CVE-2007-6422

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.2.0 through 2.2.6

Description A flaw in the mod proxy balancer module allows remote authenticated users to cause a denial of service, resulting in a child process crash, when a threaded Multi-Processing Module is used. This can be achieved by sending a carefully crafted request with an invalid bb variable.

Recommendations For Apache HTTP Server versions 2.2.0 through 2.2.6, consider disabling the balancer handler function in the mod proxy balancer module as a temporary workaround to prevent exploitation. Restrict access to the mod proxy balancer module to minimize the risk of denial of service attacks. Avoid using the bb variable in requests to the affected module until the issue is resolved.