CVE-2007-1862

{"id": "CVE-2007-1862", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-06-04T23:30:00.000", "references": [{"url": "http://bugs.gentoo.org/show_bug.cgi?id=186219", "source": "secalert@redhat.com"}, {"url": "http://httpd.apache.org/security/vulnerabilities_22.html", "source": "secalert@redhat.com"}, {"url": "http://issues.apache.org/bugzilla/show_bug.cgi?id=41551", "source": "secalert@redhat.com"}, {"url": "http://osvdb.org/38641", "source": "secalert@redhat.com"}, {"url": "http://people.apache.org/~covener/2.2.x-mod_memcache-poolmgmt.diff", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/26273", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/26842", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/27563", "source": "secalert@redhat.com"}, {"url": "http://security.gentoo.org/glsa/glsa-200711-06.xml", "source": "secalert@redhat.com"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:127", "source": "secalert@redhat.com"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150", "source": "secalert@redhat.com"}, {"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", "source": "secalert@redhat.com"}, {"url": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/24553", "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2007/2231", "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2007/2727", "source": "secalert@redhat.com"}, {"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E", "source": "secalert@redhat.com"}, {"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E", "source": "secalert@redhat.com"}, {"url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E", "source": "secalert@redhat.com"}, {"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E", "source": "secalert@redhat.com"}, {"url": "https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E", "source": "secalert@redhat.com"}, {"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E", "source": "secalert@redhat.com"}, {"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E", "source": "secalert@redhat.com"}, {"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", "source": "secalert@redhat.com"}, {"url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E", "source": "secalert@redhat.com"}, {"url": "https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E", "source": "secalert@redhat.com"}, {"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E", "source": "secalert@redhat.com"}, {"url": "https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E", "source": "secalert@redhat.com"}, {"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", "source": "secalert@redhat.com"}, {"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information."}, {"lang": "es", "value": "La funci\u00f3n recall_headers en mod_mem_cache en Apache 2.2.4 no copia adecuadamente todos los niveles de la cabecera de los datos, lo cual puede provocar a Apache que las cabeceras HTTP contienen los datos previamente usados, que se podr\u00edan ser utilizados por los atacantes remotos para obtener informaci\u00f3n potencialmente sensible."}], "lastModified": "2023-11-07T02:00:30.287", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A894BED6-C97D-4DA4-A13D-9CB2B3306BC5"}], "operator": "OR"}]}], "vendorComments": [{"comment": "Not vulnerable. This issue was specific to httpd version 2.2.4 and did not affect the versions of httpd as shipped with Red Hat Enterprise Linux 2.1, 3, 4 or 5.\n", "lastModified": "2007-06-11T00:00:00", "organization": "Red Hat"}, {"comment": "Fixed in Apache HTTP Server 2.2.6. http://httpd.apache.org/security/vulnerabilities_22.html", "lastModified": "2008-07-02T00:00:00", "organization": "Apache"}], "sourceIdentifier": "secalert@redhat.com"}