CVE-2007-3304

Public Exploit

Description

Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."

4.7
CVSS
Severity: Medium
CVSS 2.0 •
EPSS 0.13%
Vendor Advisory mandriva.com Vendor Advisory redhat.com Vendor Advisory ibm.com Vendor Advisory mandriva.com Vendor Advisory hp.com Vendor Advisory sun.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory novell.com Vendor Advisory redhat.com Vendor Advisory ibm.com Vendor Advisory trustix.org Vendor Advisory redhat.com Vendor Advisory gentoo.org Vendor Advisory sun.com Vendor Advisory ubuntu.com Vendor Advisory redhat.com Vendor Advisory sgi.com Vendor Advisory ibm.com Vendor Advisory apache.org Vendor Advisory apache.org Vendor Advisory apache.org Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com
Affected: n/a n/a
Published at:
Updated at:

References

Link Tags
http://secunia.com/advisories/28606 third party advisory not applicable
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245111 issue tracking third party advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:142 vendor advisory broken link
http://secunia.com/advisories/26822 not applicable third party advisory vendor advisory
http://www.vupen.com/english/advisories/2007/4305 vdb entry permissions required
http://www.vupen.com/english/advisories/2007/3420 vdb entry permissions required
http://www.redhat.com/support/errata/RHSA-2007-0557.html third party advisory vendor advisory
http://osvdb.org/38939 vdb entry broken link
http://www-1.ibm.com/support/docview.wss?uid=swg1PK52702 third party advisory vendor advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:140 vendor advisory broken link
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01182588 third party advisory vendor advisory
http://secunia.com/advisories/25827 not applicable third party advisory vendor advisory
http://secunia.com/advisories/25920 not applicable third party advisory vendor advisory
http://secunia.com/advisories/26993 not applicable third party advisory vendor advisory
http://secunia.com/advisories/28212 third party advisory not applicable
http://security.psnc.pl/files/apache_report.pdf third party advisory
http://www.securitytracker.com/id?1018304 vdb entry third party advisory broken link
http://secunia.com/advisories/27563 third party advisory not applicable
http://secunia.com/advisories/27732 third party advisory not applicable
http://svn.apache.org/viewvc?view=rev&revision=547987 third party advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103179-1 vendor advisory broken link
http://secunia.com/advisories/27209 third party advisory not applicable
http://www.redhat.com/support/errata/RHSA-2007-0662.html third party advisory vendor advisory
http://secunia.com/advisories/26790 not applicable third party advisory vendor advisory
http://rhn.redhat.com/errata/RHSA-2007-0556.html third party advisory vendor advisory
http://httpd.apache.org/security/vulnerabilities_20.html vendor advisory
http://www.novell.com/linux/security/advisories/2007_61_apache2.html vendor advisory broken link
http://www.securityfocus.com/archive/1/469899/100/0/threaded mailing list vdb entry third party advisory
http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html mailing list third party advisory vendor advisory
http://marc.info/?l=apache-httpd-dev&m=118252946632447&w=2 issue tracking mailing list third party advisory
http://secunia.com/advisories/26759 not applicable third party advisory vendor advisory
http://www.vupen.com/english/advisories/2007/3494 vdb entry permissions required
http://www-1.ibm.com/support/search.wss?rs=0&q=PK50467&apar=only third party advisory vendor advisory
http://www.trustix.org/errata/2007/0026/ vendor advisory broken link
http://www.redhat.com/errata/RHSA-2007-0532.html third party advisory vendor advisory
http://httpd.apache.org/security/vulnerabilities_22.html vendor advisory
https://issues.rpath.com/browse/RPL-1710 broken link
http://mail-archives.apache.org/mod_mbox/httpd-dev/200706.mbox/%3c20070629141032.GA15192%40redhat.com%3e mailing list
http://www.securityfocus.com/archive/1/505990/100/0/threaded mailing list vdb entry third party advisory
http://securityreason.com/securityalert/2814 third party advisory exploit
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11589 vdb entry third party advisory signature
http://secunia.com/advisories/27121 third party advisory not applicable
http://www.securityfocus.com/archive/1/471832/100/0/threaded mailing list vdb entry third party advisory
http://www.vupen.com/english/advisories/2008/0233 vdb entry permissions required
http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html third party advisory
http://secunia.com/advisories/26211 not applicable third party advisory vendor advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/35095 vdb entry third party advisory
http://secunia.com/advisories/26443 not applicable third party advisory vendor advisory
http://lists.vmware.com/pipermail/security-announce/2009/000062.html third party advisory mailing list
http://httpd.apache.org/security/vulnerabilities_13.html vendor advisory
http://security.gentoo.org/glsa/glsa-200711-06.xml third party advisory vendor advisory
http://secunia.com/advisories/28224 third party advisory not applicable
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200032-1 vendor advisory broken link
http://secunia.com/advisories/25830 not applicable third party advisory vendor advisory
http://www.securityfocus.com/bid/24215 vdb entry third party advisory
http://support.avaya.com/elmodocs2/security/ASA-2007-363.htm third party advisory
http://www.ubuntu.com/usn/usn-499-1 third party advisory vendor advisory
http://www.redhat.com/support/errata/RHSA-2008-0261.html third party advisory vendor advisory
http://secunia.com/advisories/26508 not applicable third party advisory vendor advisory
http://support.avaya.com/elmodocs2/security/ASA-2007-353.htm third party advisory
http://secunia.com/advisories/26842 not applicable third party advisory vendor advisory
http://www.vupen.com/english/advisories/2007/3283 vdb entry permissions required
ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc vendor advisory broken link
http://www-1.ibm.com/support/docview.wss?uid=swg1PK53984 third party advisory vendor advisory
http://www.vupen.com/english/advisories/2007/2727 vdb entry permissions required
http://secunia.com/advisories/26611 not applicable third party advisory vendor advisory
http://secunia.com/advisories/26273 not applicable third party advisory vendor advisory
http://bugs.gentoo.org/show_bug.cgi?id=186219 issue tracking third party advisory
http://www.vupen.com/english/advisories/2007/3100 vdb entry permissions required
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E mailing list

Frequently Asked Questions

What is the severity of CVE-2007-3304?
CVE-2007-3304 has been scored as a medium severity vulnerability.
How to fix CVE-2007-3304?
To fix CVE-2007-3304, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2007-3304 being actively exploited in the wild?
It is possible that CVE-2007-3304 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.