CVE-2007-6422

Publication date 8 January 2008

Last updated 24 July 2024

Ubuntu priority

The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.

Read the notes from the security team

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
apache2	7.10 gutsy	Fixed 2.2.4-3ubuntu0.1
	7.04 feisty	Fixed 2.2.3-3.2ubuntu2.1
	6.10 edgy	Fixed 2.0.55-4ubuntu4.2
	6.06 LTS dapper	Fixed 2.0.55-4ubuntu2.3

How can I get the fixes?
What do statuses mean?

Notes

jdstrand

redhat has patch

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-575-1
Apache vulnerabilities
4 February 2008

Other references

https://www.cve.org/CVERecord?id=CVE-2007-6422