Description

The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.

Remediation

References

CVE-2007-3847

Related Vulnerabilities

Oracle Application Server CVE-2008-0340 Vulnerability (CVE-2008-0340)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-47795)

XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-29209)

Rukovoditel Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-13591)

PHP Other Vulnerability (CVE-2007-1376)

Severity

Medium

Classification

CVE-2007-3847 CWE-125

Tags

Missing Update Known Vulnerabilities