662.html | Trust: 0.3 |
url: | http://rhn.redhat.com/errata/rhsa-2008-0523.html | Trust: 0.3 |
url: | http://sunsolve.sun.com/search/document.do?assetkey=1-26-103179-1 | Trust: 0.3 |
url: | http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html | Trust: 0.3 |
url: | http://www.apache.org/dist/httpd/changes_2.2.6 | Trust: 0.3 |
url: | http://rhn.redhat.com/errata/rhsa-2007-0532.html | Trust: 0.3 |
url: | http://support.avaya.com/elmodocs2/security/asa-2007-363.htm | Trust: 0.3 |
url: | http://httpd.apache.org/ | Trust: 0.3 |
url: | http://sunsolve.sun.com/search/document.do?assetkey=1-66-200032-1 | Trust: 0.3 |
url: | http://support.avaya.com/elmodocs2/security/asa-2008-012.htm | Trust: 0.3 |
url: | http://www-1.ibm.com/support/docview.wss?uid=swg1pk50467 | Trust: 0.3 |
url: | http://rhn.redhat.com/errata/rhsa-2008-0261.html | Trust: 0.3 |
url: | http://httpd.apache.org/security/vulnerabilities_22.html | Trust: 0.3 |
url: | http://support.avaya.com/elmodocs2/security/asa-2007-353.htm | Trust: 0.3 |
SOURCES
db: | BID | id: | 24215 |
LAST UPDATE DATE
2022-07-27T09:26:03.521000+00:00
SOURCES UPDATE DATE
db: | BID | id: | 24215 | date: | 2010-08-05T21:15:00 |
SOURCES RELEASE DATE
db: | BID | id: | 24215 | date: | 2007-05-29T00:00:00 |