Description

The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.

Remediation

References

CVE-2007-3847

Related Vulnerabilities

PHP-Fusion Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-15041)

CKEditor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-9281)

WordPress Plugin Essential Widgets Security Bypass (1.8)

WordPress Plugin Dokan-Best WooCommerce Multivendor Marketplace Solution-Build Your Own Amazon, eBay, Etsy Cross-Site Request Forgery (3.0.8)

Django Improper Certificate Validation Vulnerability (CVE-2020-13254)

Severity

Medium

Classification

CVE-2007-3847 CWE-125

Tags

Missing Update Known Vulnerabilities