Apache Httpd < 1.3.39: Signals to arbitrary processes

ID HTTPD:F530D75F8856ACC4F8157FC2A041822A
Type httpd
Reporter Apache Team Foundation
Modified 2007-09-07T00:00:00


The Apache HTTP server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the HTTP server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of service.