Details of VAR-E-200708-0487

ID

VAR-E-200708-0487

CVE

cve_id:

CVE-2007-3847

Trust: 0.3

sources: BID: 25489

TITLE

Apache HTTP Server Mod_Proxy Denial of Service Vulnerability

Trust: 0.3

sources: BID: 25489

DESCRIPTION

The Apache mod_proxy module is prone to a denial-of-service vulnerability.
A remote attacker may be able to exploit this issue to crash the child process. This could lead to denial-of-service conditions if the server is using a multithreaded Multi-Processing Module (MPM).

Trust: 0.3

sources: BID: 25489

AFFECTED PRODUCTS

vendor:	vmware	model:	workstation	scope:	eq	version:	6.5.2	Trust: 0.3
vendor:	vmware	model:	workstation	scope:	eq	version:	6.5.1	Trust: 0.3
vendor:	vmware	model:	player	scope:	eq	version:	2.5.2	Trust: 0.3
vendor:	vmware	model:	player	scope:	eq	version:	2.5.1	Trust: 0.3
vendor:	vmware	model:	ace	scope:	eq	version:	2.5.2	Trust: 0.3
vendor:	vmware	model:	ace	scope:	eq	version:	2.5.1	Trust: 0.3
vendor:	ubuntu	model:	linux sparc	scope:	eq	version:	7.10	Trust: 0.3
vendor:	ubuntu	model:	linux powerpc	scope:	eq	version:	7.10	Trust: 0.3
vendor:	ubuntu	model:	linux i386	scope:	eq	version:	7.10	Trust: 0.3
vendor:	ubuntu	model:	linux amd64	scope:	eq	version:	7.10	Trust: 0.3
vendor:	ubuntu	model:	linux sparc	scope:	eq	version:	7.04	Trust: 0.3
vendor:	ubuntu	model:	linux powerpc	scope:	eq	version:	7.04	Trust: 0.3
vendor:	ubuntu	model:	linux i386	scope:	eq	version:	7.04	Trust: 0.3
vendor:	ubuntu	model:	linux amd64	scope:	eq	version:	7.04	Trust: 0.3
vendor:	ubuntu	model:	linux sparc	scope:	eq	version:	6.10	Trust: 0.3
vendor:	ubuntu	model:	linux powerpc	scope:	eq	version:	6.10	Trust: 0.3
vendor:	ubuntu	model:	linux i386	scope:	eq	version:	6.10	Trust: 0.3
vendor:	ubuntu	model:	linux amd64	scope:	eq	version:	6.10	Trust: 0.3
vendor:	ubuntu	model:	linux lts sparc	scope:	eq	version:	6.06	Trust: 0.3
vendor:	ubuntu	model:	linux lts powerpc	scope:	eq	version:	6.06	Trust: 0.3
vendor:	ubuntu	model:	linux lts i386	scope:	eq	version:	6.06	Trust: 0.3
vendor:	ubuntu	model:	linux lts amd64	scope:	eq	version:	6.06	Trust: 0.3
vendor:	turbolinux	model:	server	scope:	eq	version:	10.0x86	Trust: 0.3
vendor:	turbolinux	model:	server	scope:	eq	version:	10.0.0x64	Trust: 0.3
vendor:	turbolinux	model:	fuji	scope:	eq	version:	0	Trust: 0.3
vendor:	turbolinux	model:	appliance server	scope:	eq	version:	2.0	Trust: 0.3
vendor:	suse	model:	linux enterprise server	scope:	eq	version:	9	Trust: 0.3
vendor:	suse	model:	linux enterprise server sp1	scope:	eq	version:	10	Trust: 0.3
vendor:	suse	model:	linux enterprise sdk 10.sp1	scope:	-	version:	-	Trust: 0.3
vendor:	suse	model:	linux enterprise sdk	scope:	eq	version:	10	Trust: 0.3
vendor:	suse	model:	opensuse	scope:	eq	version:	10.3	Trust: 0.3
vendor:	slackware	model:	linux	scope:	eq	version:	10.2	Trust: 0.3
vendor:	slackware	model:	linux	scope:	eq	version:	10.1	Trust: 0.3
vendor:	slackware	model:	linux	scope:	eq	version:	10.0	Trust: 0.3
vendor:	slackware	model:	linux	scope:	eq	version:	9.1	Trust: 0.3
vendor:	slackware	model:	linux	scope:	eq	version:	9.0	Trust: 0.3
vendor:	slackware	model:	linux	scope:	eq	version:	8.1	Trust: 0.3
vendor:	slackware	model:	linux	scope:	eq	version:	11.0	Trust: 0.3
vendor:	s u s e	model:	opensuse	scope:	eq	version:	10.2	Trust: 0.3
vendor:	s u s e	model:	open-enterprise-server	scope:	eq	version:	0	Trust: 0.3
vendor:	s u s e	model:	novell linux pos	scope:	eq	version:	9	Trust: 0.3
vendor:	s u s e	model:	novell linux desktop sdk	scope:	eq	version:	9.0	Trust: 0.3
vendor:	s u s e	model:	novell linux desktop	scope:	eq	version:	9.0	Trust: 0.3
vendor:	s u s e	model:	linux professional oss	scope:	eq	version:	10.0	Trust: 0.3
vendor:	s u s e	model:	linux professional	scope:	eq	version:	10.1	Trust: 0.3
vendor:	s u s e	model:	linux personal oss	scope:	eq	version:	10.0	Trust: 0.3
vendor:	s u s e	model:	linux personal	scope:	eq	version:	10.1	Trust: 0.3
vendor:	rpath	model:	linux	scope:	eq	version:	1	Trust: 0.3
vendor:	redhat	model:	enterprise linux ws	scope:	eq	version:	4	Trust: 0.3
vendor:	redhat	model:	enterprise linux ws	scope:	eq	version:	3	Trust: 0.3
vendor:	redhat	model:	enterprise linux es	scope:	eq	version:	4	Trust: 0.3
vendor:	redhat	model:	enterprise linux es	scope:	eq	version:	3	Trust: 0.3
vendor:	redhat	model:	enterprise linux desktop workstation client	scope:	eq	version:	5	Trust: 0.3
vendor:	redhat	model:	desktop	scope:	eq	version:	4.0	Trust: 0.3
vendor:	redhat	model:	desktop	scope:	eq	version:	3.0	Trust: 0.3
vendor:	redhat	model:	certificate server	scope:	eq	version:	7.3	Trust: 0.3
vendor:	redhat	model:	application stack	scope:	eq	version:	v20	Trust: 0.3
vendor:	redhat	model:	application stack for enterprise linux es	scope:	eq	version:	v14	Trust: 0.3
vendor:	redhat	model:	application stack for enterprise linux as	scope:	eq	version:	v14	Trust: 0.3
vendor:	red	model:	hat fedora core7	scope:	-	version:	-	Trust: 0.3
vendor:	red	model:	hat fedora core6	scope:	-	version:	-	Trust: 0.3
vendor:	red	model:	hat enterprise linux desktop client	scope:	eq	version:	5	Trust: 0.3
vendor:	red	model:	hat enterprise linux as	scope:	eq	version:	4	Trust: 0.3
vendor:	red	model:	hat enterprise linux as	scope:	eq	version:	3	Trust: 0.3
vendor:	red	model:	hat enterprise linux server	scope:	eq	version:	5	Trust: 0.3
vendor:	mandriva	model:	linux mandrake x86 64	scope:	eq	version:	2007.1	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	2007.1	Trust: 0.3
vendor:	mandriva	model:	linux mandrake x86 64	scope:	eq	version:	2007.0	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	2007.0	Trust: 0.3
vendor:	mandrakesoft	model:	multi network firewall	scope:	eq	version:	2.0	Trust: 0.3
vendor:	mandrakesoft	model:	corporate server x86 64	scope:	eq	version:	4.0	Trust: 0.3
vendor:	mandrakesoft	model:	corporate server x86 64	scope:	eq	version:	3.0	Trust: 0.3
vendor:	mandrakesoft	model:	corporate server	scope:	eq	version:	3.0	Trust: 0.3
vendor:	mandrakesoft	model:	corporate server	scope:	eq	version:	4.0	Trust: 0.3
vendor:	ibm	model:	websphere application server	scope:	eq	version:	6.1.9	Trust: 0.3
vendor:	ibm	model:	websphere application server	scope:	eq	version:	6.1.8	Trust: 0.3
vendor:	ibm	model:	websphere application server	scope:	eq	version:	6.1.7	Trust: 0.3
vendor:	ibm	model:	websphere application server	scope:	eq	version:	6.1.6	Trust: 0.3
vendor:	ibm	model:	websphere application server	scope:	eq	version:	6.1.5	Trust: 0.3
vendor:	ibm	model:	websphere application server	scope:	eq	version:	6.1.4	Trust: 0.3
vendor:	ibm	model:	websphere application server	scope:	eq	version:	6.1.3	Trust: 0.3
vendor:	ibm	model:	websphere application server	scope:	eq	version:	6.1.2	Trust: 0.3
vendor:	ibm	model:	websphere application server	scope:	eq	version:	6.1.11	Trust: 0.3
vendor:	ibm	model:	websphere application server	scope:	eq	version:	6.1.1	Trust: 0.3
vendor:	ibm	model:	websphere application server	scope:	eq	version:	6.1	Trust: 0.3
vendor:	ibm	model:	http server	scope:	eq	version:	2.0.47.1	Trust: 0.3
vendor:	hp	model:	hp-ux b.11.31	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	hp-ux b.11.23	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	hp-ux b.11.11	scope:	-	version:	-	Trust: 0.3
vendor:	gentoo	model:	linux	scope:	-	version:	-	Trust: 0.3
vendor:	fujitsu	model:	interstage studio standard-j edition	scope:	eq	version:	9.0	Trust: 0.3
vendor:	fujitsu	model:	interstage studio standard-j edition	scope:	eq	version:	8.0.1	Trust: 0.3
vendor:	fujitsu	model:	interstage studio enterprise edition	scope:	eq	version:	9.0	Trust: 0.3
vendor:	fujitsu	model:	interstage studio enterprise edition	scope:	eq	version:	8.0.1	Trust: 0.3
vendor:	fujitsu	model:	interstage job workload server	scope:	eq	version:	8.1	Trust: 0.3
vendor:	fujitsu	model:	interstage business application server enterprise	scope:	eq	version:	8.0.0	Trust: 0.3
vendor:	fujitsu	model:	interstage apworks standard-j edition	scope:	eq	version:	8.0	Trust: 0.3
vendor:	fujitsu	model:	interstage apworks modelers-j edition	scope:	eq	version:	7.0	Trust: 0.3
vendor:	fujitsu	model:	interstage apworks modelers-j edition 6.0a	scope:	-	version:	-	Trust: 0.3
vendor:	fujitsu	model:	interstage apworks modelers-j edition	scope:	eq	version:	6.0	Trust: 0.3
vendor:	fujitsu	model:	interstage apworks enterprise edition	scope:	eq	version:	8.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server web-j edition	scope:	eq	version:	5.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server standard-j edition a	scope:	eq	version:	9.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server standard-j edition	scope:	eq	version:	9.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server standard-j edition	scope:	eq	version:	8.0.2	Trust: 0.3
vendor:	fujitsu	model:	interstage application server standard-j edition	scope:	eq	version:	8.0.1	Trust: 0.3
vendor:	fujitsu	model:	interstage application server standard-j edition	scope:	eq	version:	8.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server standard edition	scope:	eq	version:	5.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server plus developer	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	fujitsu	model:	interstage application server plus developer	scope:	eq	version:	7.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server plus developer	scope:	eq	version:	6.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server plus	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	fujitsu	model:	interstage application server plus	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	fujitsu	model:	interstage application server plus	scope:	eq	version:	7.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server plus	scope:	eq	version:	6.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition a	scope:	eq	version:	9.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	9.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	8.0.2	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	8.0.1	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	8.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	7.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition 6.0a	scope:	-	version:	-	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	6.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	5.0	Trust: 0.3
vendor:	avaya	model:	messaging storage server mm3.0	scope:	-	version:	-	Trust: 0.3
vendor:	avaya	model:	message networking mn	scope:	eq	version:	3.1	Trust: 0.3
vendor:	avaya	model:	intuity audix lx	scope:	eq	version:	2.0	Trust: 0.3
vendor:	avaya	model:	communication manager	scope:	eq	version:	4.0	Trust: 0.3
vendor:	avaya	model:	communication manager	scope:	eq	version:	3.1	Trust: 0.3
vendor:	avaya	model:	communication manager	scope:	eq	version:	3.0	Trust: 0.3
vendor:	avaya	model:	aura sip enablement services	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	avaya	model:	aura sip enablement services	scope:	eq	version:	3.1	Trust: 0.3
vendor:	avaya	model:	aura application enablement services	scope:	eq	version:	3.1.4	Trust: 0.3
vendor:	avaya	model:	aura application enablement services	scope:	eq	version:	3.1.3	Trust: 0.3
vendor:	avaya	model:	aura application enablement services	scope:	eq	version:	4.0	Trust: 0.3
vendor:	avaya	model:	aura application enablement services	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.11	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.10	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.9	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.8	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.7	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.6	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.11	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.10	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.9	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.2.4	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.2.3	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.2.2	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.2	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.59	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.58	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.55	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.54	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.53	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.52	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.51	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.50	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.49	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.48	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.47	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.46	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.45	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.44	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.43	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.42	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.40	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.39	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.37	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.36	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.35	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	ne	version:	1.3.41	Trust: 0.3
vendor:	apache	model:	software foundation apache 2.2.6-dev	scope:	ne	version:	-	Trust: 0.3
vendor:	apache	model:	software foundation apache 2.0.61-dev	scope:	ne	version:	-	Trust: 0.3

sources: BID: 25489

EXPLOIT

An attacker can exploit this issue by sending specially malformed data to the vulnerable application.

Trust: 0.3

sources: BID: 25489

PRICE

Free

Trust: 0.3

sources: BID: 25489

TYPE

Design Error

Trust: 0.3

sources: BID: 25489

CREDITS

The vendor disclosed this vulnerability.

Trust: 0.3

sources: BID: 25489

EXTERNAL IDS

db:	NVD	id:	CVE-2007-3847	Trust: 0.3
db:	BID	id:	25489	Trust: 0.3

sources: BID: 25489

REFERENCES

url:	https://rhn.redhat.com/errata/rhsa-2007-0911.html	Trust: 0.3
url:	http://marc.info/?l=apache-cvs&m=118592992309395&w=2	Trust: 0.3
url:	http://www-1.ibm.com/support/docview.wss?uid=swg1pk52702	Trust: 0.3
url:	http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27010985#new	Trust: 0.3
url:	http://rhn.redhat.com/errata/rhsa-2008-0005.html	Trust: 0.3
url:	http://httpd.apache.org/security/vulnerabilities_20.html	Trust: 0.3
url:	http://rhn.redhat.com/errata/rhsa-2008-0006.html	Trust: 0.3
url:	http://www.apache.org/dist/httpd/announcement1.3.html	Trust: 0.3
url:	http://rhn.redhat.com/errata/rhsa-2007-0747.html	Trust: 0.3
url:	http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html	Trust: 0.3
url:	http://support.avaya.com/elmodocs2/security/asa-2007-500.htm	Trust: 0.3
url:	http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27004980#ver61	Trust: 0.3
url:	http://www-1.ibm.com/support/docview.wss?uid=swg1pk50469	Trust: 0.3
url:	http://httpd.apache.org/	Trust: 0.3
url:	http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24017334	Trust: 0.3
url:	https://rhn.redhat.com/errata/rhsa-2007-0746.html	Trust: 0.3
url:	http://support.avaya.com/elmodocs2/security/asa-2008-026.htm	Trust: 0.3
url:	http://httpd.apache.org/security/vulnerabilities_22.html	Trust: 0.3

sources: BID: 25489

SOURCES

db:

BID

id:

25489

LAST UPDATE DATE

2022-07-27T09:50:50.873000+00:00

SOURCES UPDATE DATE

db:

BID

id:

25489

date:

2010-08-05T21:45:00

SOURCES RELEASE DATE

db:

BID

id:

25489

date:

2007-08-30T00:00:00