CVE-2007-3847

Publication date 23 August 2007

Last updated 24 July 2024

The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
apache2	7.10 gutsy	Fixed 2.2.4-3ubuntu0.1
	7.04 feisty	Fixed 2.2.3-3.2ubuntu2.1
	6.10 edgy	Fixed 2.0.55-4ubuntu4.2
	6.06 LTS dapper	Fixed 2.0.55-4ubuntu2.3

How can I get the fixes?
What do statuses mean?
Patch details

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
apache2	Upstream: http://marc.info/?l=apache-cvs&m=118592992309395&w=2

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-575-1
Apache vulnerabilities
4 February 2008

Other references

https://rhn.redhat.com/errata/RHSA-2007-0911.html
https://www.cve.org/CVERecord?id=CVE-2007-3847