CVE-2007-6420

Published: Jan 12, 2008Modified: Apr 23, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.

Affected (10)

Products: Apache: Http Server · Canonical: Ubuntu Linux

1 product

1 product

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Apache Http Server	Version 2.2.0
Apache Http Server	Version 2.2.2
Apache Http Server	Version 2.2.3
Apache Http Server	Version 2.2.4
Apache Http Server	Version 2.2.5
Apache Http Server	Version 2.2.6
Apache Http Server	Version 2.2.8

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 6.06
Canonical Ubuntu Linux	Version 7.10
Canonical Ubuntu Linux	Version 8.04

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (62)

http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

Source: cve@mitre.org

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html

Source: cve@mitre.org

Broken Link

http://marc.info/?l=bugtraq&m=123376588623823&w=2

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/31026

Source: cve@mitre.org

Not Applicable

http://secunia.com/advisories/32222

Source: cve@mitre.org

Not Applicable

http://secunia.com/advisories/33797

Source: cve@mitre.org

Not Applicable

http://secunia.com/advisories/34219

Source: cve@mitre.org

Not Applicable

http://security.gentoo.org/glsa/glsa-200807-06.xml

Source: cve@mitre.org

Third Party Advisory

http://securityreason.com/securityalert/3523

Source: cve@mitre.org

Third Party Advisory

http://support.apple.com/kb/HT3216

Source: cve@mitre.org

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2008-0966.html

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/archive/1/486169/100/0/threaded

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/archive/1/494858/100/0/threaded

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/27236

Source: cve@mitre.org

PatchThird Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/31681

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-731-1

Source: cve@mitre.org

Third Party Advisory

http://www.vupen.com/english/advisories/2008/2780

Source: cve@mitre.org

Permissions Required

http://www.vupen.com/english/advisories/2009/0320

Source: cve@mitre.org

Permissions Required

https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E

Source: cve@mitre.org

PatchVendor Advisory

https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E

Source: cve@mitre.org

PatchVendor Advisory

https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E

Source: cve@mitre.org

PatchVendor Advisory

https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E

Source: cve@mitre.org

PatchVendor Advisory

https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E

Source: cve@mitre.org

PatchVendor Advisory

https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E

Source: cve@mitre.org

PatchVendor Advisory

https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E

Source: cve@mitre.org

PatchVendor Advisory

https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

Source: cve@mitre.org

PatchVendor Advisory

https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E

Source: cve@mitre.org

PatchVendor Advisory

https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E

Source: cve@mitre.org

PatchVendor Advisory

https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

Source: cve@mitre.org

Vendor Advisory

https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E

Source: cve@mitre.org

PatchVendor Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8371

Source: cve@mitre.org

Broken Link

http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html