CVE-2007-3304

medium

Apache

CVSS v3 Base Score

4.7

AV:L/AC:M/Au:N/C:N/I:N/A:C

EPSS Score

0.1%

Exploitation probability in 30 days

Top 73% most likely to be exploited

Attack Characteristics

Attack Vector

Local

Attack Complexity

Confidentiality

None

Integrity

None

Availability

Published: June 20, 2007 (6902 days ago)

Last Modified: April 23, 2026

Vendor: Apache

Source: NVD

Description

Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."

CWE

NVD-CWE-noinfo

Affected Products

apache http serverfedoraproject fedoraredhat enterprise linux desktopredhat enterprise linux serverredhat enterprise linux workstationcanonical ubuntu linux

References

🔗 patches.sgi.com 🔗 bugs.gentoo.org 🔗 bugzilla.redhat.com 🔗 h20000.www2.hp.com 🔗 httpd.apache.org

CVE-2007-3304

Vulnerability Report

Description

CWE

Affected Products

References