// For flags

CVE-2007-3847

httpd: out of bounds read

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.

La fecha que maneja el código en modules/proxy/proxy_util.c (mod_proxy) en Apache 2.3.0, cuando se utiliza un MPM hilado, permite a servidores origen remotos provocar denegación de servicio (caida del proceso de proxy del cacheo de respuesta)a través de cabeceras de datos manipulados que disparan una sobre-lectura de búfer.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-07-18 CVE Reserved
  • 2007-08-23 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-125: Out-of-bounds Read
CAPEC
References (76)
URL Tag Source
http://bugs.gentoo.org/show_bug.cgi?id=186219 Issue Tracking
http://docs.info.apple.com/article.html?artnum=307562 Broken Link
http://lists.vmware.com/pipermail/security-announce/2009/000062.html Mailing List
http://marc.info/?l=apache-cvs&m=118592992309395&w=2 Issue Tracking
http://marc.info/?l=apache-httpd-dev&m=118595556504202&w=2 Issue Tracking
http://marc.info/?l=apache-httpd-dev&m=118595953217856&w=2 Issue Tracking
http://secunia.com/advisories/26636 Not Applicable
http://secunia.com/advisories/26722 Not Applicable
http://secunia.com/advisories/26790 Not Applicable
http://secunia.com/advisories/26842 Not Applicable
http://secunia.com/advisories/26952 Not Applicable
http://secunia.com/advisories/26993 Not Applicable
http://secunia.com/advisories/27209 Not Applicable
http://secunia.com/advisories/27563 Not Applicable
http://secunia.com/advisories/27593 Not Applicable
http://secunia.com/advisories/27732 Not Applicable
http://secunia.com/advisories/27882 Not Applicable
http://secunia.com/advisories/27971 Not Applicable
http://secunia.com/advisories/28467 Not Applicable
http://secunia.com/advisories/28606 Not Applicable
http://secunia.com/advisories/28749 Not Applicable
http://secunia.com/advisories/28922 Not Applicable
http://secunia.com/advisories/29420 Not Applicable
http://secunia.com/advisories/30430 Not Applicable
http://support.avaya.com/elmodocs2/security/ASA-2007-500.htm Third Party Advisory
http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951 Third Party Advisory
http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html Third Party Advisory
http://www.securityfocus.com/archive/1/505990/100/0/threaded Mailing List
http://www.securityfocus.com/bid/25489 Third Party Advisory
http://www.securitytracker.com/id?1018633 Broken Link
http://www.us-cert.gov/cas/techalerts/TA08-150A.html Third Party Advisory
https://issues.rpath.com/browse/RPL-1710 Broken Link
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E Mailing List
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10525 Signature
URL Date SRC
URL Date SRC
URL Date SRC
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01182588 2023-02-13
http://httpd.apache.org/security/vulnerabilities_20.html 2023-02-13
http://httpd.apache.org/security/vulnerabilities_22.html 2023-02-13
http://lists.apple.com/archives/security-announce/2008//May/msg00001.html 2023-02-13
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html 2023-02-13
http://security.gentoo.org/glsa/glsa-200711-06.xml 2023-02-13
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.595748 2023-02-13
http://www-1.ibm.com/support/docview.wss?uid=swg1PK50469 2023-02-13
http://www-1.ibm.com/support/docview.wss?uid=swg1PK52702 2023-02-13
http://www.mandriva.com/security/advisories?name=MDKSA-2007:235 2023-02-13
http://www.novell.com/linux/security/advisories/2007_61_apache2.html 2023-02-13
http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html 2023-02-13
http://www.redhat.com/support/errata/RHSA-2007-0746.html 2023-02-13
http://www.redhat.com/support/errata/RHSA-2007-0747.html 2023-02-13
http://www.redhat.com/support/errata/RHSA-2007-0911.html 2023-02-13
http://www.redhat.com/support/errata/RHSA-2008-0005.html 2023-02-13
http://www.ubuntu.com/usn/usn-575-1 2023-02-13
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00353.html 2023-02-13
https://access.redhat.com/security/cve/CVE-2007-3847 2010-08-04
https://bugzilla.redhat.com/show_bug.cgi?id=250731 2010-08-04
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Apache
Search vendor "Apache"
 Http Server
Search vendor "Apache" for product "Http Server"
 >= 2.0.35 < 2.0.61
Search vendor "Apache" for product "Http Server" and version " >= 2.0.35 < 2.0.61"
-
Affected
Apache
Search vendor "Apache"
 Http Server
Search vendor "Apache" for product "Http Server"
 >= 2.2.0 < 2.2.6
Search vendor "Apache" for product "Http Server" and version " >= 2.2.0 < 2.2.6"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
 Fedora
Search vendor "Fedoraproject" for product "Fedora"
 7
Search vendor "Fedoraproject" for product "Fedora" and version "7"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
 Fedora Core
Search vendor "Fedoraproject" for product "Fedora Core"
 6
Search vendor "Fedoraproject" for product "Fedora Core" and version "6"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 6.06
Search vendor "Canonical" for product "Ubuntu Linux" and version "6.06"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 6.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "6.10"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 7.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "7.04"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 7.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "7.10"
-
Affected