Vulnerability CVE-2007-1862

Vulnerability Name:

CVE-2007-1862 (CCN-34984)

Assigned:

2007-02-06

Published:

2007-02-06

Updated:

2021-06-06

Summary:

The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Gain Access

References:

Vulnerable Configuration:

Configuration 1:

cpe:/a:apache:http_server:2.2.4:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:apache:http_server:2.2.4:*:*:*:*:*:*:*

AND

cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007.1::x86-64:*:*:*:*:*

OR cpe:/a:oracle:http_server:-:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20071862	V	CVE-2007-1862	2022-06-30
oval:org.opensuse.security:def:42270	P	Security update for permissions (Moderate)	2022-01-20
oval:org.opensuse.security:def:111948	P	apache2-2.4.49-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:31330	P	Security update for xorg-x11-server (Important)	2021-12-14
oval:org.opensuse.security:def:33045	P	Security update for postgresql96 (Important)	2021-11-22
oval:org.opensuse.security:def:31705	P	Security update for postgresql, postgresql13, postgresql14 (Important)	2021-11-20
oval:org.opensuse.security:def:31300	P	Security update for MozillaFirefox (Important)	2021-11-17
oval:org.opensuse.security:def:32214	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:31697	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:26145	P	Security update for the Linux Kernel (Important)	2021-10-12
oval:org.opensuse.security:def:105514	P	apache2-2.4.49-1.1 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:26131	P	Security update for xen (Moderate)	2021-09-21
oval:org.opensuse.security:def:33006	P	Security update for openssl (Low)	2021-09-20
oval:org.opensuse.security:def:26123	P	Security update for openssl-1_0_0 (Low)	2021-09-09
oval:org.opensuse.security:def:32158	P	Security update for dbus-1 (Important)	2021-08-02
oval:org.opensuse.security:def:32150	P	Security update for the Linux Kernel (Important)	2021-07-22
oval:org.opensuse.security:def:31656	P	Security update for systemd (Important)	2021-07-21
oval:org.opensuse.security:def:26092	P	Security update for the Linux Kernel (Important)	2021-07-20
oval:org.opensuse.security:def:31221	P	Security update for MozillaFirefox (Important)	2021-07-16
oval:org.opensuse.security:def:31208	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-06-18
oval:org.opensuse.security:def:31640	P	Security update for java-1_8_0-openjdk (Moderate)	2021-06-15
oval:org.opensuse.security:def:31634	P	Security update for qemu (Important)	2021-06-08
oval:org.opensuse.security:def:36082	P	apache2-2.2.12-1.51.52.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36370	P	apache2-2.2.12-1.51.52.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42489	P	apache2-2.2.12-1.51.52.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:32106	P	Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP3) (Important)	2021-06-04
oval:org.opensuse.security:def:26057	P	Security update for libX11 (Moderate)	2021-05-26
oval:org.opensuse.security:def:42074	P	Security update for libxml2 (Important)	2021-05-19
oval:org.opensuse.security:def:26043	P	Security update for bind (Important)	2021-05-04
oval:org.opensuse.security:def:32084	P	Security update for gdm (Important)	2021-04-28
oval:org.opensuse.security:def:31147	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)	2021-04-07
oval:org.opensuse.security:def:31745	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:31353	P	Security update for the Linux Kernel (Important)	2021-03-09
oval:org.opensuse.security:def:26208	P	Security update for git (Important)	2021-03-09
oval:org.opensuse.security:def:26204	P	Security update for freeradius-server (Low)	2021-03-04
oval:org.opensuse.security:def:32263	P	Security update for java-1_8_0-ibm (Important)	2021-02-26
oval:org.opensuse.security:def:31342	P	Security update for screen (Important)	2021-02-17
oval:org.opensuse.security:def:26189	P	Security update for subversion (Important)	2021-02-10
oval:org.opensuse.security:def:31331	P	Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP3) (Important)	2021-02-10
oval:org.opensuse.security:def:31744	P	Security update for MozillaFirefox (Important)	2021-01-12
oval:org.opensuse.security:def:31357	P	Security update for MozillaFirefox (Important)	2021-01-12
oval:org.opensuse.security:def:25973	P	Security update for the Linux Kernel (Important)	2020-12-09
oval:org.opensuse.security:def:31560	P	Security update for python-cryptography (Moderate)	2020-12-04
oval:org.opensuse.security:def:41929	P	apache2-2.2.10-2.24.5 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:32002	P	Security update for gdm (Important)	2020-12-03
oval:org.opensuse.security:def:35863	P	apache2-2.2.12-1.38.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35522	P	apache2-2.2.10-2.24.5 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35667	P	apache2-2.2.12-1.28.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:25425	P	Security update for bluez (Important)	2020-12-01
oval:org.opensuse.security:def:31858	P	Security update for cups (Important)	2020-12-01
oval:org.opensuse.security:def:25920	P	Security update for gstreamer-plugins-base (Moderate)	2020-12-01
oval:org.opensuse.security:def:25503	P	Security update for apache2 (Important)	2020-12-01
oval:org.opensuse.security:def:26363	P	Security update for libgit2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31135	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:25617	P	Security update for jasper (Low)	2020-12-01
oval:org.opensuse.security:def:26862	P	apache2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25995	P	Security update for mariadb (Moderate)	2020-12-01
oval:org.opensuse.security:def:25644	P	Security update for taglib (Low)	2020-12-01
oval:org.opensuse.security:def:32045	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:27333	P	xorg-x11-libXrender-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25752	P	Security update for libreoffice (Moderate)	2020-12-01
oval:org.opensuse.security:def:31955	P	Security update for gstreamer-0_10-plugins-good (Important)	2020-12-01
oval:org.opensuse.security:def:31549	P	Security update for screen (Low)	2020-12-01
oval:org.opensuse.security:def:25848	P	Security update for flex, at, bogofilter, cyrus-imapd, kdelibs4, libQtWebKit4, libbonobo, mdbtools, netpbm, openslp, sgmltool, virtuoso, libqt5-qtwebkit (Moderate)	2020-12-01
oval:org.opensuse.security:def:32324	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:25219	P	Security update for java-1_8_0-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:25805	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:32632	P	apache2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25631	P	Security update for tar (Moderate)	2020-12-01
oval:org.opensuse.security:def:31444	P	Security update for poppler (Moderate)	2020-12-01
oval:org.opensuse.security:def:25294	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:26598	P	libpulse-browse0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26632	P	puppet on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25643	P	Security update for hunspell (Low)	2020-12-01
oval:org.opensuse.security:def:25415	P	Security update for openldap2 (Important)	2020-12-01
oval:org.opensuse.security:def:31801	P	security update for xen (Moderate)	2020-12-01
oval:org.opensuse.security:def:26407	P	Security update for libmad (Moderate)	2020-12-01
oval:org.opensuse.security:def:30991	P	Security update for jakarta-commons-fileupload (Important)	2020-12-01
oval:org.opensuse.security:def:25698	P	Security update for dpdk (Moderate)	2020-12-01
oval:org.opensuse.security:def:31940	P	Recommended update for glibc (Moderate)	2020-12-01
oval:org.opensuse.security:def:26651	P	xen on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25835	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25650	P	Security update for SDL (Moderate)	2020-12-01
oval:org.opensuse.security:def:31889	P	Security update for evince (Important)	2020-12-01
oval:org.opensuse.security:def:27080	P	apache2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25073	P	Security update for sqlite3 (Important)	2020-12-01
oval:org.opensuse.security:def:31076	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25839	P	Security update for gimp (Moderate)	2020-12-01
oval:org.opensuse.security:def:32448	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:26261	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:25897	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:25085	P	Security update for permissions (Moderate)	2020-12-01
oval:org.opensuse.security:def:31445	P	Security update for poppler (Moderate)	2020-12-01
oval:org.opensuse.security:def:25849	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:25414	P	Security update for java-1_7_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:31766	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:26496	P	Security update for tmux (Moderate)	2020-12-01
oval:org.opensuse.security:def:25950	P	Security update for evince (Important)	2020-12-01
oval:org.opensuse.security:def:32827	P	apache2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25919	P	Security update for libplist (Moderate)	2020-12-01
oval:org.opensuse.security:def:25277	P	Security update for git (Important)	2020-12-01
oval:org.opensuse.security:def:31589	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:26349	P	Security update for redis (Moderate)	2020-12-01
oval:org.opensuse.security:def:26522	P	apache2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25489	P	Security update for pam_radius (Important)	2020-12-01
oval:org.opensuse.security:def:31915	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:26827	P	sysstat on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25931	P	Security update for libcares2 (Low)	2020-12-01
oval:org.opensuse.security:def:25560	P	Security update for openldap2 (Important)	2020-12-01
oval:org.opensuse.security:def:31996	P	Security update for java-1_7_1-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:26695	P	fetchmail on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31136	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:25916	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:31911	P	Security update for gcc43 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31548	P	Security update for sblim-sfcb (Moderate)	2020-12-01
oval:org.opensuse.security:def:25795	P	Security update for kernel-source (Important)	2020-12-01
oval:org.opensuse.security:def:27368	P	apache2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25218	P	Security update for samba (Moderate)	2020-12-01
oval:org.opensuse.security:def:25791	P	Security update for kernel-source (Moderate)	2020-12-01
oval:org.opensuse.security:def:32593	P	perl-HTML-Parser on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32368	P	Security update for tar (Moderate)	2020-12-01
oval:org.opensuse.security:def:25230	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:26549	P	ft2demos on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25994	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:25632	P	Security update for aspell (Moderate)	2020-12-01
oval:org.opensuse.security:def:25358	P	Security update for tomcat (Important)	2020-12-01
oval:org.opensuse.security:def:31600	P	Security update for tightvnc (Important)	2020-12-01
oval:org.opensuse.security:def:30990	P	Security update for jakarta-commons-fileupload	2020-12-01
oval:org.opensuse.security:def:25422	P	Security update for postgresql10 (Important)	2020-12-01
oval:org.opensuse.security:def:31784	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:26637	P	ruby on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26667	P	apache2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25707	P	Security update for java-1_7_1-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:25499	P	Security update for openldap2 (Important)	2020-12-01
oval:org.opensuse.security:def:31850	P	Security update for clamav (Moderate)	2020-12-01
oval:org.opensuse.security:def:27045	P	tgt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31002	P	Security update for java-1_6_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:25755	P	Security update for libreoffice (Moderate)	2020-12-01
oval:org.opensuse.security:def:31810	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25703	P	Security update for squid (Moderate)	2020-12-01
oval:org.opensuse.security:def:25074	P	Security update for cups (Important)	2020-12-01
oval:org.opensuse.security:def:25990	P	Security update for libvpx (Moderate)	2020-12-01
oval:org.opensuse.security:def:32302	P	Security update for python (Important)	2020-12-01
oval:org.opensuse.security:def:32487	P	apache2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25413	P	Security update for ucode-intel (Moderate)	2020-12-01
oval:org.opensuse.security:def:31416	P	Security update for php53 (Important)	2020-12-01
oval:org.opensuse.security:def:26345	P	Security update for libgit2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25936	P	Security update for libreoffice (Moderate)	2020-12-01
oval:org.opensuse.security:def:32788	P	star on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25149	P	Security update for openssl-1_1 (Important)	2020-12-01
oval:org.opensuse.security:def:31502	P	Security update for python27 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26310	P	Security update for Cloud Compute 12 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26487	P	Security update for redis (Moderate)	2020-12-01

BACK