CVE-2007-3303

NameCVE-2007-3303
DescriptionApache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
apache2 (PTS)buster2.4.38-3+deb10u8vulnerable
buster (security)2.4.59-1~deb10u1vulnerable
bullseye2.4.56-1~deb11u2vulnerable
bullseye (security)2.4.59-1~deb11u1vulnerable
bookworm2.4.57-2vulnerable
bookworm (security)2.4.59-1~deb12u1vulnerable
sid, trixie2.4.59-2vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
apache2source(unstable)(unfixed)unimportant

Notes

If you can execute arbitrary code, a DoS is not a problem.

Search for package or bug name: Reporting problems