Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
CVSS Score
4.3
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Http Server | 2.2.0 |
| Canonical | Ubuntu Linux | 6.06 |
Related Weaknesses (CWE)
References
- http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.htmlMailing List
- http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.htmlBroken Link
- http://marc.info/?l=bugtraq&m=123376588623823&w=2Third Party Advisory
- http://secunia.com/advisories/31026Not Applicable
- http://secunia.com/advisories/32222Not Applicable
- http://secunia.com/advisories/33797Not Applicable
- http://secunia.com/advisories/34219Not Applicable
- http://security.gentoo.org/glsa/glsa-200807-06.xmlThird Party Advisory
- http://securityreason.com/securityalert/3523Third Party Advisory
- http://support.apple.com/kb/HT3216Third Party Advisory
- http://www.redhat.com/support/errata/RHSA-2008-0966.htmlThird Party Advisory
- http://www.securityfocus.com/archive/1/486169/100/0/threadedThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/archive/1/494858/100/0/threadedThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/27236PatchThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/31681Third Party AdvisoryVDB Entry
FAQ
What is CVE-2007-6420?
CVE-2007-6420 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
How severe is CVE-2007-6420?
CVE-2007-6420 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-6420?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Http Server, Canonical Ubuntu Linux.