Vulnerability Description
The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Http Server | 2.2.4 |
References
- http://bugs.gentoo.org/show_bug.cgi?id=186219
- http://httpd.apache.org/security/vulnerabilities_22.html
- http://issues.apache.org/bugzilla/show_bug.cgi?id=41551
- http://osvdb.org/38641
- http://people.apache.org/~covener/2.2.x-mod_memcache-poolmgmt.diff
- http://secunia.com/advisories/26273
- http://secunia.com/advisories/26842
- http://secunia.com/advisories/27563
- http://security.gentoo.org/glsa/glsa-200711-06.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:127
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
- http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
- http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.h
- http://www.securityfocus.com/bid/24553
- http://www.vupen.com/english/advisories/2007/2231
FAQ
What is CVE-2007-1862?
CVE-2007-1862 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which coul...
How severe is CVE-2007-1862?
CVE-2007-1862 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-1862?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Http Server.