Search for vulnerabilities
Vulnerability details: VCID-tkhp-xxex-aaag
Vulnerability ID VCID-tkhp-xxex-aaag
Aliases CVE-2007-3847
Summary The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-125 Out-of-bounds Read
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2007:0746
rhas Moderate https://access.redhat.com/errata/RHSA-2007:0747
rhas Moderate https://access.redhat.com/errata/RHSA-2007:0911
rhas Moderate https://access.redhat.com/errata/RHSA-2008:0005
rhas Moderate https://access.redhat.com/errata/RHSA-2010:0602
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.00655 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.00655 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.00655 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.00655 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.00655 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.00655 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.03329 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.03682 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.03682 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.04041 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
epss 0.05331 https://api.first.org/data/v1/epss?cve=CVE-2007-3847
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=250731
apache_httpd moderate https://httpd.apache.org/security/json/CVE-2007-3847.json
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2007-3847
Reference id Reference type URL
http://bugs.gentoo.org/show_bug.cgi?id=186219
http://docs.info.apple.com/article.html?artnum=307562
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01182588
http://httpd.apache.org/security/vulnerabilities_20.html
http://httpd.apache.org/security/vulnerabilities_22.html
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
http://lists.vmware.com/pipermail/security-announce/2009/000062.html
http://marc.info/?l=apache-cvs&m=118592992309395&w=2
http://marc.info/?l=apache-httpd-dev&m=118595556504202&w=2
http://marc.info/?l=apache-httpd-dev&m=118595953217856&w=2
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3847.json
https://api.first.org/data/v1/epss?cve=CVE-2007-3847
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847
http://secunia.com/advisories/26636
http://secunia.com/advisories/26722
http://secunia.com/advisories/26790
http://secunia.com/advisories/26842
http://secunia.com/advisories/26952
http://secunia.com/advisories/26993
http://secunia.com/advisories/27209
http://secunia.com/advisories/27563
http://secunia.com/advisories/27593
http://secunia.com/advisories/27732
http://secunia.com/advisories/27882
http://secunia.com/advisories/27971
http://secunia.com/advisories/28467
http://secunia.com/advisories/28606
http://secunia.com/advisories/28749
http://secunia.com/advisories/28922
http://secunia.com/advisories/29420
http://secunia.com/advisories/30430
http://security.gentoo.org/glsa/glsa-200711-06.xml
https://issues.rpath.com/browse/RPL-1710
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.595748
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10525
http://support.avaya.com/elmodocs2/security/ASA-2007-500.htm
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00353.html
http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951
http://www-1.ibm.com/support/docview.wss?uid=swg1PK50469
http://www-1.ibm.com/support/docview.wss?uid=swg1PK52702
http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html
http://www.mandriva.com/security/advisories?name=MDKSA-2007:235
http://www.novell.com/linux/security/advisories/2007_61_apache2.html
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html
http://www.redhat.com/support/errata/RHSA-2007-0746.html
http://www.redhat.com/support/errata/RHSA-2007-0747.html
http://www.redhat.com/support/errata/RHSA-2007-0911.html
http://www.redhat.com/support/errata/RHSA-2008-0005.html
http://www.securityfocus.com/archive/1/505990/100/0/threaded
http://www.securityfocus.com/bid/25489
http://www.securitytracker.com/id?1018633
http://www.ubuntu.com/usn/usn-575-1
http://www.us-cert.gov/cas/techalerts/TA08-150A.html
http://www.vupen.com/english/advisories/2007/3020
http://www.vupen.com/english/advisories/2007/3095
http://www.vupen.com/english/advisories/2007/3283
http://www.vupen.com/english/advisories/2007/3494
http://www.vupen.com/english/advisories/2007/3955
http://www.vupen.com/english/advisories/2008/0233
http://www.vupen.com/english/advisories/2008/0924/references
http://www.vupen.com/english/advisories/2008/1697
250731 https://bugzilla.redhat.com/show_bug.cgi?id=250731
441845 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=441845
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.3.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.3.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora_core:6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora_core:6:*:*:*:*:*:*:*
CVE-2007-3847 https://httpd.apache.org/security/json/CVE-2007-3847.json
CVE-2007-3847 https://nvd.nist.gov/vuln/detail/CVE-2007-3847
GLSA-200711-06 https://security.gentoo.org/glsa/200711-06
RHSA-2007:0746 https://access.redhat.com/errata/RHSA-2007:0746
RHSA-2007:0747 https://access.redhat.com/errata/RHSA-2007:0747
RHSA-2007:0911 https://access.redhat.com/errata/RHSA-2007:0911
RHSA-2008:0005 https://access.redhat.com/errata/RHSA-2008:0005
RHSA-2010:0602 https://access.redhat.com/errata/RHSA-2010:0602
USN-575-1 https://usn.ubuntu.com/575-1/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2007-3847
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.78558
EPSS Score 0.00583
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.