Headline
CVE-2007-3304
Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka “SIGUSR1 killer.”
%PDF-1.4 %�쏢 5 0 obj <> stream G�<��H�/���h�����9��i$�lJ���;i�����L���Oe���8̎ ,�m�@���vz5ҽGL>:�������� V���_�(�~u�&��/y�.����GӨG;�e<��6��טl����P�I���y^��W�4=w�?���j2Yl"l��-�}M8���LjBD��`h� ���%���cN92v��Ű ��0ߋ;;���Aq����~Ӭ��5萸go�DS�՝:��0�)�1��2�7[�?K��KX&{���]�w}����q�BJP!F�T&ˌ*F�?kz;�-t’~��s�w�!�n1��X� �5!�Ƨ�$�kイ-�PW ۖ�L�>Z�~�Z����Q+�’K�8!!���͕N����$� E#��(ςk�~<:�B�Y���DZY��QL_ ����~p ��_O���w�2w�Ma��$Am�B��L����x�<�1N=~���F���Gl�����I|���>�S� 5^�K����.c�� �КD�$Z�>�v���i��_��=8���-\.EU�ښ#�" u�K,��f�ô�P��xb��;�� ��6��0mY�䭼��� r�~��lP�-���4h���F��Z�ZH]�!#�#r��)���Ȑ�LU���]H)p-Rؼ��E��,�~tcM���k��s��.4�1J#m�i��K�a 7?}գ�w����5% R_*���Z�����f8$L� fl��~\’��֟����&�Тy+��I�.��2��ӨP�>:H�/�����#��×��’:�`vl���wP�-�RQ���e����zH��?E’">$1Ǖ�8ڻ#�`�j�g���ոa�K��g�N0��Tc�"!�g$�f%j>���F@?����wjF���k2E�dܭ�f��M�,L ��2Ĥ�ͱ�!�������~`���E#k����Cb�P� ��}w��ܧ���Z]z:�$�v��W�g�+!m� ����� �’��"�����R�a� ��ti�a=�&������}��$5�k�ζ���^
Related news
protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.