Red Hat Customer Portal

Skip to main content

CVE-2007-3304

Impact:
Moderate
Public Date:
2007-06-19
Bugzilla:
245111: CVE-2007-3304 httpd scoreboard lack of PID protection

The MITRE CVE dictionary describes this issue as:

Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."

Find out more about CVE-2007-3304 from the MITRE CVE dictionary dictionary and NIST NVD.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 3 (httpd) RHSA-2007:0662 2007-07-13
Red Hat Satellite Proxy v 4.2 (RHEL v.4 AS) (rhn-modperl) RHSA-2008:0523 2008-06-30
Red Hat Certificate System 7.3 for 4AS (xml-commons) RHSA-2010:0602 2010-08-04
Red Hat Satellite Proxy v 5.0 (RHEL v.4 AS) (rhn-modperl) RHSA-2008:0263 2008-05-20
Red Hat Enterprise Linux 2.1 (apache) RHSA-2007:0532 2007-06-26
Red Hat Satellite 5.0 (RHEL v.4 AS) (tomcat5) RHSA-2008:0261 2008-05-20
Red Hat Satellite v 4.2 (RHEL v.3 AS) (tomcat5) RHSA-2008:0524 2008-06-30
Red Hat Enterprise Linux 4 (httpd) RHSA-2007:0662 2007-07-13
Red Hat Satellite v 4.2 (RHEL v.4 AS) (tomcat5) RHSA-2008:0524 2008-06-30
Red Hat Satellite Proxy v 4.2 (RHEL v.3 AS) (rhn-modperl) RHSA-2008:0523 2008-06-30
Red Hat Enterprise Linux 5 (httpd) RHSA-2007:0556 2007-06-26
Red Hat Application Stack v1 for Enterprise Linux AS (v.4) (httpd) RHSA-2007:0557 2007-07-13