CVE-2007-3303

2007-06-2022:30:00

Debian Security Bug Tracker

security-tracker.debian.org

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.

OSVersionArchitecturePackageVersionFilename
Debian12allapache2<= 2.4.57-2apache2_2.4.57-2_all.deb
Debian11allapache2<= 2.4.56-1~deb11u2apache2_2.4.56-1~deb11u2_all.deb
Debian10allapache2<= 2.4.38-3+deb10u8apache2_2.4.38-3+deb10u8_all.deb
Debian999allapache2<= 2.4.59-2apache2_2.4.59-2_all.deb
Debian13allapache2<= 2.4.59-2apache2_2.4.59-2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	apache2	<= 2.4.57-2	apache2_2.4.57-2_all.deb
Debian	11	all	apache2	<= 2.4.56-1~deb11u2	apache2_2.4.56-1~deb11u2_all.deb
Debian	10	all	apache2	<= 2.4.38-3+deb10u8	apache2_2.4.38-3+deb10u8_all.deb
Debian	999	all	apache2	<= 2.4.59-2	apache2_2.4.59-2_all.deb
Debian	13	all	apache2	<= 2.4.59-2	apache2_2.4.59-2_all.deb