5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.877 High
EPSS
Percentile
98.6%
Apache HTTP server project reports:
The following potential security flaws are addressed:
CVE-2007-3847: mod_proxy: Prevent reading past the end of a
buffer when parsing date-related headers.
CVE-2007-1863: mod_cache: Prevent a segmentation fault if
attributes are listed in a Cache-Control header without any
value.
CVE-2007-3304: prefork, worker, event MPMs: Ensure that the
parent process cannot be forced to kill processes outside its
process group.
CVE-2006-5752: mod_status: Fix a possible XSS attack against
a site with a public server-status page and ExtendedStatus
enabled, for browsers which perform charset βdetectionβ.
Reported by Stefan Esser.
CVE-2006-1862: mod_mem_cache: Copy headers into longer lived
storage; header names and values could previously point to
cleaned up storage.