CVE-2007-3847

Published: 23 August 2007

The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.

Priority

Status

Package	Release	Status
apache2 Launchpad, Ubuntu, Debian	dapper	Released (2.0.55-4ubuntu2.3)
	edgy	Released (2.0.55-4ubuntu4.2)
	feisty	Released (2.2.3-3.2ubuntu2.1)
	gutsy	Released (2.2.4-3ubuntu0.1)
	upstream	Needs triage
	Patches: upstream: http://marc.info/?l=apache-cvs&m=118592992309395&w=2

References

https://rhn.redhat.com/errata/RHSA-2007-0911.html
https://ubuntu.com/security/notices/USN-575-1
https://www.cve.org/CVERecord?id=CVE-2007-3847
NVD
Launchpad
Debian

Bugs

https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/163828

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›