Vulnerability Description
Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Http Server | >= 1.3.0, < 1.3.39 |
| Fedoraproject | Fedora | 7 |
| Redhat | Enterprise Linux Desktop | 5.0 |
| Redhat | Enterprise Linux Server | 5.0 |
| Redhat | Enterprise Linux Workstation | 5.0 |
| Canonical | Ubuntu Linux | 6.06 |
References
- ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.ascBroken Link
- http://bugs.gentoo.org/show_bug.cgi?id=186219Issue TrackingThird Party Advisory
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245111Issue TrackingThird Party Advisory
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01182588Third Party Advisory
- http://httpd.apache.org/security/vulnerabilities_13.htmlVendor Advisory
- http://httpd.apache.org/security/vulnerabilities_20.htmlVendor Advisory
- http://httpd.apache.org/security/vulnerabilities_22.htmlVendor Advisory
- http://lists.vmware.com/pipermail/security-announce/2009/000062.htmlMailing ListThird Party Advisory
- http://mail-archives.apache.org/mod_mbox/httpd-dev/200706.mbox/%3c20070629141032
- http://marc.info/?l=apache-httpd-dev&m=118252946632447&w=2Issue TrackingMailing ListThird Party Advisory
- http://osvdb.org/38939Broken Link
- http://rhn.redhat.com/errata/RHSA-2007-0556.htmlThird Party Advisory
- http://secunia.com/advisories/25827Not ApplicableVendor Advisory
- http://secunia.com/advisories/25830Not ApplicableVendor Advisory
- http://secunia.com/advisories/25920Not ApplicableVendor Advisory
FAQ
What is CVE-2007-3304?
CVE-2007-3304 is a vulnerability with a CVSS score of 4.7 (MEDIUM). Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary pro...
How severe is CVE-2007-3304?
CVE-2007-3304 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3304?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Http Server, Fedoraproject Fedora, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Workstation.