ID

VAR-201110-0291

CVE

CVE-2011-3368

TITLE

Apache HTTP Server Multiple mode input validation error vulnerability

DESCRIPTION

The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character. Apache HTTP Server is prone to an information disclosure vulnerability. An attacker can exploit this vulnerability to gain access to sensitive information. Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=490 The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: a932d2685c4daa809378200b0524c317 2009.0/i586/apache-base-2.2.9-12.13mdv2009.0.i586.rpm 73bdf263d888a5f14964004c12f6fe56 2009.0/i586/apache-devel-2.2.9-12.13mdv2009.0.i586.rpm c708cc744997e378b405e924013d4051 2009.0/i586/apache-htcacheclean-2.2.9-12.13mdv2009.0.i586.rpm fb42f0b16e0cf0b9b99f50875fb934b0 2009.0/i586/apache-mod_authn_dbd-2.2.9-12.13mdv2009.0.i586.rpm c150a3f0ab2f0447cc1314c561cbbb8a 2009.0/i586/apache-mod_cache-2.2.9-12.13mdv2009.0.i586.rpm 342a4ab8754a878929422d07d322db34 2009.0/i586/apache-mod_dav-2.2.9-12.13mdv2009.0.i586.rpm 150cca6180699492bbf350f1f23aa6fd 2009.0/i586/apache-mod_dbd-2.2.9-12.13mdv2009.0.i586.rpm 52f30a67eb099d7e1d20686c69fdd541 2009.0/i586/apache-mod_deflate-2.2.9-12.13mdv2009.0.i586.rpm f5b5a5039cc5f13c286d5cd55276cb70 2009.0/i586/apache-mod_disk_cache-2.2.9-12.13mdv2009.0.i586.rpm 903303f230149fbe88f8a5cc1c0ee960 2009.0/i586/apache-mod_file_cache-2.2.9-12.13mdv2009.0.i586.rpm 0df9ce8e9b3c4021d4bd0f13f8911ba1 2009.0/i586/apache-mod_ldap-2.2.9-12.13mdv2009.0.i586.rpm 7c96bb3725f64ea03820aae6b45b2a6d 2009.0/i586/apache-mod_mem_cache-2.2.9-12.13mdv2009.0.i586.rpm 2983af54ab604883a7cc64cf9972955a 2009.0/i586/apache-mod_proxy-2.2.9-12.13mdv2009.0.i586.rpm bda1fb3d243ea97a8ec115609a3c1e36 2009.0/i586/apache-mod_proxy_ajp-2.2.9-12.13mdv2009.0.i586.rpm cbe3ba0bad95f397071a9ab04a3a97c5 2009.0/i586/apache-mod_ssl-2.2.9-12.13mdv2009.0.i586.rpm 632c6ae498759436b83487afaef9f9df 2009.0/i586/apache-modules-2.2.9-12.13mdv2009.0.i586.rpm 0f0e190bf2026886f088ffeaf243b44f 2009.0/i586/apache-mod_userdir-2.2.9-12.13mdv2009.0.i586.rpm 8556f5990544d1e239565435f704015e 2009.0/i586/apache-mpm-event-2.2.9-12.13mdv2009.0.i586.rpm f69859bb9197171c5edc309031cfcd4f 2009.0/i586/apache-mpm-itk-2.2.9-12.13mdv2009.0.i586.rpm 894a436dc5bd4d4177f6de362de510a3 2009.0/i586/apache-mpm-peruser-2.2.9-12.13mdv2009.0.i586.rpm b88c688e5bf7555e44630012f1b87755 2009.0/i586/apache-mpm-prefork-2.2.9-12.13mdv2009.0.i586.rpm bcdd82b6d4846966c402a2dd5d7b641d 2009.0/i586/apache-mpm-worker-2.2.9-12.13mdv2009.0.i586.rpm 21b54c80dadc67221ad5cc0329343d55 2009.0/i586/apache-source-2.2.9-12.13mdv2009.0.i586.rpm c2b11978f4becbae462db2bf020a0bd7 2009.0/SRPMS/apache-2.2.9-12.13mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 91af9d7b14f280ccbd94d1e93c2115a5 2009.0/x86_64/apache-base-2.2.9-12.13mdv2009.0.x86_64.rpm 4289dbcf5d435f144115d37f9a118e9b 2009.0/x86_64/apache-devel-2.2.9-12.13mdv2009.0.x86_64.rpm e7e7888ed2d7e82ce4f55d319dc354d7 2009.0/x86_64/apache-htcacheclean-2.2.9-12.13mdv2009.0.x86_64.rpm 5341f9396f6860b1deaf1badfed9c6f2 2009.0/x86_64/apache-mod_authn_dbd-2.2.9-12.13mdv2009.0.x86_64.rpm af81e40dab85a97d2d913b6c3a2e5ba3 2009.0/x86_64/apache-mod_cache-2.2.9-12.13mdv2009.0.x86_64.rpm bf09f623437776e4bb584ef70a58065a 2009.0/x86_64/apache-mod_dav-2.2.9-12.13mdv2009.0.x86_64.rpm d9394a8d7fa6fd9a7102599dbaa36138 2009.0/x86_64/apache-mod_dbd-2.2.9-12.13mdv2009.0.x86_64.rpm 5ad77a367640a35948e99c58ba2e9aaa 2009.0/x86_64/apache-mod_deflate-2.2.9-12.13mdv2009.0.x86_64.rpm eca18218ed5884129356e14739b4284c 2009.0/x86_64/apache-mod_disk_cache-2.2.9-12.13mdv2009.0.x86_64.rpm a1e6fe40413404fcd9e45ee862f1448d 2009.0/x86_64/apache-mod_file_cache-2.2.9-12.13mdv2009.0.x86_64.rpm 0d3490eb0a83cd266be094a7a831926b 2009.0/x86_64/apache-mod_ldap-2.2.9-12.13mdv2009.0.x86_64.rpm 61c1baacc989919e0955c1e5714e92eb 2009.0/x86_64/apache-mod_mem_cache-2.2.9-12.13mdv2009.0.x86_64.rpm 1ff3ec27c26302c9ebe724ec699edbda 2009.0/x86_64/apache-mod_proxy-2.2.9-12.13mdv2009.0.x86_64.rpm da1080d1dfaa0e5c17736b6efc614f65 2009.0/x86_64/apache-mod_proxy_ajp-2.2.9-12.13mdv2009.0.x86_64.rpm c47fc6b7f4a3b4824ef9009cfc03ebf9 2009.0/x86_64/apache-mod_ssl-2.2.9-12.13mdv2009.0.x86_64.rpm 603804201a58c4bde7eeb9254d0caf6b 2009.0/x86_64/apache-modules-2.2.9-12.13mdv2009.0.x86_64.rpm 456ca4697133a089f004a1f54213c600 2009.0/x86_64/apache-mod_userdir-2.2.9-12.13mdv2009.0.x86_64.rpm b113323596d0bdb88824c9e940025dab 2009.0/x86_64/apache-mpm-event-2.2.9-12.13mdv2009.0.x86_64.rpm be041721f9abceb50d65bdb6edd37352 2009.0/x86_64/apache-mpm-itk-2.2.9-12.13mdv2009.0.x86_64.rpm 9099961b1c82d68ef972116ebe44c6f7 2009.0/x86_64/apache-mpm-peruser-2.2.9-12.13mdv2009.0.x86_64.rpm b1ca9a27d4c02fd845ffbb62b9adb8e5 2009.0/x86_64/apache-mpm-prefork-2.2.9-12.13mdv2009.0.x86_64.rpm d67c2ef4282309256e51163e67044d8c 2009.0/x86_64/apache-mpm-worker-2.2.9-12.13mdv2009.0.x86_64.rpm b4972efcb6cb7e4dc5263e7d1e39dea5 2009.0/x86_64/apache-source-2.2.9-12.13mdv2009.0.x86_64.rpm c2b11978f4becbae462db2bf020a0bd7 2009.0/SRPMS/apache-2.2.9-12.13mdv2009.0.src.rpm Mandriva Linux 2010.1: 050b032c27a587a8e3cc7b7f26752255 2010.1/i586/apache-base-2.2.15-3.4mdv2010.2.i586.rpm cdd5c06f86c9eb38160d95fa5e1e429b 2010.1/i586/apache-devel-2.2.15-3.4mdv2010.2.i586.rpm c390e7597d9dfe9617d70ab3f5192d43 2010.1/i586/apache-htcacheclean-2.2.15-3.4mdv2010.2.i586.rpm d96559be627d94d45775e414ec0ae524 2010.1/i586/apache-mod_authn_dbd-2.2.15-3.4mdv2010.2.i586.rpm f3e11be1e0dd737b7a5137920912bfb1 2010.1/i586/apache-mod_cache-2.2.15-3.4mdv2010.2.i586.rpm 702df82aa3df33ac2d085f4d927e6f0d 2010.1/i586/apache-mod_dav-2.2.15-3.4mdv2010.2.i586.rpm af12753e0e90d50fbab8460d52cd70b2 2010.1/i586/apache-mod_dbd-2.2.15-3.4mdv2010.2.i586.rpm dccbb7742f2eb8bf9dd6fc6dbd4f9655 2010.1/i586/apache-mod_deflate-2.2.15-3.4mdv2010.2.i586.rpm 26757766ba1bd4a9c7148d04588fe50c 2010.1/i586/apache-mod_disk_cache-2.2.15-3.4mdv2010.2.i586.rpm d668ff48b06e5b32d455af7aaae33480 2010.1/i586/apache-mod_file_cache-2.2.15-3.4mdv2010.2.i586.rpm 4287845377dc115e5a1585729d8e6b15 2010.1/i586/apache-mod_ldap-2.2.15-3.4mdv2010.2.i586.rpm 168abd8c322604f7024a90457ced5c16 2010.1/i586/apache-mod_mem_cache-2.2.15-3.4mdv2010.2.i586.rpm 58fc1f1ae0c7028a8eac5280922482ba 2010.1/i586/apache-mod_proxy-2.2.15-3.4mdv2010.2.i586.rpm f32d9ff3f404d49b46b8b63a7597623f 2010.1/i586/apache-mod_proxy_ajp-2.2.15-3.4mdv2010.2.i586.rpm a6d6b0dc82a12609a105b7f13a60c52d 2010.1/i586/apache-mod_proxy_scgi-2.2.15-3.4mdv2010.2.i586.rpm 01ac6784b890fc3f205ab58fa2708b0c 2010.1/i586/apache-mod_reqtimeout-2.2.15-3.4mdv2010.2.i586.rpm 7d40b5f9566bbcb5a36a240f3e2281e6 2010.1/i586/apache-mod_ssl-2.2.15-3.4mdv2010.2.i586.rpm febac785b16900b8f8630277b12f732e 2010.1/i586/apache-modules-2.2.15-3.4mdv2010.2.i586.rpm 30c0051b4519bfc682da86ef5008fee4 2010.1/i586/apache-mod_userdir-2.2.15-3.4mdv2010.2.i586.rpm b7991fb35067f7f5b8c43fef70f6c6c1 2010.1/i586/apache-mpm-event-2.2.15-3.4mdv2010.2.i586.rpm bcc42aefa1d5edc1c8b28d0e87837ba9 2010.1/i586/apache-mpm-itk-2.2.15-3.4mdv2010.2.i586.rpm 6dd2d6c2c254cdc416cb6394c3ce4642 2010.1/i586/apache-mpm-peruser-2.2.15-3.4mdv2010.2.i586.rpm b075b7a1a5db8e549513862019dc4d49 2010.1/i586/apache-mpm-prefork-2.2.15-3.4mdv2010.2.i586.rpm f0a4446d35eb202894a258137c9a39ca 2010.1/i586/apache-mpm-worker-2.2.15-3.4mdv2010.2.i586.rpm 3662189a98719d869c6cd92339037634 2010.1/i586/apache-source-2.2.15-3.4mdv2010.2.i586.rpm 3f523608f5ede71397a35e53d7a82ad9 2010.1/SRPMS/apache-2.2.15-3.4mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: c2817045a41cac3a60c6050d0c96ed2d 2010.1/x86_64/apache-base-2.2.15-3.4mdv2010.2.x86_64.rpm ba029050d298b8bf7bdfd0ff0d8dfff2 2010.1/x86_64/apache-devel-2.2.15-3.4mdv2010.2.x86_64.rpm 9ab0bb04fa5cbab380fc7f4002672f6d 2010.1/x86_64/apache-htcacheclean-2.2.15-3.4mdv2010.2.x86_64.rpm 514f0faa3e12f9a837c80d18c42f096e 2010.1/x86_64/apache-mod_authn_dbd-2.2.15-3.4mdv2010.2.x86_64.rpm 869f6fc17fcb140345c6fc426f00a372 2010.1/x86_64/apache-mod_cache-2.2.15-3.4mdv2010.2.x86_64.rpm b271b637ef95644aca494751bacb305e 2010.1/x86_64/apache-mod_dav-2.2.15-3.4mdv2010.2.x86_64.rpm 8c1bf792dd53c4cf534eeb66149a021a 2010.1/x86_64/apache-mod_dbd-2.2.15-3.4mdv2010.2.x86_64.rpm 80427734c2bdcb88998cd8f00d518a63 2010.1/x86_64/apache-mod_deflate-2.2.15-3.4mdv2010.2.x86_64.rpm 9d436dfa48708ff1c67430c9f96e744a 2010.1/x86_64/apache-mod_disk_cache-2.2.15-3.4mdv2010.2.x86_64.rpm 43d6300c4cdcd128bd8713009a4b9422 2010.1/x86_64/apache-mod_file_cache-2.2.15-3.4mdv2010.2.x86_64.rpm d26fb68836d1f1238091ef30e2a29b2b 2010.1/x86_64/apache-mod_ldap-2.2.15-3.4mdv2010.2.x86_64.rpm f2a231754bbbe745ad472418a1e68dba 2010.1/x86_64/apache-mod_mem_cache-2.2.15-3.4mdv2010.2.x86_64.rpm 69a2515e03e42ca836a7d880ae6d1048 2010.1/x86_64/apache-mod_proxy-2.2.15-3.4mdv2010.2.x86_64.rpm 2a334acc8b0e681c2523d73ba2020980 2010.1/x86_64/apache-mod_proxy_ajp-2.2.15-3.4mdv2010.2.x86_64.rpm 082e3a971973d41d007f6ee8d433a964 2010.1/x86_64/apache-mod_proxy_scgi-2.2.15-3.4mdv2010.2.x86_64.rpm d0240e4907c53cbc15c38f852f3523f2 2010.1/x86_64/apache-mod_reqtimeout-2.2.15-3.4mdv2010.2.x86_64.rpm 8947c120a2346c5e608de186e0a3ee75 2010.1/x86_64/apache-mod_ssl-2.2.15-3.4mdv2010.2.x86_64.rpm 52b797f3e31ed58daff164b3f9339440 2010.1/x86_64/apache-modules-2.2.15-3.4mdv2010.2.x86_64.rpm 568ce8efc2c5d87f5a65f2c2c3f552c8 2010.1/x86_64/apache-mod_userdir-2.2.15-3.4mdv2010.2.x86_64.rpm bc0ad260619fa1513c749f44e6842bfa 2010.1/x86_64/apache-mpm-event-2.2.15-3.4mdv2010.2.x86_64.rpm 2eff14b46b530cd91d8025d0bf36970c 2010.1/x86_64/apache-mpm-itk-2.2.15-3.4mdv2010.2.x86_64.rpm c15a1dc4de6a830b3ef6151f4bab901c 2010.1/x86_64/apache-mpm-peruser-2.2.15-3.4mdv2010.2.x86_64.rpm f016b8856f9426c49798f993197fcd64 2010.1/x86_64/apache-mpm-prefork-2.2.15-3.4mdv2010.2.x86_64.rpm 71bc0152b74ef1a03349b275abb7145d 2010.1/x86_64/apache-mpm-worker-2.2.15-3.4mdv2010.2.x86_64.rpm c9d21030172baaedbe9bc8d438c8285b 2010.1/x86_64/apache-source-2.2.15-3.4mdv2010.2.x86_64.rpm 3f523608f5ede71397a35e53d7a82ad9 2010.1/SRPMS/apache-2.2.15-3.4mdv2010.2.src.rpm Mandriva Linux 2011: fdf647dc322f45ba25112fb18761a8ca 2011/i586/apache-base-2.2.21-0.2-mdv2011.0.i586.rpm b1cd17efb6f49779d3f1608f7ce12317 2011/i586/apache-devel-2.2.21-0.2-mdv2011.0.i586.rpm 5003144977743f8092bc2657bb8a5744 2011/i586/apache-htcacheclean-2.2.21-0.2-mdv2011.0.i586.rpm 20b63b8bad01f15558bed39ae77735ad 2011/i586/apache-mod_authn_dbd-2.2.21-0.2-mdv2011.0.i586.rpm 30d70e38df5ab5395a8fb2ded1eeb24d 2011/i586/apache-mod_cache-2.2.21-0.2-mdv2011.0.i586.rpm efecc88f522b8ceda095c150bb79b8c1 2011/i586/apache-mod_dav-2.2.21-0.2-mdv2011.0.i586.rpm 38c556b4325441228f38fb13db21334d 2011/i586/apache-mod_dbd-2.2.21-0.2-mdv2011.0.i586.rpm 8838bc6f398879fc4a012e72fa0460f6 2011/i586/apache-mod_deflate-2.2.21-0.2-mdv2011.0.i586.rpm b17372865f84422d9159cc7bec915918 2011/i586/apache-mod_disk_cache-2.2.21-0.2-mdv2011.0.i586.rpm d5a6b009940820ce886c5562c1aaec51 2011/i586/apache-mod_file_cache-2.2.21-0.2-mdv2011.0.i586.rpm 2622ca1fd2eb31d57bf7dd8739862f6f 2011/i586/apache-mod_ldap-2.2.21-0.2-mdv2011.0.i586.rpm 2b5cfd82bfe043be558c5f64b793eae4 2011/i586/apache-mod_mem_cache-2.2.21-0.2-mdv2011.0.i586.rpm 4a931dcee38c86bb12de9f0e2981c11a 2011/i586/apache-mod_proxy-2.2.21-0.2-mdv2011.0.i586.rpm 2f8fb519cb0a2617c3bc87a211af441f 2011/i586/apache-mod_proxy_ajp-2.2.21-0.2-mdv2011.0.i586.rpm 66c2411ece3b4e6d3e77526869fac866 2011/i586/apache-mod_proxy_scgi-2.2.21-0.2-mdv2011.0.i586.rpm 75eef4373837415e36372776380819f7 2011/i586/apache-mod_reqtimeout-2.2.21-0.2-mdv2011.0.i586.rpm fa70ff654b3efe6d28969aa7460a9977 2011/i586/apache-mod_ssl-2.2.21-0.2-mdv2011.0.i586.rpm dc3a2f9f654727148ec6623a7f68aa3d 2011/i586/apache-modules-2.2.21-0.2-mdv2011.0.i586.rpm 4b7d982f9a0e16c75e3d62127651bd73 2011/i586/apache-mod_userdir-2.2.21-0.2-mdv2011.0.i586.rpm 46dd5bf60e0cc8aaa098136ffbc4d1f8 2011/i586/apache-mpm-event-2.2.21-0.2-mdv2011.0.i586.rpm 750b7f77b7ac0ed715427869af54fa33 2011/i586/apache-mpm-itk-2.2.21-0.2-mdv2011.0.i586.rpm 1a67882e778e3f3bc89b0ef45f039ea6 2011/i586/apache-mpm-peruser-2.2.21-0.2-mdv2011.0.i586.rpm 7e85783e129e133a4b4de06484f50597 2011/i586/apache-mpm-prefork-2.2.21-0.2-mdv2011.0.i586.rpm b3ed18bc46d66240096aa65f5c557ff9 2011/i586/apache-mpm-worker-2.2.21-0.2-mdv2011.0.i586.rpm 1a80519a9a4a5b83d6c136506eeb5ae0 2011/i586/apache-source-2.2.21-0.2-mdv2011.0.i586.rpm 0208ab576bca6346db61084a4247c585 2011/SRPMS/apache-2.2.21-0.2.src.rpm Mandriva Linux 2011/X86_64: 87da9845764ce52f30350a2da3f1bb50 2011/x86_64/apache-base-2.2.21-0.2-mdv2011.0.x86_64.rpm 382426ba9336ddd28b26a25e3306effa 2011/x86_64/apache-devel-2.2.21-0.2-mdv2011.0.x86_64.rpm d39b4ad5420a27e886ee33102753611e 2011/x86_64/apache-htcacheclean-2.2.21-0.2-mdv2011.0.x86_64.rpm b9f07f25fada0f52f8467dc390b6c910 2011/x86_64/apache-mod_authn_dbd-2.2.21-0.2-mdv2011.0.x86_64.rpm 396f1addba810264b4d7d8eac405c05d 2011/x86_64/apache-mod_cache-2.2.21-0.2-mdv2011.0.x86_64.rpm ae6cd0e23ccd835177f060debb4c373a 2011/x86_64/apache-mod_dav-2.2.21-0.2-mdv2011.0.x86_64.rpm 75131d0a822f92b946a28f4c29925018 2011/x86_64/apache-mod_dbd-2.2.21-0.2-mdv2011.0.x86_64.rpm 88301617766cafe8e1d142ec30ff7a32 2011/x86_64/apache-mod_deflate-2.2.21-0.2-mdv2011.0.x86_64.rpm 7f03884c099d174c94ab2ca5c74ddb5f 2011/x86_64/apache-mod_disk_cache-2.2.21-0.2-mdv2011.0.x86_64.rpm ee9d59bf2fde441bdeadd810f6f624ee 2011/x86_64/apache-mod_file_cache-2.2.21-0.2-mdv2011.0.x86_64.rpm 60e5e7c1df99feaf019f5203deae62cf 2011/x86_64/apache-mod_ldap-2.2.21-0.2-mdv2011.0.x86_64.rpm c138331a28ac50ba59cab8499a6c8b5d 2011/x86_64/apache-mod_mem_cache-2.2.21-0.2-mdv2011.0.x86_64.rpm 1d8183c8b428f6a824a1f9b7a1335124 2011/x86_64/apache-mod_proxy-2.2.21-0.2-mdv2011.0.x86_64.rpm 587a07a541fb759edf6cf4e7723a8f13 2011/x86_64/apache-mod_proxy_ajp-2.2.21-0.2-mdv2011.0.x86_64.rpm 643d55f506ddc7e2d8d9eeb370a7d5d0 2011/x86_64/apache-mod_proxy_scgi-2.2.21-0.2-mdv2011.0.x86_64.rpm 317f850263dc7a177c7aeca49ff73c0f 2011/x86_64/apache-mod_reqtimeout-2.2.21-0.2-mdv2011.0.x86_64.rpm d13268e72655c84407bc4f84b7dfbc63 2011/x86_64/apache-mod_ssl-2.2.21-0.2-mdv2011.0.x86_64.rpm aba1a4f6b8a2e165d88dea70da96aa38 2011/x86_64/apache-modules-2.2.21-0.2-mdv2011.0.x86_64.rpm afa4e495f86f5c61994947211833eb87 2011/x86_64/apache-mod_userdir-2.2.21-0.2-mdv2011.0.x86_64.rpm c30be0170ee148a2b26bf90d56321b9c 2011/x86_64/apache-mpm-event-2.2.21-0.2-mdv2011.0.x86_64.rpm fe799582be71a26191caff516250d9bb 2011/x86_64/apache-mpm-itk-2.2.21-0.2-mdv2011.0.x86_64.rpm 901ef8c7c3e97d00d08528bf9e4711b1 2011/x86_64/apache-mpm-peruser-2.2.21-0.2-mdv2011.0.x86_64.rpm d6309de31d78ced4ddfb4cd339bda2a1 2011/x86_64/apache-mpm-prefork-2.2.21-0.2-mdv2011.0.x86_64.rpm 6e5481db63f7ee78b37bf4341f30f1e0 2011/x86_64/apache-mpm-worker-2.2.21-0.2-mdv2011.0.x86_64.rpm 976de27a1426d6d4d0eeaf3a35b44564 2011/x86_64/apache-source-2.2.21-0.2-mdv2011.0.x86_64.rpm 0208ab576bca6346db61084a4247c585 2011/SRPMS/apache-2.2.21-0.2.src.rpm Mandriva Enterprise Server 5: 362272e9ac2693eec7b635adc0d21703 mes5/i586/apache-base-2.2.9-12.13mdvmes5.2.i586.rpm d96a49a2c5e91ded681961ff6cc952a4 mes5/i586/apache-devel-2.2.9-12.13mdvmes5.2.i586.rpm 49603b007ba8170dc03d2c126c84e50d mes5/i586/apache-htcacheclean-2.2.9-12.13mdvmes5.2.i586.rpm 3380d84b972a6a463b045737ff613b49 mes5/i586/apache-mod_authn_dbd-2.2.9-12.13mdvmes5.2.i586.rpm de7fa15db92d1d30e2da0445c1809813 mes5/i586/apache-mod_cache-2.2.9-12.13mdvmes5.2.i586.rpm a8010890a6a571f95020275b6f142bca mes5/i586/apache-mod_dav-2.2.9-12.13mdvmes5.2.i586.rpm b06ae064db3f74b0f784bf2901f72c2f mes5/i586/apache-mod_dbd-2.2.9-12.13mdvmes5.2.i586.rpm 7dacb5f1cc7ba1cf990905290fdae463 mes5/i586/apache-mod_deflate-2.2.9-12.13mdvmes5.2.i586.rpm 1c8585291e70c6a3d3809bad1f79e683 mes5/i586/apache-mod_disk_cache-2.2.9-12.13mdvmes5.2.i586.rpm 3c1a95ac86df5dd6a3c1cb7b4daba63e mes5/i586/apache-mod_file_cache-2.2.9-12.13mdvmes5.2.i586.rpm 0b6c33e07fe7f4c448dba48b5750f668 mes5/i586/apache-mod_ldap-2.2.9-12.13mdvmes5.2.i586.rpm 0a5ac07dddf6dfb4f81260180f5400c7 mes5/i586/apache-mod_mem_cache-2.2.9-12.13mdvmes5.2.i586.rpm 2e88a664547e82bf0a09e7a59df3cfb1 mes5/i586/apache-mod_proxy-2.2.9-12.13mdvmes5.2.i586.rpm 02f77738b01c4fac6cbfd174aaf1f3dd mes5/i586/apache-mod_proxy_ajp-2.2.9-12.13mdvmes5.2.i586.rpm 9ccb5fbad8be4a8b854202f61bbff404 mes5/i586/apache-mod_ssl-2.2.9-12.13mdvmes5.2.i586.rpm 90b0eaa590c9ef3384d9d510b02acb0a mes5/i586/apache-modules-2.2.9-12.13mdvmes5.2.i586.rpm 139ec8c7604ff186d9a5f7211cf153e2 mes5/i586/apache-mod_userdir-2.2.9-12.13mdvmes5.2.i586.rpm 427d203744147b131faacaeda85d0c33 mes5/i586/apache-mpm-event-2.2.9-12.13mdvmes5.2.i586.rpm f05074badc58876520876f4c5030f65e mes5/i586/apache-mpm-itk-2.2.9-12.13mdvmes5.2.i586.rpm 218eb230875cef887a298886add841c5 mes5/i586/apache-mpm-peruser-2.2.9-12.13mdvmes5.2.i586.rpm b18ac1117a837c0a01b0214d34914d33 mes5/i586/apache-mpm-prefork-2.2.9-12.13mdvmes5.2.i586.rpm a61b60d3ed2d40ca20154a7720d5d700 mes5/i586/apache-mpm-worker-2.2.9-12.13mdvmes5.2.i586.rpm ba799d2f8a25748d0222ca5c22b8d77b mes5/i586/apache-source-2.2.9-12.13mdvmes5.2.i586.rpm 805742aa36cff750b99f31e180fd867d mes5/SRPMS/apache-2.2.9-12.13mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: fc201c9261c712da3f289e9b4027a5fc mes5/x86_64/apache-base-2.2.9-12.13mdvmes5.2.x86_64.rpm 5525b60c6cfba84feed38edf06e2e246 mes5/x86_64/apache-devel-2.2.9-12.13mdvmes5.2.x86_64.rpm 216f7afebeabd44b1fe3177b909bb169 mes5/x86_64/apache-htcacheclean-2.2.9-12.13mdvmes5.2.x86_64.rpm 6e113f9a73cfef3c205e15b7ab5d9c09 mes5/x86_64/apache-mod_authn_dbd-2.2.9-12.13mdvmes5.2.x86_64.rpm 6811ceefa8472b1af410f79262ec4fb6 mes5/x86_64/apache-mod_cache-2.2.9-12.13mdvmes5.2.x86_64.rpm ff747be8f132abad9629bda68dffba20 mes5/x86_64/apache-mod_dav-2.2.9-12.13mdvmes5.2.x86_64.rpm d36b00c90f690ca783ed1af88bfd07e2 mes5/x86_64/apache-mod_dbd-2.2.9-12.13mdvmes5.2.x86_64.rpm 121ed1fef89fafed42538714a0c91742 mes5/x86_64/apache-mod_deflate-2.2.9-12.13mdvmes5.2.x86_64.rpm 680c3c57565fa6937f1bd436461cf013 mes5/x86_64/apache-mod_disk_cache-2.2.9-12.13mdvmes5.2.x86_64.rpm b2c008438014163937dc4a4951d6f145 mes5/x86_64/apache-mod_file_cache-2.2.9-12.13mdvmes5.2.x86_64.rpm 149fd8345aec9b63304643717c4e3aa0 mes5/x86_64/apache-mod_ldap-2.2.9-12.13mdvmes5.2.x86_64.rpm e549c5dd75bee4df39e9c947e0724b71 mes5/x86_64/apache-mod_mem_cache-2.2.9-12.13mdvmes5.2.x86_64.rpm 784137d1caaaa974db42e54e0cbbc621 mes5/x86_64/apache-mod_proxy-2.2.9-12.13mdvmes5.2.x86_64.rpm c6dea61e1b6f8a2373741af10a9bf72a mes5/x86_64/apache-mod_proxy_ajp-2.2.9-12.13mdvmes5.2.x86_64.rpm 92e34c8dbeac34258a527dead2c362e9 mes5/x86_64/apache-mod_ssl-2.2.9-12.13mdvmes5.2.x86_64.rpm c4780606189970462d0e7063fcc356ae mes5/x86_64/apache-modules-2.2.9-12.13mdvmes5.2.x86_64.rpm 78bad1842ce68bf2a0c1fcf75a6805a2 mes5/x86_64/apache-mod_userdir-2.2.9-12.13mdvmes5.2.x86_64.rpm 29db775ba6d750c955f70ea7d8e21bed mes5/x86_64/apache-mpm-event-2.2.9-12.13mdvmes5.2.x86_64.rpm 34ba6c4d7e9f0a31cc010df6d97882c3 mes5/x86_64/apache-mpm-itk-2.2.9-12.13mdvmes5.2.x86_64.rpm b4b3ac445b8cb6bb3aaed1cad0756efc mes5/x86_64/apache-mpm-peruser-2.2.9-12.13mdvmes5.2.x86_64.rpm fc138aec05894dc918ac1a2cd93731d2 mes5/x86_64/apache-mpm-prefork-2.2.9-12.13mdvmes5.2.x86_64.rpm 5a1dcd551d4f49a39c76a1b1de709bd5 mes5/x86_64/apache-mpm-worker-2.2.9-12.13mdvmes5.2.x86_64.rpm c1908c1a28f94c61d3aced3485b64f73 mes5/x86_64/apache-source-2.2.9-12.13mdvmes5.2.x86_64.rpm 805742aa36cff750b99f31e180fd867d mes5/SRPMS/apache-2.2.9-12.13mdvmes5.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. The three CVE ids denote slightly different variants of the same issue. Note that, even with this issue fixed, it is the responsibility of the administrator to ensure that the regular expression replacement pattern for the target URI does not allow a client to append arbitrary strings to the host or port parts of the target URI. This is a violation of the privilege separation between the apache2 processes and could potentially be used to worsen the impact of other vulnerabilities. CVE-2012-0053: The response message for error code 400 (bad request) could be used to expose "httpOnly" cookies. This could allow a remote attacker using cross site scripting to steal authentication cookies. For the oldstable distribution (lenny), these problems have been fixed in version apache2 2.2.9-10+lenny12. For the stable distribution (squeeze), these problems have been fixed in version apache2 2.2.16-6+squeeze6 For the testing distribution (wheezy), these problems will be fixed in version 2.2.22-1. For the unstable distribution (sid), these problems have been fixed in version 2.2.22-1. We recommend that you upgrade your apache2 packages. This update also contains updated apache2-mpm-itk packages which have been recompiled against the updated apache2 packages. The new version number for the oldstable distribution is 2.2.6-02-1+lenny7. In the stable distribution, apache2-mpm-itk has the same version number as apache2. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker might obtain sensitive information, gain privileges, send requests to unintended servers behind proxies, bypass certain security restrictions, obtain the values of HTTPOnly cookies, or cause a Denial of Service in various ways. Workaround ========== There is no known workaround at this time. Resolution ========== All Apache HTTP Server users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.2.22-r1" References ========== [ 1 ] CVE-2010-0408 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0408 [ 2 ] CVE-2010-0434 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0434 [ 3 ] CVE-2010-1452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1452 [ 4 ] CVE-2010-2791 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2791 [ 5 ] CVE-2011-3192 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3192 [ 6 ] CVE-2011-3348 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3348 [ 7 ] CVE-2011-3368 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3368 [ 8 ] CVE-2011-3607 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3607 [ 9 ] CVE-2011-4317 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4317 [ 10 ] CVE-2012-0021 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0021 [ 11 ] CVE-2012-0031 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0031 [ 12 ] CVE-2012-0053 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0053 [ 13 ] CVE-2012-0883 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0883 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201206-25.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-1259-1 November 11, 2011 apache2, apache2-mpm-itk vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS Summary: Multiple vulnerabilities and a regression were fixed in the Apache HTTP server. (CVE-2011-3348) Samuel Montosa discovered that the ITK Multi-Processing Module for Apache did not properly handle certain configuration sections that specify NiceValue but not AssignUserID, preventing Apache from dropping privileges correctly. This issue only affected Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1176) USN 1199-1 fixed a vulnerability in the byterange filter of Apache. The upstream patch introduced a regression in Apache when handling specific byte range requests. Original advisory details: A flaw was discovered in the byterange filter in Apache. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: apache2.2-bin 2.2.20-1ubuntu1.1 Ubuntu 11.04: apache2-mpm-itk 2.2.17-1ubuntu1.4 apache2.2-bin 2.2.17-1ubuntu1.4 Ubuntu 10.10: apache2-mpm-itk 2.2.16-1ubuntu3.4 apache2.2-bin 2.2.16-1ubuntu3.4 Ubuntu 10.04 LTS: apache2-mpm-itk 2.2.14-5ubuntu8.7 apache2.2-bin 2.2.14-5ubuntu8.7 Ubuntu 8.04 LTS: apache2.2-common 2.2.8-1ubuntu0.22 In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: httpd security and bug fix update Advisory ID: RHSA-2012:0543-01 Product: JBoss Enterprise Web Server Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0543.html Issue date: 2012-05-07 CVE Names: CVE-2011-3348 CVE-2011-3368 CVE-2011-3607 CVE-2012-0021 CVE-2012-0031 CVE-2012-0053 ===================================================================== 1. Summary: An update for the Apache HTTP Server component for JBoss Enterprise Web Server 1.0.2 that fixes multiple security issues and one bug is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker. (CVE-2011-3368) It was discovered that mod_proxy_ajp incorrectly returned an "Internal Server Error" response when processing certain malformed HTTP requests, which caused the back-end server to be marked as failed in configurations where mod_proxy was used in load balancer mode. A remote attacker could cause mod_proxy to not send requests to back-end AJP (Apache JServ Protocol) servers for the retry timeout period or until all back-end servers were marked as failed. (CVE-2011-3348) The httpd server included the full HTTP header line in the default error page generated when receiving an excessively long or malformed header. Malicious JavaScript running in the server's domain context could use this flaw to gain access to httpOnly cookies. (CVE-2012-0053) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way httpd performed substitutions in regular expressions. An attacker able to set certain httpd settings, such as a user permitted to override the httpd configuration for a specific directory using a ".htaccess" file, could use this flaw to crash the httpd child process or, possibly, execute arbitrary code with the privileges of the "apache" user. (CVE-2011-3607) A NULL pointer dereference flaw was found in the httpd mod_log_config module. In configurations where cookie logging is enabled, a remote attacker could use this flaw to crash the httpd child process via an HTTP request with a malformed Cookie header. (CVE-2012-0021) A flaw was found in the way httpd handled child process status information. A malicious program running with httpd child process privileges (such as a PHP or CGI script) could use this flaw to cause the parent httpd process to crash during httpd service shutdown. (CVE-2012-0031) Red Hat would like to thank Context Information Security for reporting the CVE-2011-3368 issue. This update also fixes the following bug: * The fix for CVE-2011-3192 provided by the RHSA-2011:1330 update introduced a regression in the way httpd handled certain Range HTTP header values. This update corrects this regression. (BZ#749071) All users of JBoss Enterprise Web Server 1.0.2 as provided from the Red Hat Customer Portal are advised to apply this update. 3. Solution: The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing JBoss Enterprise Web Server installation (including all applications and configuration files). 4. Bugs fixed (http://bugzilla.redhat.com/): 736690 - CVE-2011-3348 httpd: mod_proxy_ajp remote temporary DoS 740045 - CVE-2011-3368 httpd: reverse web proxy vulnerability 769844 - CVE-2011-3607 httpd: ap_pregsub Integer overflow to buffer overflow 773744 - CVE-2012-0031 httpd: possible crash on shutdown due to flaw in scoreboard handling 785065 - CVE-2012-0021 httpd: NULL pointer dereference crash in mod_log_config 785069 - CVE-2012-0053 httpd: cookie exposure due to error responses 5. References: https://www.redhat.com/security/data/cve/CVE-2011-3348.html https://www.redhat.com/security/data/cve/CVE-2011-3368.html https://www.redhat.com/security/data/cve/CVE-2011-3607.html https://www.redhat.com/security/data/cve/CVE-2012-0021.html https://www.redhat.com/security/data/cve/CVE-2012-0031.html https://www.redhat.com/security/data/cve/CVE-2012-0053.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=webserver&downloadType=securityPatches&version=1.0.2 https://rhn.redhat.com/errata/RHSA-2011-1330.html 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPqBfUXlSAg2UNWIIRAgp2AJ432q0jjbDmtWUkzP2pTCOTuyM5ywCcDYDy 4xGCmUQd1BJTxhSroB4/okA= =45KX -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03231301 Version: 1 HPSBMU02748 SSRT100772 rev.1 - HP OpenView Network Node Manager (OV NNM) Running Apache HTTP Server, Remote Unauthorized Disclosure of Information, Unauthorized Modification, Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2012-03-27 Last Updated: 2012-03-27 Potential Security Impact: Remote unauthorized disclosure of information, unauthorized modification, Denial of Service (DoS) Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM) running Apache HTTP Server. The vulnerabilities could be exploited remotely resulting in unauthorized disclosure of information, unauthorized modification, or Denial of Service (DoS). References: CVE-2012-0053, CVE-2012-0031, CVE-2012-0021, CVE-2011-4317, CVE-2011-3607, CVE-2011-3368 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP OpenView Network Node Manager (OV NNM) v7.53 running on HP-UX, Linux, and Solaris. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2012-0053 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2012-0031 (AV:L/AC:L/Au:N/C:P/I:P/A:P) 4.6 CVE-2012-0021 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6 CVE-2011-4317 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2011-3607 (AV:L/AC:M/Au:N/C:P/I:P/A:P) 4.4 CVE-2011-3368 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided a hotfix to resolve the vulnerabilities. The SSRT100772 hotfix is available by contacting the normal HP Services support channel. MANUAL ACTIONS: Yes - NonUpdate Install the hotfix for SSRT100772. PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS (for HP-UX) For HP-UX OV NNM 7.53 HP-UX B.11.31 HP-UX B.11.23 (IA) HP-UX B.11.23 (PA) HP-UX B.11.11 ============= OVNNMgr.OVNNM-RUN,fr=B.07.50.00 action: install the hotfix for SSRT100772 END AFFECTED VERSIONS (for HP-UX) HISTORY Version:1 (rev.1) - 27 March 2012 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+ patches/packages/apr-util-1.4.1-i486-1_slack13.37.txz: Upgraded. Version bump for httpd upgrade. patches/packages/httpd-2.2.22-i486-1_slack13.37.txz: Upgraded. *) SECURITY: CVE-2011-3368 (cve.mitre.org) Reject requests where the request-URI does not match the HTTP specification, preventing unexpected expansion of target URLs in some reverse proxy configurations. [Joe Orton] *) SECURITY: CVE-2011-3607 (cve.mitre.org) Fix integer overflow in ap_pregsub() which, when the mod_setenvif module is enabled, could allow local users to gain privileges via a .htaccess file. [Stefan Fritsch, Greg Ames] *) SECURITY: CVE-2011-4317 (cve.mitre.org) Resolve additional cases of URL rewriting with ProxyPassMatch or RewriteRule, where particular request-URIs could result in undesired backend network exposure in some configurations. [Joe Orton] *) SECURITY: CVE-2012-0021 (cve.mitre.org) mod_log_config: Fix segfault (crash) when the '%{cookiename}C' log format string is in use and a client sends a nameless, valueless cookie, causing a denial of service. The issue existed since version 2.2.17. PR 52256. [Eric Covener] For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3607 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0021 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0031 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0053 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. HP Secure Web Server (SWS) for OpenVMS V2.2 and earlier. When using the RewriteRule or ProxyPassMatch directives to configure a reverse proxy using a pattern match, it is possible to inadvertently expose internal servers to remote users who send carefully crafted requests. The server did not validate that the input to the pattern match was a valid path string, so a pattern could expand to an unintended target URL. The documentation has been updated to reflect the more general risks with pattern matching in a reverse proxy configuration. Details: ======== A configuration like one of the following examples: RewriteRule (.*)\.(jpg|gif|png) http://images.example.com$1.$2 [P] ProxyPassMatch (.*)\.(jpg|gif|png) http://images.example.com$1.$2 could result in an exposure of internal servers. A request of the form: GET @other.example.com/something.png HTTP/1.1 would get translated to a target of: http://images.example.com@other.example.com/something.png This will cause the proxy to connect to the hostname "other.example.com", as the "images.example.com@" segment would be treated as user credentials when parsing the URL. This would allow a remote attacker the ability to proxy to hosts other than those expected, which could be a security exposure in some circumstances. The request-URI string in this example, "@other.example.com/something.png", is not valid according to the HTTP specification, since it neither an absolute URI ("http://example.com/path") nor an absolute path ("/path"). For future releases, the server has been patched to reject such requests, instead returning a "400 Bad Request" error. Actions: ======== Apache HTTPD users should examine their configuration files to determine if they have used an insecure configuration for reverse proxying. Affected users can update their configuration, or apply the patch from: http://www.apache.org/dist/httpd/patches/apply_to_2.2.21/ For example, the above RewriteRule could be changed to: RewriteRule /(.*)\.(jpg|gif|png) http://images.example.com/$1.$2 [P] to ensure the pattern only matches against paths with a leading "/". Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

AFFECTED PRODUCTS