Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2007:0911
HistoryOct 25, 2007 - 12:00 a.m.

(RHSA-2007:0911) Moderate: httpd security update

2007-10-2500:00:00
access.redhat.com
10

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.005 Low

EPSS

Percentile

74.4%

JSON

The Apache HTTP Server is a popular and freely-available Web server.

A flaw was found in the Apache HTTP Server mod_proxy module. On sites where
a reverse proxy is configured, a remote attacker could send a carefully
crafted request that would cause the Apache child process handling that
request to crash. On sites where a forward proxy is configured, an attacker
could cause a similar crash if a user could be persuaded to visit a
malicious site using the proxy. This could lead to a denial of service if
using a threaded Multi-Processing Module. (CVE-2007-3847)

A flaw was found in the mod_autoindex module. On sites where directory
listings are used, and the AddDefaultCharset directive has been removed
from the configuration, a cross-site-scripting attack may be possible
against browsers which do not correctly derive the response character set
following the rules in RFC 2616. (CVE-2007-4465)

Users of httpd should upgrade to these updated packages which contain
backported patches to correct these issues.

OSVersionArchitecturePackageVersionFilename
RedHat4i386httpd-manual< 2.0.59-1.el4s1.8httpd-manual-2.0.59-1.el4s1.8.i386.rpm
RedHat4i386mod_ssl< 2.0.59-1.el4s1.8mod_ssl-2.0.59-1.el4s1.8.i386.rpm
RedHat5i386httpd-manual< 2.2.4-7.el5s2httpd-manual-2.2.4-7.el5s2.i386.rpm
RedHat5x86_64httpd-devel< 2.2.4-7.el5s2httpd-devel-2.2.4-7.el5s2.x86_64.rpm
RedHat4i386httpd< 2.0.59-1.el4s1.8httpd-2.0.59-1.el4s1.8.i386.rpm
RedHat4x86_64httpd-manual< 2.0.59-1.el4s1.8httpd-manual-2.0.59-1.el4s1.8.x86_64.rpm
RedHat4x86_64httpd< 2.0.59-1.el4s1.8httpd-2.0.59-1.el4s1.8.x86_64.rpm
RedHat4x86_64mod_ssl< 2.0.59-1.el4s1.8mod_ssl-2.0.59-1.el4s1.8.x86_64.rpm
RedHat5i386httpd< 2.2.4-7.el5s2httpd-2.2.4-7.el5s2.i386.rpm
RedHat4x86_64httpd-devel< 2.0.59-1.el4s1.8httpd-devel-2.0.59-1.el4s1.8.x86_64.rpm
Rows per page:
1-10 of 161

Related

openvas 51
fedora 2
nessus 35
oraclelinux 5
suse 1
centos 5
securityvulns 6
veracode 2
debiancve 2
prion 2
altlinux 6
ubuntucve 2
httpd 2
cve 2
redhat 8
gentoo 1
ubuntu 1
slackware 1
freebsd 1
vmware 2
oracle 1
openvas
openvas
Fedora Update for httpd FEDORA-2007-707
2009-02-27 00:00:00
Fedora Update for httpd FEDORA-2007-707
2009-02-27 00:00:00
Mandriva Update for apache MDKSA-2007:235 (apache)
2009-04-09 00:00:00
fedora
fedora
[SECURITY] Fedora Core 6 Update: httpd-2.2.6-1.fc6
2007-09-24 20:29:48
[SECURITY] Fedora 7 Update: httpd-2.2.6-1.fc7
2007-09-19 02:53:28
nessus
nessus
Mandrake Linux Security Advisory : apache (MDKSA-2007:235)
2007-12-04 00:00:00
Fedora Core 6 : httpd-2.2.6-1.fc6 (2007-707)
2007-09-25 00:00:00
SuSE 10 Security Update : apache2 (ZYPP Patch Number 4669)
2007-12-13 00:00:00
oraclelinux
oraclelinux
Moderate: httpd security update
2008-01-15 00:00:00
Moderate: httpd security update
2008-01-15 00:00:00
httpd security, bug fix, and enhancement update
2007-11-27 00:00:00
suse
suse
remote denial of service in apache2
2007-11-19 15:20:20
centos
centos
httpd, mod_ssl security update
2008-01-15 12:48:29
httpd, mod_ssl security update
2007-11-25 11:09:37
apache security update
2008-01-16 02:42:35
securityvulns
securityvulns
Apache crossite scripting
2007-09-13 00:00:00
Apache2 Undefined Charset UTF-7 XSS Vulnerability
2007-09-13 00:00:00
Apache mod_proxy denial of service
2007-09-14 00:00:00
veracode
veracode
Cross-Site Scripting (XSS)
2020-04-10 00:18:54
Denial Of Service (DoS)
2020-04-10 00:15:51
debiancve
debiancve
CVE-2007-4465
2007-09-14 00:17:00
CVE-2007-3847
2007-08-23 22:17:00
prion
prion
Cross site scripting
2007-09-14 00:17:00
Buffer overflow
2007-08-23 22:17:00
altlinux
altlinux
Security fix for the ALT Linux 8 package apache2 version 2.2.6-alt1
2007-09-14 00:00:00
Security fix for the ALT Linux 9 package apache2 version 2.2.6-alt1
2007-09-14 00:00:00
Security fix for the ALT Linux 10 package apache2 version 2.2.6-alt1
2007-09-14 00:00:00
ubuntucve
ubuntucve
CVE-2007-3847
2007-08-23 00:00:00
CVE-2007-4465
2007-09-14 00:00:00
httpd
httpd
Apache Httpd < 2.2.6 : mod_proxy crash
2006-12-10 00:00:00
Apache Httpd < 2.0.61 : mod_proxy crash
2006-12-10 00:00:00
cve
cve
CVE-2007-4465
2007-09-14 00:17:00
CVE-2007-3847
2007-08-23 22:17:00
redhat
redhat
(RHSA-2008:0005) Moderate: httpd security update
2008-01-15 00:00:00
(RHSA-2007:0746) Moderate: httpd security, bug fix, and enhancement update
2007-11-07 00:00:00
(RHSA-2007:0747) Moderate: httpd security, bug fix, and enhancement update
2007-11-15 00:00:00
gentoo
gentoo
Apache: Multiple vulnerabilities
2007-11-07 00:00:00
ubuntu
ubuntu
Apache vulnerabilities
2008-02-04 00:00:00
slackware
slackware
[slackware-security] apache
2008-02-15 01:23:13
freebsd
freebsd
apache -- multiple vulnerabilities
2007-09-07 00:00:00
vmware
vmware
VMware Hosted products update libpng and Apache HTTP Server
2009-08-20 00:00:00
VMware Hosted products update libpng and Apache HTTP Server
2009-08-20 00:00:00
oracle
oracle
Oracle Critical Patch Update - July 2013
2013-07-16 00:00:00

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.005 Low

EPSS

Percentile

74.4%

JSON
Related for RHSA-2007:0911
openvas51fedora2nessus35oraclelinux5suse1centos5securityvulns6veracode2debiancve2prion2altlinux6ubuntucve2httpd2cve2redhat8gentoo1ubuntu1slackware1freebsd1vmware2oracle1