rhsa-2007_0532
Vulnerability from csaf_redhat
Published
2007-06-26 15:13
Modified
2024-11-05 16:45
Summary
Red Hat Security Advisory: apache security update
Notes
Topic
Updated Apache httpd packages that correct two security issues are now
available for Red Hat Enterprise Linux 2.1.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Details
The Apache HTTP Server is a popular Web server.
The Apache HTTP Server did not verify that a process was an Apache child
process before sending it signals. A local attacker who has the ability to
run scripts on the Apache HTTP Server could manipulate the scoreboard and
cause arbitrary processes to be terminated, which could lead to a denial of
service. (CVE-2007-3304)
A flaw was found in the Apache HTTP Server mod_status module. Sites with
the server-status page publicly accessible and ExtendedStatus enabled were
vulnerable to a cross-site scripting attack. On Red Hat Enterprise Linux
the server-status page is not enabled by default and it is best practice to
not make this publicly available. (CVE-2006-5752)
Users of Apache should upgrade to these updated packages, which contain
backported patches to correct these issues. Users should restart Apache
after installing this update.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated Apache httpd packages that correct two security issues are now\navailable for Red Hat Enterprise Linux 2.1.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "The Apache HTTP Server is a popular Web server.\n\nThe Apache HTTP Server did not verify that a process was an Apache child\nprocess before sending it signals. A local attacker who has the ability to\nrun scripts on the Apache HTTP Server could manipulate the scoreboard and\ncause arbitrary processes to be terminated, which could lead to a denial of\nservice. (CVE-2007-3304) \n\nA flaw was found in the Apache HTTP Server mod_status module. Sites with\nthe server-status page publicly accessible and ExtendedStatus enabled were\nvulnerable to a cross-site scripting attack. On Red Hat Enterprise Linux\nthe server-status page is not enabled by default and it is best practice to\nnot make this publicly available. (CVE-2006-5752)\n\nUsers of Apache should upgrade to these updated packages, which contain\nbackported patches to correct these issues. Users should restart Apache\nafter installing this update.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2007:0532",
"url": "https://access.redhat.com/errata/RHSA-2007:0532"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "245111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=245111"
},
{
"category": "external",
"summary": "245112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=245112"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2007/rhsa-2007_0532.json"
}
],
"title": "Red Hat Security Advisory: apache security update",
"tracking": {
"current_release_date": "2024-11-05T16:45:32+00:00",
"generator": {
"date": "2024-11-05T16:45:32+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2007:0532",
"initial_release_date": "2007-06-26T15:13:00+00:00",
"revision_history": [
{
"date": "2007-06-26T15:13:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2007-06-26T11:13:14+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-05T16:45:32+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product": {
"name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product_id": "2.1AS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Linux Advanced Workstation 2.1",
"product": {
"name": "Red Hat Linux Advanced Workstation 2.1",
"product_id": "2.1AW",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:2.1::aw"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 2.1",
"product": {
"name": "Red Hat Enterprise Linux ES version 2.1",
"product_id": "2.1ES",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:2.1::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 2.1",
"product": {
"name": "Red Hat Enterprise Linux WS version 2.1",
"product_id": "2.1WS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:2.1::ws"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "apache-manual-0:1.3.27-12.ent.ia64",
"product": {
"name": "apache-manual-0:1.3.27-12.ent.ia64",
"product_id": "apache-manual-0:1.3.27-12.ent.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-manual@1.3.27-12.ent?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "apache-0:1.3.27-12.ent.ia64",
"product": {
"name": "apache-0:1.3.27-12.ent.ia64",
"product_id": "apache-0:1.3.27-12.ent.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache@1.3.27-12.ent?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "apache-devel-0:1.3.27-12.ent.ia64",
"product": {
"name": "apache-devel-0:1.3.27-12.ent.ia64",
"product_id": "apache-devel-0:1.3.27-12.ent.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-devel@1.3.27-12.ent?arch=ia64"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "apache-0:1.3.27-12.ent.src",
"product": {
"name": "apache-0:1.3.27-12.ent.src",
"product_id": "apache-0:1.3.27-12.ent.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache@1.3.27-12.ent?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "apache-manual-0:1.3.27-12.ent.i386",
"product": {
"name": "apache-manual-0:1.3.27-12.ent.i386",
"product_id": "apache-manual-0:1.3.27-12.ent.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-manual@1.3.27-12.ent?arch=i386"
}
}
},
{
"category": "product_version",
"name": "apache-0:1.3.27-12.ent.i386",
"product": {
"name": "apache-0:1.3.27-12.ent.i386",
"product_id": "apache-0:1.3.27-12.ent.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache@1.3.27-12.ent?arch=i386"
}
}
},
{
"category": "product_version",
"name": "apache-devel-0:1.3.27-12.ent.i386",
"product": {
"name": "apache-devel-0:1.3.27-12.ent.i386",
"product_id": "apache-devel-0:1.3.27-12.ent.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-devel@1.3.27-12.ent?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-0:1.3.27-12.ent.i386 as a component of Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product_id": "2.1AS:apache-0:1.3.27-12.ent.i386"
},
"product_reference": "apache-0:1.3.27-12.ent.i386",
"relates_to_product_reference": "2.1AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-0:1.3.27-12.ent.ia64 as a component of Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product_id": "2.1AS:apache-0:1.3.27-12.ent.ia64"
},
"product_reference": "apache-0:1.3.27-12.ent.ia64",
"relates_to_product_reference": "2.1AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-0:1.3.27-12.ent.src as a component of Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product_id": "2.1AS:apache-0:1.3.27-12.ent.src"
},
"product_reference": "apache-0:1.3.27-12.ent.src",
"relates_to_product_reference": "2.1AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-devel-0:1.3.27-12.ent.i386 as a component of Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product_id": "2.1AS:apache-devel-0:1.3.27-12.ent.i386"
},
"product_reference": "apache-devel-0:1.3.27-12.ent.i386",
"relates_to_product_reference": "2.1AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-devel-0:1.3.27-12.ent.ia64 as a component of Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product_id": "2.1AS:apache-devel-0:1.3.27-12.ent.ia64"
},
"product_reference": "apache-devel-0:1.3.27-12.ent.ia64",
"relates_to_product_reference": "2.1AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-manual-0:1.3.27-12.ent.i386 as a component of Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product_id": "2.1AS:apache-manual-0:1.3.27-12.ent.i386"
},
"product_reference": "apache-manual-0:1.3.27-12.ent.i386",
"relates_to_product_reference": "2.1AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-manual-0:1.3.27-12.ent.ia64 as a component of Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product_id": "2.1AS:apache-manual-0:1.3.27-12.ent.ia64"
},
"product_reference": "apache-manual-0:1.3.27-12.ent.ia64",
"relates_to_product_reference": "2.1AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-0:1.3.27-12.ent.i386 as a component of Red Hat Linux Advanced Workstation 2.1",
"product_id": "2.1AW:apache-0:1.3.27-12.ent.i386"
},
"product_reference": "apache-0:1.3.27-12.ent.i386",
"relates_to_product_reference": "2.1AW"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-0:1.3.27-12.ent.ia64 as a component of Red Hat Linux Advanced Workstation 2.1",
"product_id": "2.1AW:apache-0:1.3.27-12.ent.ia64"
},
"product_reference": "apache-0:1.3.27-12.ent.ia64",
"relates_to_product_reference": "2.1AW"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-0:1.3.27-12.ent.src as a component of Red Hat Linux Advanced Workstation 2.1",
"product_id": "2.1AW:apache-0:1.3.27-12.ent.src"
},
"product_reference": "apache-0:1.3.27-12.ent.src",
"relates_to_product_reference": "2.1AW"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-devel-0:1.3.27-12.ent.i386 as a component of Red Hat Linux Advanced Workstation 2.1",
"product_id": "2.1AW:apache-devel-0:1.3.27-12.ent.i386"
},
"product_reference": "apache-devel-0:1.3.27-12.ent.i386",
"relates_to_product_reference": "2.1AW"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-devel-0:1.3.27-12.ent.ia64 as a component of Red Hat Linux Advanced Workstation 2.1",
"product_id": "2.1AW:apache-devel-0:1.3.27-12.ent.ia64"
},
"product_reference": "apache-devel-0:1.3.27-12.ent.ia64",
"relates_to_product_reference": "2.1AW"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-manual-0:1.3.27-12.ent.i386 as a component of Red Hat Linux Advanced Workstation 2.1",
"product_id": "2.1AW:apache-manual-0:1.3.27-12.ent.i386"
},
"product_reference": "apache-manual-0:1.3.27-12.ent.i386",
"relates_to_product_reference": "2.1AW"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-manual-0:1.3.27-12.ent.ia64 as a component of Red Hat Linux Advanced Workstation 2.1",
"product_id": "2.1AW:apache-manual-0:1.3.27-12.ent.ia64"
},
"product_reference": "apache-manual-0:1.3.27-12.ent.ia64",
"relates_to_product_reference": "2.1AW"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-0:1.3.27-12.ent.i386 as a component of Red Hat Enterprise Linux ES version 2.1",
"product_id": "2.1ES:apache-0:1.3.27-12.ent.i386"
},
"product_reference": "apache-0:1.3.27-12.ent.i386",
"relates_to_product_reference": "2.1ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-0:1.3.27-12.ent.ia64 as a component of Red Hat Enterprise Linux ES version 2.1",
"product_id": "2.1ES:apache-0:1.3.27-12.ent.ia64"
},
"product_reference": "apache-0:1.3.27-12.ent.ia64",
"relates_to_product_reference": "2.1ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-0:1.3.27-12.ent.src as a component of Red Hat Enterprise Linux ES version 2.1",
"product_id": "2.1ES:apache-0:1.3.27-12.ent.src"
},
"product_reference": "apache-0:1.3.27-12.ent.src",
"relates_to_product_reference": "2.1ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-devel-0:1.3.27-12.ent.i386 as a component of Red Hat Enterprise Linux ES version 2.1",
"product_id": "2.1ES:apache-devel-0:1.3.27-12.ent.i386"
},
"product_reference": "apache-devel-0:1.3.27-12.ent.i386",
"relates_to_product_reference": "2.1ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-devel-0:1.3.27-12.ent.ia64 as a component of Red Hat Enterprise Linux ES version 2.1",
"product_id": "2.1ES:apache-devel-0:1.3.27-12.ent.ia64"
},
"product_reference": "apache-devel-0:1.3.27-12.ent.ia64",
"relates_to_product_reference": "2.1ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-manual-0:1.3.27-12.ent.i386 as a component of Red Hat Enterprise Linux ES version 2.1",
"product_id": "2.1ES:apache-manual-0:1.3.27-12.ent.i386"
},
"product_reference": "apache-manual-0:1.3.27-12.ent.i386",
"relates_to_product_reference": "2.1ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-manual-0:1.3.27-12.ent.ia64 as a component of Red Hat Enterprise Linux ES version 2.1",
"product_id": "2.1ES:apache-manual-0:1.3.27-12.ent.ia64"
},
"product_reference": "apache-manual-0:1.3.27-12.ent.ia64",
"relates_to_product_reference": "2.1ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-0:1.3.27-12.ent.i386 as a component of Red Hat Enterprise Linux WS version 2.1",
"product_id": "2.1WS:apache-0:1.3.27-12.ent.i386"
},
"product_reference": "apache-0:1.3.27-12.ent.i386",
"relates_to_product_reference": "2.1WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-0:1.3.27-12.ent.ia64 as a component of Red Hat Enterprise Linux WS version 2.1",
"product_id": "2.1WS:apache-0:1.3.27-12.ent.ia64"
},
"product_reference": "apache-0:1.3.27-12.ent.ia64",
"relates_to_product_reference": "2.1WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-0:1.3.27-12.ent.src as a component of Red Hat Enterprise Linux WS version 2.1",
"product_id": "2.1WS:apache-0:1.3.27-12.ent.src"
},
"product_reference": "apache-0:1.3.27-12.ent.src",
"relates_to_product_reference": "2.1WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-devel-0:1.3.27-12.ent.i386 as a component of Red Hat Enterprise Linux WS version 2.1",
"product_id": "2.1WS:apache-devel-0:1.3.27-12.ent.i386"
},
"product_reference": "apache-devel-0:1.3.27-12.ent.i386",
"relates_to_product_reference": "2.1WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-devel-0:1.3.27-12.ent.ia64 as a component of Red Hat Enterprise Linux WS version 2.1",
"product_id": "2.1WS:apache-devel-0:1.3.27-12.ent.ia64"
},
"product_reference": "apache-devel-0:1.3.27-12.ent.ia64",
"relates_to_product_reference": "2.1WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-manual-0:1.3.27-12.ent.i386 as a component of Red Hat Enterprise Linux WS version 2.1",
"product_id": "2.1WS:apache-manual-0:1.3.27-12.ent.i386"
},
"product_reference": "apache-manual-0:1.3.27-12.ent.i386",
"relates_to_product_reference": "2.1WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-manual-0:1.3.27-12.ent.ia64 as a component of Red Hat Enterprise Linux WS version 2.1",
"product_id": "2.1WS:apache-manual-0:1.3.27-12.ent.ia64"
},
"product_reference": "apache-manual-0:1.3.27-12.ent.ia64",
"relates_to_product_reference": "2.1WS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2006-5752",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2007-06-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "245112"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform \"charset detection\" when the content-type is not specified.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd mod_status XSS",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"2.1AS:apache-0:1.3.27-12.ent.i386",
"2.1AS:apache-0:1.3.27-12.ent.ia64",
"2.1AS:apache-0:1.3.27-12.ent.src",
"2.1AS:apache-devel-0:1.3.27-12.ent.i386",
"2.1AS:apache-devel-0:1.3.27-12.ent.ia64",
"2.1AS:apache-manual-0:1.3.27-12.ent.i386",
"2.1AS:apache-manual-0:1.3.27-12.ent.ia64",
"2.1AW:apache-0:1.3.27-12.ent.i386",
"2.1AW:apache-0:1.3.27-12.ent.ia64",
"2.1AW:apache-0:1.3.27-12.ent.src",
"2.1AW:apache-devel-0:1.3.27-12.ent.i386",
"2.1AW:apache-devel-0:1.3.27-12.ent.ia64",
"2.1AW:apache-manual-0:1.3.27-12.ent.i386",
"2.1AW:apache-manual-0:1.3.27-12.ent.ia64",
"2.1ES:apache-0:1.3.27-12.ent.i386",
"2.1ES:apache-0:1.3.27-12.ent.ia64",
"2.1ES:apache-0:1.3.27-12.ent.src",
"2.1ES:apache-devel-0:1.3.27-12.ent.i386",
"2.1ES:apache-devel-0:1.3.27-12.ent.ia64",
"2.1ES:apache-manual-0:1.3.27-12.ent.i386",
"2.1ES:apache-manual-0:1.3.27-12.ent.ia64",
"2.1WS:apache-0:1.3.27-12.ent.i386",
"2.1WS:apache-0:1.3.27-12.ent.ia64",
"2.1WS:apache-0:1.3.27-12.ent.src",
"2.1WS:apache-devel-0:1.3.27-12.ent.i386",
"2.1WS:apache-devel-0:1.3.27-12.ent.ia64",
"2.1WS:apache-manual-0:1.3.27-12.ent.i386",
"2.1WS:apache-manual-0:1.3.27-12.ent.ia64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2006-5752"
},
{
"category": "external",
"summary": "RHBZ#245112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=245112"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2006-5752",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-5752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-5752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-5752"
}
],
"release_date": "2007-06-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2007-06-26T15:13:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"2.1AS:apache-0:1.3.27-12.ent.i386",
"2.1AS:apache-0:1.3.27-12.ent.ia64",
"2.1AS:apache-0:1.3.27-12.ent.src",
"2.1AS:apache-devel-0:1.3.27-12.ent.i386",
"2.1AS:apache-devel-0:1.3.27-12.ent.ia64",
"2.1AS:apache-manual-0:1.3.27-12.ent.i386",
"2.1AS:apache-manual-0:1.3.27-12.ent.ia64",
"2.1AW:apache-0:1.3.27-12.ent.i386",
"2.1AW:apache-0:1.3.27-12.ent.ia64",
"2.1AW:apache-0:1.3.27-12.ent.src",
"2.1AW:apache-devel-0:1.3.27-12.ent.i386",
"2.1AW:apache-devel-0:1.3.27-12.ent.ia64",
"2.1AW:apache-manual-0:1.3.27-12.ent.i386",
"2.1AW:apache-manual-0:1.3.27-12.ent.ia64",
"2.1ES:apache-0:1.3.27-12.ent.i386",
"2.1ES:apache-0:1.3.27-12.ent.ia64",
"2.1ES:apache-0:1.3.27-12.ent.src",
"2.1ES:apache-devel-0:1.3.27-12.ent.i386",
"2.1ES:apache-devel-0:1.3.27-12.ent.ia64",
"2.1ES:apache-manual-0:1.3.27-12.ent.i386",
"2.1ES:apache-manual-0:1.3.27-12.ent.ia64",
"2.1WS:apache-0:1.3.27-12.ent.i386",
"2.1WS:apache-0:1.3.27-12.ent.ia64",
"2.1WS:apache-0:1.3.27-12.ent.src",
"2.1WS:apache-devel-0:1.3.27-12.ent.i386",
"2.1WS:apache-devel-0:1.3.27-12.ent.ia64",
"2.1WS:apache-manual-0:1.3.27-12.ent.i386",
"2.1WS:apache-manual-0:1.3.27-12.ent.ia64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2007:0532"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd mod_status XSS"
},
{
"cve": "CVE-2007-3304",
"discovery_date": "2007-06-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "245111"
}
],
"notes": [
{
"category": "description",
"text": "Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka \"SIGUSR1 killer.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd scoreboard lack of PID protection",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"2.1AS:apache-0:1.3.27-12.ent.i386",
"2.1AS:apache-0:1.3.27-12.ent.ia64",
"2.1AS:apache-0:1.3.27-12.ent.src",
"2.1AS:apache-devel-0:1.3.27-12.ent.i386",
"2.1AS:apache-devel-0:1.3.27-12.ent.ia64",
"2.1AS:apache-manual-0:1.3.27-12.ent.i386",
"2.1AS:apache-manual-0:1.3.27-12.ent.ia64",
"2.1AW:apache-0:1.3.27-12.ent.i386",
"2.1AW:apache-0:1.3.27-12.ent.ia64",
"2.1AW:apache-0:1.3.27-12.ent.src",
"2.1AW:apache-devel-0:1.3.27-12.ent.i386",
"2.1AW:apache-devel-0:1.3.27-12.ent.ia64",
"2.1AW:apache-manual-0:1.3.27-12.ent.i386",
"2.1AW:apache-manual-0:1.3.27-12.ent.ia64",
"2.1ES:apache-0:1.3.27-12.ent.i386",
"2.1ES:apache-0:1.3.27-12.ent.ia64",
"2.1ES:apache-0:1.3.27-12.ent.src",
"2.1ES:apache-devel-0:1.3.27-12.ent.i386",
"2.1ES:apache-devel-0:1.3.27-12.ent.ia64",
"2.1ES:apache-manual-0:1.3.27-12.ent.i386",
"2.1ES:apache-manual-0:1.3.27-12.ent.ia64",
"2.1WS:apache-0:1.3.27-12.ent.i386",
"2.1WS:apache-0:1.3.27-12.ent.ia64",
"2.1WS:apache-0:1.3.27-12.ent.src",
"2.1WS:apache-devel-0:1.3.27-12.ent.i386",
"2.1WS:apache-devel-0:1.3.27-12.ent.ia64",
"2.1WS:apache-manual-0:1.3.27-12.ent.i386",
"2.1WS:apache-manual-0:1.3.27-12.ent.ia64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-3304"
},
{
"category": "external",
"summary": "RHBZ#245111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=245111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-3304",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-3304"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3304",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3304"
}
],
"release_date": "2007-06-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2007-06-26T15:13:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"2.1AS:apache-0:1.3.27-12.ent.i386",
"2.1AS:apache-0:1.3.27-12.ent.ia64",
"2.1AS:apache-0:1.3.27-12.ent.src",
"2.1AS:apache-devel-0:1.3.27-12.ent.i386",
"2.1AS:apache-devel-0:1.3.27-12.ent.ia64",
"2.1AS:apache-manual-0:1.3.27-12.ent.i386",
"2.1AS:apache-manual-0:1.3.27-12.ent.ia64",
"2.1AW:apache-0:1.3.27-12.ent.i386",
"2.1AW:apache-0:1.3.27-12.ent.ia64",
"2.1AW:apache-0:1.3.27-12.ent.src",
"2.1AW:apache-devel-0:1.3.27-12.ent.i386",
"2.1AW:apache-devel-0:1.3.27-12.ent.ia64",
"2.1AW:apache-manual-0:1.3.27-12.ent.i386",
"2.1AW:apache-manual-0:1.3.27-12.ent.ia64",
"2.1ES:apache-0:1.3.27-12.ent.i386",
"2.1ES:apache-0:1.3.27-12.ent.ia64",
"2.1ES:apache-0:1.3.27-12.ent.src",
"2.1ES:apache-devel-0:1.3.27-12.ent.i386",
"2.1ES:apache-devel-0:1.3.27-12.ent.ia64",
"2.1ES:apache-manual-0:1.3.27-12.ent.i386",
"2.1ES:apache-manual-0:1.3.27-12.ent.ia64",
"2.1WS:apache-0:1.3.27-12.ent.i386",
"2.1WS:apache-0:1.3.27-12.ent.ia64",
"2.1WS:apache-0:1.3.27-12.ent.src",
"2.1WS:apache-devel-0:1.3.27-12.ent.i386",
"2.1WS:apache-devel-0:1.3.27-12.ent.ia64",
"2.1WS:apache-manual-0:1.3.27-12.ent.i386",
"2.1WS:apache-manual-0:1.3.27-12.ent.ia64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2007:0532"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd scoreboard lack of PID protection"
}
]
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.