CVE-2007-6420

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.

References

http://www.securityfocus.com/bid/27236

http://securityreason.com/securityalert/3523

http://security.gentoo.org/glsa/glsa-200807-06.xml

http://secunia.com/advisories/31026

http://www.securityfocus.com/bid/31681

http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

http://support.apple.com/kb/HT3216

http://secunia.com/advisories/32222

http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html

http://www.redhat.com/support/errata/RHSA-2008-0966.html

http://marc.info/?l=bugtraq&m=123376588623823&w=2

http://secunia.com/advisories/33797

http://www.ubuntu.com/usn/USN-731-1

http://secunia.com/advisories/34219

http://www.vupen.com/english/advisories/2009/0320

http://www.vupen.com/english/advisories/2008/2780

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8371

http://www.securityfocus.com/archive/1/494858/100/0/threaded

http://www.securityfocus.com/archive/1/486169/100/0/threaded

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

Details

Source: MITRE

Published: 2008-01-12

Updated: 2021-06-06

Type: CWE-352

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Tenable Plugins

View all (13 total)

IDNameProductFamilySeverity
39910openSUSE Security Update : apache2 (apache2-222)NessusSuSE Local Security Checks
medium
36589Ubuntu 6.06 LTS / 7.10 / 8.04 LTS : apache2 vulnerabilities (USN-731-1)NessusUbuntu Local Security Checks
medium
34779SuSE 10 Security Update : Apache 2 (ZYPP Patch Number 5767)NessusSuSE Local Security Checks
medium
34699openSUSE 10 Security Update : apache2 (apache2-5648)NessusSuSE Local Security Checks
medium
34698SuSE 10 Security Update : Apache 2 (ZYPP Patch Number 5629)NessusSuSE Local Security Checks
medium
34697openSUSE 10 Security Update : apache2 (apache2-5628)NessusSuSE Local Security Checks
medium
34374Mac OS X Multiple Vulnerabilities (Security Update 2008-007)NessusMacOS X Local Security Checks
critical
33477Apache 2.2.x < 2.2.9 Multiple Vulnerabilities (DoS, XSS)NessusWeb Servers
medium
33473GLSA-200807-06 : Apache: Denial of ServiceNessusGentoo Local Security Checks
medium
33242FreeBSD : apache -- multiple vulnerabilities (c84dc9ad-41f7-11dd-a4f9-00163e000016)NessusFreeBSD Local Security Checks
medium
4385Apache < 2.2.8 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
high
4579Apache < 2.2.9 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
high
800581Apache < 2.2.8 Multiple VulnerabilitiesLog Correlation EngineWeb Servers
low