>> Redhat Security Update Fixes Apache and httpd Denial of Service Vulnerabilities
Title : Redhat Security Update Fixes Apache and httpd Denial of Service Vulnerabilities VUPEN ID : VUPEN/ADV-2007-2357 CVE ID : CVE-2006-5752 - CVE-2007-1863 - CVE-2007-3304
Rated as : Moderate Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2007-06-28
Technical Description
Multiple vulnerabilities have been identified in Redhat, which could be exploited by attackers to execute arbitrary scripting code or cause a denial of service.
The first issue is caused by an error in the server-status page within the mod_status module when processing malformed data, which could be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser in the security context of an affected Web site.
The second vulnerability is caused by an error in the mod_cache module when processing specially crafted HTTP requests, which could be exploited by attackers to cause the Apache child process handling that request to crash, creating a denial of service condition.
The third issue is caused by an error when sending signals, which could be exploited by a local attacker with the ability to run scripts on the Apache server to manipulate the scoreboard and cause arbitrary processes to be terminated, creating a denial of service condition.
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback If you have additional information or corrections for this security advisory please submit them via our contact form.
