CVE-2007-6420

Apache HTTP Server 2.2.x - Cross-Site Request Forgery in mod_proxy_balancer

Title source: llm
STIX 2.1

Description

Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.

References (31)

Core 31
Core References
Not Applicable third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34219
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/3523
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/31681
Patch, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/27236
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-731-1
Permissions Required vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/0320
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2008-0966.html
Not Applicable third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33797
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/494858/100/0/threaded
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/486169/100/0/threaded
Third Party Advisory x_refsource_confirm
http://support.apple.com/kb/HT3216
Not Applicable third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31026
Not Applicable third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32222
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200807-06.xml
Permissions Required vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2780
Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=123376588623823&w=2
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

Scores

EPSS 0.0911
EPSS Percentile 94.7%

Details

CWE
CWE-352
Status published
Products (10)
apache/http_server 2.2.0
apache/http_server 2.2.2
apache/http_server 2.2.3
apache/http_server 2.2.4
apache/http_server 2.2.5
apache/http_server 2.2.6
apache/http_server 2.2.8
canonical/ubuntu_linux 6.06
canonical/ubuntu_linux 7.10
canonical/ubuntu_linux 8.04
Published Jan 12, 2008
Tracked Since Feb 18, 2026