{ "id": "CVE-2007-6423", "sourceIdentifier": "cve@mitre.org", "published": "2008-01-12T00:46:00.000", "lastModified": "2018-10-30T16:25:27.497", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue." }, { "lang": "es", "value": "** CUESTIONABLE ** Vulnerabilidad no especificada en mod_proxy_balancer para Apache HTTP Server 2.2.x, en versiones anteriores a la 2.2.7-dev, cuando se ejecuta en Windows, permite que atacantes remotos provoquen una corrupci\u00f3n de memoria usando una URL larga. NOTA: el vendedor no pudo reproducir el problema" } ], "vendorComments": [ { "organization": "Red Hat", "comment": "mod_proxy_balancer is included in the version of Apache HTTP Server as shipped in Red Hat Enterprise Linux 5 and Red Hat Application Stack v2. Red Hat was unable to reproduce this issue.", "lastModified": "2008-01-24T00:00:00" } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8 }, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-399" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:o:microsoft:windows_nt:*:*:*:*:*:*:*:*", "matchCriteriaId": "ED27882B-A02A-4D5F-9117-A47976C676E0" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:apache:http_server:-:*:*:*:*:*:*:*", "matchCriteriaId": "D623D8C0-65D2-4269-A1D4-5CB3899F44C8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "CCBBB7FE-35FC-4515-8393-5145339FCE4D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "F519633F-AB68-495A-B85E-FD41F9F752CA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "A894BED6-C97D-4DA4-A13D-9CB2B3306BC5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "34A847D1-5AD5-4EFD-B165-7602AFC1E656" } ] } ] } ], "references": [ { "url": "http://securityreason.com/securityalert/3523", "source": "cve@mitre.org" }, { "url": "http://www.securityfocus.com/archive/1/486169/100/0/threaded", "source": "cve@mitre.org" }, { "url": "http://www.securityfocus.com/bid/27236", "source": "cve@mitre.org" } ] }