CVE-2007-3304

Apache HTTP Server 1.3.37 2.0.59 2.2.4 - Denial of Service via Prefork MPM Signal Handling

Title source: llm
STIX 2.1

Description

Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."

References (92)

Core 92
Core References
Not Applicable third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28606
Issue Tracking, Third Party Advisory x_refsource_misc
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245111
Broken Link vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:142
Not Applicable, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26822
Permissions Required vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/4305
Permissions Required vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3420
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-0557.html
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/38939
Third Party Advisory vendor-advisory x_refsource_aixapar
http://www-1.ibm.com/support/docview.wss?uid=swg1PK52702
Broken Link vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:140
Third Party Advisory vendor-advisory x_refsource_hp
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01182588
Not Applicable, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/25827
Not Applicable, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/25920
Not Applicable, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26993
Not Applicable third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28212
Third Party Advisory x_refsource_misc
http://security.psnc.pl/files/apache_report.pdf
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1018304
Not Applicable third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27563
Not Applicable third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27732
Third Party Advisory x_refsource_confirm
http://svn.apache.org/viewvc?view=rev&revision=547987
Broken Link vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103179-1
Not Applicable third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27209
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-0662.html
Not Applicable, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26790
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2007-0556.html
Vendor Advisory x_refsource_confirm
http://httpd.apache.org/security/vulnerabilities_20.html
Broken Link vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2007_61_apache2.html
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/469899/100/0/threaded
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html
Issue Tracking, Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://marc.info/?l=apache-httpd-dev&m=118252946632447&w=2
Not Applicable, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26759
Permissions Required vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3494
Third Party Advisory vendor-advisory x_refsource_aixapar
http://www-1.ibm.com/support/search.wss?rs=0&q=PK50467&apar=only
Broken Link vendor-advisory x_refsource_trustix
http://www.trustix.org/errata/2007/0026/
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/errata/RHSA-2007-0532.html
Vendor Advisory x_refsource_confirm
http://httpd.apache.org/security/vulnerabilities_22.html
Broken Link x_refsource_confirm
https://issues.rpath.com/browse/RPL-1710
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/505990/100/0/threaded
Exploit, Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/2814
Not Applicable third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27121
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/471832/100/0/threaded
Permissions Required vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0233
Not Applicable, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26211
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/35095
Not Applicable, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26443
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://lists.vmware.com/pipermail/security-announce/2009/000062.html
Vendor Advisory x_refsource_confirm
http://httpd.apache.org/security/vulnerabilities_13.html
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200711-06.xml
Not Applicable third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28224
Broken Link vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200032-1
Not Applicable, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/25830
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/24215
Third Party Advisory x_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2007-363.htm
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-499-1
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2008-0261.html
Not Applicable, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26508
Third Party Advisory x_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2007-353.htm
Not Applicable, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26842
Permissions Required vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3283
Third Party Advisory vendor-advisory x_refsource_aixapar
http://www-1.ibm.com/support/docview.wss?uid=swg1PK53984
Permissions Required vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/2727
Not Applicable, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26611
Not Applicable, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26273
Issue Tracking, Third Party Advisory x_refsource_confirm
http://bugs.gentoo.org/show_bug.cgi?id=186219
Permissions Required vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3100

Scores

EPSS 0.0330
EPSS Percentile 87.1%

Details

Status published
Products (8)
apache/http_server 1.3.0 - 1.3.39
canonical/ubuntu_linux 6.06
canonical/ubuntu_linux 6.10
canonical/ubuntu_linux 7.04
fedoraproject/fedora 7
redhat/enterprise_linux_desktop 5.0
redhat/enterprise_linux_server 5.0
redhat/enterprise_linux_workstation 5.0
Published Jun 20, 2007
Tracked Since Feb 18, 2026