CVE-2007-3303

Severity Score

4.9

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.

Apache httpd 2.0.59 y 2.2.4, con el módulo Prefork MPM, permite a usuarios locales provocar una denegación de servicio mediante ciertas secuencias de código ejecutadas en un proceso trabajador que (1) para el procesamiento de una petición matando todos los procesos trabajadores y previniendo la creación de reemplazos o (2) cuelga el sistema forzando al proceso maestro a crear un número arbitrario de procesos trabajadores. NOTA: esto podría ser una limitación inherente de diseño de Apache con respecto a procesos trabajadores en entornos host.

*Credits: N/A

CVSS Scores

NISTv2 4.9

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-06-20 CVE Reserved
2007-06-20 CVE Published
2024-08-07 CVE Updated
2024-11-12 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-94: Improper Control of Generation of Code ('Code Injection')

CAPEC

References (6)

URL	Tag	Source
http://osvdb.org/37050	Vdb Entry
http://security.psnc.pl/files/apache_report.pdf	X_refsource_misc
http://securityreason.com/securityalert/2814	Third Party Advisory
http://www.securityfocus.com/archive/1/469899/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/471832/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/24215	Vdb Entry

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.59 Search vendor "Apache" for product "Http Server" and version "2.0.59"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.2.4 Search vendor "Apache" for product "Http Server" and version "2.2.4"		-		Affected