Upstream information

CVE-2007-6420 at MITRE

Description

Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.3
Vector AV:N/AC:M/Au:N/C:N/I:P/A:N
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact Partial
Availability Impact None
SUSE Bugzilla entries: 353261 [RESOLVED / FIXED], 373903 [RESOLVED / FIXED], 422464 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Server 11 SP1
  • apache2 >= 2.2.10-2.24.5
  • apache2-doc >= 2.2.10-2.24.5
  • apache2-example-pages >= 2.2.10-2.24.5
  • apache2-prefork >= 2.2.10-2.24.5
  • apache2-utils >= 2.2.10-2.24.5
  • apache2-worker >= 2.2.10-2.24.5
Patchnames:
SUSE Linux Enterprise Server 11 SP1 GA apache2
SUSE Linux Enterprise Server 11 SP2
  • apache2 >= 2.2.12-1.28.1
  • apache2-doc >= 2.2.12-1.28.1
  • apache2-example-pages >= 2.2.12-1.28.1
  • apache2-prefork >= 2.2.12-1.28.1
  • apache2-utils >= 2.2.12-1.28.1
  • apache2-worker >= 2.2.12-1.28.1
Patchnames:
SUSE Linux Enterprise Server 11 SP2 GA apache2
SUSE Linux Enterprise Server 11 SP3
  • apache2 >= 2.2.12-1.38.2
  • apache2-doc >= 2.2.12-1.38.2
  • apache2-example-pages >= 2.2.12-1.38.2
  • apache2-prefork >= 2.2.12-1.38.2
  • apache2-utils >= 2.2.12-1.38.2
  • apache2-worker >= 2.2.12-1.38.2
Patchnames:
SUSE Linux Enterprise Server 11 SP3 GA apache2
SUSE Linux Enterprise Server 11 SP4
  • apache2 >= 2.2.12-1.51.52.1
  • apache2-doc >= 2.2.12-1.51.52.1
  • apache2-example-pages >= 2.2.12-1.51.52.1
  • apache2-prefork >= 2.2.12-1.51.52.1
  • apache2-utils >= 2.2.12-1.51.52.1
  • apache2-worker >= 2.2.12-1.51.52.1
Patchnames:
SUSE Linux Enterprise Server 11 SP4 GA apache2
SUSE Linux Enterprise Software Development Kit 11 SP4
  • apache2 >= 2.2.12-1.51.52.1
  • apache2-devel >= 2.2.12-1.51.52.1
  • apache2-doc >= 2.2.12-1.51.52.1
  • apache2-example-pages >= 2.2.12-1.51.52.1
  • apache2-prefork >= 2.2.12-1.51.52.1
  • apache2-utils >= 2.2.12-1.51.52.1
  • apache2-worker >= 2.2.12-1.51.52.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 11 SP4 GA apache2
SUSE Linux Enterprise SDK 10 SP2
  • apache2 >= 2.2.3-16.19
  • apache2-devel >= 2.2.3-16.19
  • apache2-doc >= 2.2.3-16.19
  • apache2-example-pages >= 2.2.3-16.19
  • apache2-prefork >= 2.2.3-16.19
  • apache2-worker >= 2.2.3-16.19
sles10.x86-64
sle10-sp1-sdk.ppc
sle10-sp2-sdk.ppc
sle10-sp2-sdk.s390x
sles10-sp2.s390x
sle10-sp1-sdk.ia64
sles10.s390x
sles10-sp2-debuginfo.ia64
sles10-sp2.x86-64
sles10-sp2.ppc
sles10-sp2.ia64
sles10-sp2-debuginfo.x86-64
sles10.x86
sles10-sp2-debuginfo.x86
sles10-sp2-debuginfo.s390x
sle10-sp1-sdk.x86
sles10.ia64
sle10-sp1-sdk.x86-64
sle10-sp2-sdk.ia64
sle10-sp1-sdk.s390x
sle10-sp2-sdk.x86
sles10.ppc
sle10-sp2-sdk.x86-64
sles10-sp2-debuginfo.ppc
sles10-sp2.x86
ZYPP Patch Nr: 5629
openSUSE 11.0
  • apache2-debuginfo >= 2.2.8-28.2
  • apache2-debugsource >= 2.2.8-28.2
openSUSE 11.0
  • apache2 >= 2.2.8-28.2
  • apache2-devel >= 2.2.8-28.2
  • apache2-doc >= 2.2.8-28.2
  • apache2-example-pages >= 2.2.8-28.2
  • apache2-prefork >= 2.2.8-28.2
  • apache2-utils >= 2.2.8-28.2
  • apache2-worker >= 2.2.8-28.2