Apache Httpd < 1.3.39 : Signals to arbitrary processes

ID HTTPD:B63CF0157386C00B8FF9E943DA8F9A2F
Type httpd
Reporter Apache Team Foundation
Modified 2007-09-07T00:00:00


The Apache HTTP server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the HTTP server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of service.