CVE-2007-3304
MEDIUM severity · CVSS 4.7
4.7CVSS MEDIUM
Summary
Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
Impact & exploitability
Attack vectorLocal
Attack complexity—
Privileges required—
User interaction—
Confidentiality impactNone
Integrity impactNone
Availability impact—
Exploit probability (EPSS)3%
AV:L/AC:M/Au:N/C:N/I:N/A:C
Affected products we track (1)
Recommendation
Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.
Additional information
- NVD record
- http://httpd.apache.org/security/vulnerabilities_13.htmlAdvisory
- http://httpd.apache.org/security/vulnerabilities_20.htmlAdvisory
- http://httpd.apache.org/security/vulnerabilities_22.htmlAdvisory
- ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc
- http://bugs.gentoo.org/show_bug.cgi?id=186219Advisory
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245111Advisory
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01182588Advisory
- http://lists.vmware.com/pipermail/security-announce/2009/000062.htmlAdvisory