exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2007-6422

Status Candidate

Overview

The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.

Related Files

HP Security Bulletin HPSBMA02442 SSRT090108
Posted May 27, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with HP Business Availability Center running Apache. The vulnerabilities could be remotely exploited to allow Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), and Denial of Service (DoS).

tags | advisory, denial of service, vulnerability, xss, csrf
advisories | CVE-2008-2939, CVE-2008-2364, CVE-2008-0005, CVE-2007-6422, CVE-2007-6421, CVE-2007-6420, CVE-2007-6388, CVE-2007-5000
SHA-256 | 8984e6a6d71e3911533469692dc0da853eb51153edc9f05ce6268a71ce2b470d
Gentoo Linux Security Advisory 200803-19
Posted Mar 13, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200803-19 - Adrian Pastor and Amir Azam (ProCheckUp) reported that the HTTP Method specifier header is not properly sanitized when the HTTP return code is 413 Request Entity too large (CVE-2007-6203). The mod_proxy_balancer module does not properly check the balancer name before using it (CVE-2007-6422). The mod_proxy_ftp does not define a charset in its answers (CVE-2008-0005). Stefano Di Paola (Minded Security) reported that filenames are not properly sanitized within the mod_negociation module (CVE-2008-0455, CVE-2008-0456). Versions less than 2.2.8 are affected.

tags | advisory, web
systems | linux, gentoo
advisories | CVE-2007-6203, CVE-2007-6422, CVE-2008-0005, CVE-2008-0455, CVE-2008-0456
SHA-256 | bb8144208f0da8d18360d59060c3a1605ef72264ec3cb3173d5750c515b79066
Ubuntu Security Notice 575-1
Posted Feb 5, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 575-1 - A slew of denial of service and cross site scripting related vulnerabilities have been patched in the apache2 package.

tags | advisory, denial of service, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2006-3918, CVE-2007-3847, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2007-6421, CVE-2007-6422, CVE-2008-0005
SHA-256 | fbd90fd3b1d7a6b5559c9b4afb5b47c7da3fc94863094e4710b15c7ae02b1709
Mandriva Linux Security Advisory 2008-016
Posted Jan 17, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A flaw found in the mod_imagemap module could lead to a cross-site scripting attack on sites where mod_imagemap was enabled and an imagemap file was publicly available. A flaw found in the mod_status module could lead to a cross-site scripting attack on sites where mod_status was enabled and the status pages were publicly available. A flaw found in the mod_proxy_balancer module could lead to a cross-site scripting attack against an authorized user on sites where mod_proxy_balancer was enabled. Another flaw in the mod_proxy_balancer module was found where, on sites with the module enabled, an authorized user could send a carefully crafted request that would cause the apache child process handling the request to crash, which could lead to a denial of service if using a threaded MPM. A flaw found in the mod_proxy_ftp module could lead to a cross-site scripting attack against web browsers which do not correctly derive the response character set following the rules in RFC 2616, on sites where the mod_proxy_ftp module was enabled.

tags | advisory, web, denial of service, xss
systems | linux, mandriva
advisories | CVE-2007-5000, CVE-2007-6388, CVE-2007-6421, CVE-2007-6422, CVE-2008-0005
SHA-256 | 7011750e86e2350ac4aa01c2801209a1471d2cfd530582dc3a9b8ae8243bbe30
apache2-multiple.txt
Posted Jan 11, 2008
Authored by sp3x | Site securityreason.com

Apache 2.2.x through 2.2.6 suffers from cross site request forgery, cross site scripting, memory corruption, and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, xss, csrf
advisories | CVE-2007-6420, CVE-2007-6421, CVE-2007-6422, CVE-2007-6423
SHA-256 | 0413044eb9bef283370981f8d415a8e607b969cfd2efb1b0c8bf8d63c50add86
Page 1 of 1
Back1Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close