CVE-2007-3847

Name of the Vulnerable Software and Affected Versions: Apache versions 2.3.0

Description: A flaw in the mod proxy module allows remote origin servers to cause a denial of service by crashing the caching forward proxy process. This can be achieved by sending crafted date headers that trigger a buffer over-read. On sites with a reverse proxy configuration, a remote attacker can send a carefully crafted request to cause the Apache child process to crash. Similarly, on sites with a forward proxy configuration, an attacker can cause a crash if a user visits a malicious site using the proxy, potentially leading to a denial of service when using a threaded Multi-Processing Module.

Recommendations: For Apache version 2.3.0, consider disabling the mod proxy module as a temporary workaround to minimize the risk of exploitation. Restrict access to the proxy util.c module to prevent crashes caused by crafted date headers. Avoid using the proxy until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.