ID

VAR-201111-0190

CVE

CVE-2011-3607

TITLE

Apache HTTP Server Integer overflow vulnerability

DESCRIPTION

Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow. Apache HTTP Server is prone to a local privilege-escalation vulnerability because of an integer-overflow error. Local attackers can exploit this issue to run arbitrary code with elevated privileges (with the privileges of the Apache webserver process). Failed exploit attempts may crash the affected application, denying service to legitimate users. Note: To trigger this issue, 'mod_setenvif' must be enabled and the attacker should be able to place a malicious '.htaccess' file on the affected webserver. The could allow the attacker to access internal servers that are not otherwise accessible from the outside. The three CVE ids denote slightly different variants of the same issue. Note that, even with this issue fixed, it is the responsibility of the administrator to ensure that the regular expression replacement pattern for the target URI does not allow a client to append arbitrary strings to the host or port parts of the target URI. This is a violation of the privilege separation between the apache2 processes and could potentially be used to worsen the impact of other vulnerabilities. CVE-2012-0053: The response message for error code 400 (bad request) could be used to expose "httpOnly" cookies. This could allow a remote attacker using cross site scripting to steal authentication cookies. For the oldstable distribution (lenny), these problems have been fixed in version apache2 2.2.9-10+lenny12. For the stable distribution (squeeze), these problems have been fixed in version apache2 2.2.16-6+squeeze6 For the testing distribution (wheezy), these problems will be fixed in version 2.2.22-1. For the unstable distribution (sid), these problems have been fixed in version 2.2.22-1. We recommend that you upgrade your apache2 packages. This update also contains updated apache2-mpm-itk packages which have been recompiled against the updated apache2 packages. The new version number for the oldstable distribution is 2.2.6-02-1+lenny7. In the stable distribution, apache2-mpm-itk has the same version number as apache2. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker might obtain sensitive information, gain privileges, send requests to unintended servers behind proxies, bypass certain security restrictions, obtain the values of HTTPOnly cookies, or cause a Denial of Service in various ways. A local attacker could gain escalated privileges. Workaround ========== There is no known workaround at this time. Resolution ========== All Apache HTTP Server users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.2.22-r1" References ========== [ 1 ] CVE-2010-0408 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0408 [ 2 ] CVE-2010-0434 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0434 [ 3 ] CVE-2010-1452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1452 [ 4 ] CVE-2010-2791 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2791 [ 5 ] CVE-2011-3192 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3192 [ 6 ] CVE-2011-3348 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3348 [ 7 ] CVE-2011-3368 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3368 [ 8 ] CVE-2011-3607 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3607 [ 9 ] CVE-2011-4317 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4317 [ 10 ] CVE-2012-0021 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0021 [ 11 ] CVE-2012-0031 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0031 [ 12 ] CVE-2012-0053 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0053 [ 13 ] CVE-2012-0883 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0883 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201206-25.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . HP System Management Homepage (SMH) before v7.1.1 running on Linux, Windows and VMware ESX. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: httpd security and bug fix update Advisory ID: RHSA-2012:0543-01 Product: JBoss Enterprise Web Server Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0543.html Issue date: 2012-05-07 CVE Names: CVE-2011-3348 CVE-2011-3368 CVE-2011-3607 CVE-2012-0021 CVE-2012-0031 CVE-2012-0053 ===================================================================== 1. Summary: An update for the Apache HTTP Server component for JBoss Enterprise Web Server 1.0.2 that fixes multiple security issues and one bug is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker. (CVE-2011-3368) It was discovered that mod_proxy_ajp incorrectly returned an "Internal Server Error" response when processing certain malformed HTTP requests, which caused the back-end server to be marked as failed in configurations where mod_proxy was used in load balancer mode. A remote attacker could cause mod_proxy to not send requests to back-end AJP (Apache JServ Protocol) servers for the retry timeout period or until all back-end servers were marked as failed. (CVE-2011-3348) The httpd server included the full HTTP header line in the default error page generated when receiving an excessively long or malformed header. Malicious JavaScript running in the server's domain context could use this flaw to gain access to httpOnly cookies. (CVE-2012-0053) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way httpd performed substitutions in regular expressions. An attacker able to set certain httpd settings, such as a user permitted to override the httpd configuration for a specific directory using a ".htaccess" file, could use this flaw to crash the httpd child process or, possibly, execute arbitrary code with the privileges of the "apache" user. (CVE-2011-3607) A NULL pointer dereference flaw was found in the httpd mod_log_config module. In configurations where cookie logging is enabled, a remote attacker could use this flaw to crash the httpd child process via an HTTP request with a malformed Cookie header. (CVE-2012-0021) A flaw was found in the way httpd handled child process status information. A malicious program running with httpd child process privileges (such as a PHP or CGI script) could use this flaw to cause the parent httpd process to crash during httpd service shutdown. (CVE-2012-0031) Red Hat would like to thank Context Information Security for reporting the CVE-2011-3368 issue. This update also fixes the following bug: * The fix for CVE-2011-3192 provided by the RHSA-2011:1330 update introduced a regression in the way httpd handled certain Range HTTP header values. This update corrects this regression. (BZ#749071) All users of JBoss Enterprise Web Server 1.0.2 as provided from the Red Hat Customer Portal are advised to apply this update. 3. Solution: The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing JBoss Enterprise Web Server installation (including all applications and configuration files). 4. Bugs fixed (http://bugzilla.redhat.com/): 736690 - CVE-2011-3348 httpd: mod_proxy_ajp remote temporary DoS 740045 - CVE-2011-3368 httpd: reverse web proxy vulnerability 769844 - CVE-2011-3607 httpd: ap_pregsub Integer overflow to buffer overflow 773744 - CVE-2012-0031 httpd: possible crash on shutdown due to flaw in scoreboard handling 785065 - CVE-2012-0021 httpd: NULL pointer dereference crash in mod_log_config 785069 - CVE-2012-0053 httpd: cookie exposure due to error responses 5. References: https://www.redhat.com/security/data/cve/CVE-2011-3348.html https://www.redhat.com/security/data/cve/CVE-2011-3368.html https://www.redhat.com/security/data/cve/CVE-2011-3607.html https://www.redhat.com/security/data/cve/CVE-2012-0021.html https://www.redhat.com/security/data/cve/CVE-2012-0031.html https://www.redhat.com/security/data/cve/CVE-2012-0053.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=webserver&downloadType=securityPatches&version=1.0.2 https://rhn.redhat.com/errata/RHSA-2011-1330.html 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPqBfUXlSAg2UNWIIRAgp2AJ432q0jjbDmtWUkzP2pTCOTuyM5ywCcDYDy 4xGCmUQd1BJTxhSroB4/okA= =45KX -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+ patches/packages/apr-util-1.4.1-i486-1_slack13.37.txz: Upgraded. Version bump for httpd upgrade. patches/packages/httpd-2.2.22-i486-1_slack13.37.txz: Upgraded. *) SECURITY: CVE-2011-3368 (cve.mitre.org) Reject requests where the request-URI does not match the HTTP specification, preventing unexpected expansion of target URLs in some reverse proxy configurations. [Stefan Fritsch, Greg Ames] *) SECURITY: CVE-2011-4317 (cve.mitre.org) Resolve additional cases of URL rewriting with ProxyPassMatch or RewriteRule, where particular request-URIs could result in undesired backend network exposure in some configurations. [Joe Orton] *) SECURITY: CVE-2012-0021 (cve.mitre.org) mod_log_config: Fix segfault (crash) when the '%{cookiename}C' log format string is in use and a client sends a nameless, valueless cookie, causing a denial of service. The issue existed since version 2.2.17. PR 52256. [Eric Covener] For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3607 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0021 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0031 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0053 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03517954 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03517954 Version: 1 HPSBOV02822 SSRT100966 rev.1 - HP Secure Web Server (SWS) for OpenVMS, Remote Denial of Service (DoS), Unauthorized Access, Disclosure of Information NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2012-10-08 Last Updated: 2012-10-08 Potential Security Impact: Remote Denial of Service (DoS), unauthorized access, disclosure of information Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential vulnerabilities have been identified with HP Secure Web Server (SWS) for OpenVMS. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, or unauthorized disclosure of information. References: CVE-2011-0419, CVE-2011-1928, CVE-2011-3192, CVE-2011-3368, CVE-2011-3607, CVE-2011-4317, CVE-2012-0031 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Secure Web Server (SWS) for OpenVMS V2.2 and earlier. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2011-0419 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-1928 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-3192 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2011-3368 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3607 (AV:L/AC:M/Au:N/C:P/I:P/A:P) 4.4 CVE-2011-4317 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2012-0031 (AV:L/AC:L/Au:N/C:P/I:P/A:P) 4.6 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has made the following software update available to resolve these vulnerabilities. HP Secure Web Server (SWS) for OpenVMS V2.2 Update 2 is available at http://h71000.www7.hp.com/openvms/products/ips/apache/csws_patches.html for the following platforms: Platform Kit Name OpenVMS Integrity servers HP-I64VMS-CSWS22_UPDATE-V0200--4.PCSI_SFX_I64EXE OpenVMS Alpha servers CPQ-AXPVMS-CSWS22_UPDATE-V0200--4.PCSI_SFX_AXPEXE HISTORY Version:1 (rev.1) - 8 October 2012 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an \@ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368 (CVE-2011-4317). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3607 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.1: 47721c86104358598ddc96c7e93cbdf8 2010.1/i586/apache-base-2.2.15-3.6mdv2010.2.i586.rpm c4029cf90932f6c6d864cc3d91750bca 2010.1/i586/apache-devel-2.2.15-3.6mdv2010.2.i586.rpm 1f9554a4bdb15089b2711b77fe927c61 2010.1/i586/apache-htcacheclean-2.2.15-3.6mdv2010.2.i586.rpm 8d1d86c9b9737d244fde84560718d8e4 2010.1/i586/apache-mod_authn_dbd-2.2.15-3.6mdv2010.2.i586.rpm d33b4789fd1effc6222440d4cd04dd9e 2010.1/i586/apache-mod_cache-2.2.15-3.6mdv2010.2.i586.rpm 634a44c3077bf6b56a19ba2ee367c7ec 2010.1/i586/apache-mod_dav-2.2.15-3.6mdv2010.2.i586.rpm e6d01a8e87b87234c6ac49aa9491aa6f 2010.1/i586/apache-mod_dbd-2.2.15-3.6mdv2010.2.i586.rpm 8a062c3d3255701c066879d4092f70be 2010.1/i586/apache-mod_deflate-2.2.15-3.6mdv2010.2.i586.rpm 9c8a07706f25f84c7fb1deadd948a754 2010.1/i586/apache-mod_disk_cache-2.2.15-3.6mdv2010.2.i586.rpm 8bc3e2eea57fb63efb5b184e11ca8f1b 2010.1/i586/apache-mod_file_cache-2.2.15-3.6mdv2010.2.i586.rpm 498bc63dfedfa9021a0dd91b6ffed359 2010.1/i586/apache-mod_ldap-2.2.15-3.6mdv2010.2.i586.rpm 586c31feb7fb7ca857ef7ee45bf9aebf 2010.1/i586/apache-mod_mem_cache-2.2.15-3.6mdv2010.2.i586.rpm 308a280dc26817b96a6845bc7578c3db 2010.1/i586/apache-mod_proxy-2.2.15-3.6mdv2010.2.i586.rpm 328ac2fe0f4e22d6fe07ae7f70a52fe2 2010.1/i586/apache-mod_proxy_ajp-2.2.15-3.6mdv2010.2.i586.rpm 930c0accae0dd1f5a575d3585c323ac9 2010.1/i586/apache-mod_proxy_scgi-2.2.15-3.6mdv2010.2.i586.rpm 2a5777c4e69db66cc2ae0415aaa0dc9f 2010.1/i586/apache-mod_reqtimeout-2.2.15-3.6mdv2010.2.i586.rpm 66b7801aa2e0c5dca2615ccdafed173e 2010.1/i586/apache-mod_ssl-2.2.15-3.6mdv2010.2.i586.rpm 8d9053f7c60598e3e9fd7a31c2ddaf87 2010.1/i586/apache-modules-2.2.15-3.6mdv2010.2.i586.rpm 8fad2bd2b81936e4d56feac1c7a4a241 2010.1/i586/apache-mod_userdir-2.2.15-3.6mdv2010.2.i586.rpm 12cf47a671ecc70457b74d77da1e976b 2010.1/i586/apache-mpm-event-2.2.15-3.6mdv2010.2.i586.rpm 97f21f06c7a6b92c4c31c97b0f3ab060 2010.1/i586/apache-mpm-itk-2.2.15-3.6mdv2010.2.i586.rpm 17a097d14ee2d2eb8d9f5d4f1b9c1843 2010.1/i586/apache-mpm-peruser-2.2.15-3.6mdv2010.2.i586.rpm 5b488c7767f3c922f36de062e230de3d 2010.1/i586/apache-mpm-prefork-2.2.15-3.6mdv2010.2.i586.rpm 1c8974dfcec0aa5b8d8260c258d6df49 2010.1/i586/apache-mpm-worker-2.2.15-3.6mdv2010.2.i586.rpm f8ed0cb6600be8c3ec1f2b802a7c0eed 2010.1/i586/apache-source-2.2.15-3.6mdv2010.2.i586.rpm 482f8796d668ae703faaf53d3f4c2c7f 2010.1/SRPMS/apache-2.2.15-3.6mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 04a6488038ca1a84d7e91ce51e4d677f 2010.1/x86_64/apache-base-2.2.15-3.6mdv2010.2.x86_64.rpm 2ba4bd05b46725f127e5b2033fd51667 2010.1/x86_64/apache-devel-2.2.15-3.6mdv2010.2.x86_64.rpm f351ed5721f1b05a6b7dc87ed7aa7a69 2010.1/x86_64/apache-htcacheclean-2.2.15-3.6mdv2010.2.x86_64.rpm 153c76dacd12ef6981827213ec0c8772 2010.1/x86_64/apache-mod_authn_dbd-2.2.15-3.6mdv2010.2.x86_64.rpm 7ed6d7c584fc0eb78303e39ed60b4a73 2010.1/x86_64/apache-mod_cache-2.2.15-3.6mdv2010.2.x86_64.rpm 5a3617389d5a007ecf3dfa4f5ab91b85 2010.1/x86_64/apache-mod_dav-2.2.15-3.6mdv2010.2.x86_64.rpm 93edc8b77815d7cba4373419cb8f5a59 2010.1/x86_64/apache-mod_dbd-2.2.15-3.6mdv2010.2.x86_64.rpm 6e5e5caf00902784efdf13c10939db9d 2010.1/x86_64/apache-mod_deflate-2.2.15-3.6mdv2010.2.x86_64.rpm 4a0347d7d0670c0538d2682dfe9e1e53 2010.1/x86_64/apache-mod_disk_cache-2.2.15-3.6mdv2010.2.x86_64.rpm 8bcc135e98c375d28c3afcd629535a4a 2010.1/x86_64/apache-mod_file_cache-2.2.15-3.6mdv2010.2.x86_64.rpm 214355942ac62028f2697d82906b3920 2010.1/x86_64/apache-mod_ldap-2.2.15-3.6mdv2010.2.x86_64.rpm d9701a16932c1d36f3551fd0ad99ac0f 2010.1/x86_64/apache-mod_mem_cache-2.2.15-3.6mdv2010.2.x86_64.rpm 0514e08540031d1a8fc22420440cf2eb 2010.1/x86_64/apache-mod_proxy-2.2.15-3.6mdv2010.2.x86_64.rpm 564d18314a970303342fa5ef1f5bcd23 2010.1/x86_64/apache-mod_proxy_ajp-2.2.15-3.6mdv2010.2.x86_64.rpm d77370118f402a18bd465508b9ae74c1 2010.1/x86_64/apache-mod_proxy_scgi-2.2.15-3.6mdv2010.2.x86_64.rpm fe3a57456ddb162f53ec86b64aa0f218 2010.1/x86_64/apache-mod_reqtimeout-2.2.15-3.6mdv2010.2.x86_64.rpm b880b8406d1a500a9f4503c06fcfe072 2010.1/x86_64/apache-mod_ssl-2.2.15-3.6mdv2010.2.x86_64.rpm 3392607a02a34b7a53207feb7ed73498 2010.1/x86_64/apache-modules-2.2.15-3.6mdv2010.2.x86_64.rpm f06a2e4cac81365e5c73e365b0f35abe 2010.1/x86_64/apache-mod_userdir-2.2.15-3.6mdv2010.2.x86_64.rpm 3d13698fac6a6dfdafa026b1152a5b1c 2010.1/x86_64/apache-mpm-event-2.2.15-3.6mdv2010.2.x86_64.rpm 16ba47b4fea6f39569be110bbcfaedb6 2010.1/x86_64/apache-mpm-itk-2.2.15-3.6mdv2010.2.x86_64.rpm f24cd380dad81a610d73419eaeb86e04 2010.1/x86_64/apache-mpm-peruser-2.2.15-3.6mdv2010.2.x86_64.rpm d170fad92e75077db15fd802be9deda2 2010.1/x86_64/apache-mpm-prefork-2.2.15-3.6mdv2010.2.x86_64.rpm d967b2e614babf85b3df09589e6978e2 2010.1/x86_64/apache-mpm-worker-2.2.15-3.6mdv2010.2.x86_64.rpm 2c7f977cb7a7494a3e7f020c591b5bea 2010.1/x86_64/apache-source-2.2.15-3.6mdv2010.2.x86_64.rpm 482f8796d668ae703faaf53d3f4c2c7f 2010.1/SRPMS/apache-2.2.15-3.6mdv2010.2.src.rpm Mandriva Linux 2011: 627e6ab0f50fa35c7a639626e23a38a3 2011/i586/apache-base-2.2.21-0.4-mdv2011.0.i586.rpm f834f9e39003d30ee6d2e2b7b3c6253c 2011/i586/apache-devel-2.2.21-0.4-mdv2011.0.i586.rpm e96cfc5498ea7afca1fe2b22168d3259 2011/i586/apache-htcacheclean-2.2.21-0.4-mdv2011.0.i586.rpm f6700e8a1bc0a6a34b18f5ed091231e3 2011/i586/apache-mod_authn_dbd-2.2.21-0.4-mdv2011.0.i586.rpm 8d37dfd4133c3078702921a517f726b7 2011/i586/apache-mod_cache-2.2.21-0.4-mdv2011.0.i586.rpm 49ce15b00c473c0ff39f54d5741e91a5 2011/i586/apache-mod_dav-2.2.21-0.4-mdv2011.0.i586.rpm 42cb7d2f579c14bfb8682a0b8174603f 2011/i586/apache-mod_dbd-2.2.21-0.4-mdv2011.0.i586.rpm 35fcf3b213505b161067e8ba65cbfe2a 2011/i586/apache-mod_deflate-2.2.21-0.4-mdv2011.0.i586.rpm 2d8ee244d999ddcf58afb5f92de698f4 2011/i586/apache-mod_disk_cache-2.2.21-0.4-mdv2011.0.i586.rpm b2e589ebe2292ea479929203fc3059f2 2011/i586/apache-mod_file_cache-2.2.21-0.4-mdv2011.0.i586.rpm a1506320b89211bd3bbb8f996593e094 2011/i586/apache-mod_ldap-2.2.21-0.4-mdv2011.0.i586.rpm 7ec9927d7efccf86308be53a56c8e1ec 2011/i586/apache-mod_mem_cache-2.2.21-0.4-mdv2011.0.i586.rpm 529d3fdcc50ec7f84e8fd4053d79e939 2011/i586/apache-mod_proxy-2.2.21-0.4-mdv2011.0.i586.rpm dff350fe73e8206df27faf0590062278 2011/i586/apache-mod_proxy_ajp-2.2.21-0.4-mdv2011.0.i586.rpm 91e931c21077f11a1af420edb86c14b4 2011/i586/apache-mod_proxy_scgi-2.2.21-0.4-mdv2011.0.i586.rpm c75091575000eee79711cbc988670d0d 2011/i586/apache-mod_reqtimeout-2.2.21-0.4-mdv2011.0.i586.rpm a3953933158f467b931f77939a8802f5 2011/i586/apache-mod_ssl-2.2.21-0.4-mdv2011.0.i586.rpm 3217a4a46e1b449cfef57e07a487127a 2011/i586/apache-modules-2.2.21-0.4-mdv2011.0.i586.rpm 996837cadafe02b3f3e451c30a81839d 2011/i586/apache-mod_userdir-2.2.21-0.4-mdv2011.0.i586.rpm 35b55759125bc4075676160ec82e6da4 2011/i586/apache-mpm-event-2.2.21-0.4-mdv2011.0.i586.rpm 7f73f3385505743b62016050e18e1d95 2011/i586/apache-mpm-itk-2.2.21-0.4-mdv2011.0.i586.rpm a87bd2119895110b0483548236319418 2011/i586/apache-mpm-peruser-2.2.21-0.4-mdv2011.0.i586.rpm da6507b8694c0d83c697e3438cc14f99 2011/i586/apache-mpm-prefork-2.2.21-0.4-mdv2011.0.i586.rpm 31e5c55aab89b2ac1b8e35d4694a6157 2011/i586/apache-mpm-worker-2.2.21-0.4-mdv2011.0.i586.rpm fc55eb6d0e4c1064b9712f8dfee0c9a2 2011/i586/apache-source-2.2.21-0.4-mdv2011.0.i586.rpm fabc4aa5d999deba6d27c9ada2094dd8 2011/SRPMS/apache-2.2.21-0.4.src.rpm Mandriva Linux 2011/X86_64: 256f14e15bc11b9f2e117237a0afcecd 2011/x86_64/apache-base-2.2.21-0.4-mdv2011.0.x86_64.rpm 1811331e8129fbb841591ead6d66fb3a 2011/x86_64/apache-devel-2.2.21-0.4-mdv2011.0.x86_64.rpm 2169f3ab56b419e32cdd0c6374280609 2011/x86_64/apache-htcacheclean-2.2.21-0.4-mdv2011.0.x86_64.rpm 3eb90fce534439380f8c200f212b80d1 2011/x86_64/apache-mod_authn_dbd-2.2.21-0.4-mdv2011.0.x86_64.rpm d7e9ccdb75d0f0cd938b11bf0b34ea75 2011/x86_64/apache-mod_cache-2.2.21-0.4-mdv2011.0.x86_64.rpm 22f9c708f1f1a7111306b96f2f7a2f16 2011/x86_64/apache-mod_dav-2.2.21-0.4-mdv2011.0.x86_64.rpm 9006ed39d4482543acbc0a306d1c98b9 2011/x86_64/apache-mod_dbd-2.2.21-0.4-mdv2011.0.x86_64.rpm ac342440d76088ce12784eaec8a04cfd 2011/x86_64/apache-mod_deflate-2.2.21-0.4-mdv2011.0.x86_64.rpm fe98d140fb40902b6e9e8d6209b7ee6e 2011/x86_64/apache-mod_disk_cache-2.2.21-0.4-mdv2011.0.x86_64.rpm 5fddef6bf9280f38f4758840c20500d0 2011/x86_64/apache-mod_file_cache-2.2.21-0.4-mdv2011.0.x86_64.rpm 3035cd294b73d3419a4a8bc911c95b59 2011/x86_64/apache-mod_ldap-2.2.21-0.4-mdv2011.0.x86_64.rpm e045b1f053add604a46b20c0f33654e4 2011/x86_64/apache-mod_mem_cache-2.2.21-0.4-mdv2011.0.x86_64.rpm ecdced72ed663ff13abc879888f2a369 2011/x86_64/apache-mod_proxy-2.2.21-0.4-mdv2011.0.x86_64.rpm 33dbc278cf903e327492485eb93421c0 2011/x86_64/apache-mod_proxy_ajp-2.2.21-0.4-mdv2011.0.x86_64.rpm 668df865cf090bc56386119ffbf69009 2011/x86_64/apache-mod_proxy_scgi-2.2.21-0.4-mdv2011.0.x86_64.rpm f4ffe3b3c6ea342b92f6ff616be3242f 2011/x86_64/apache-mod_reqtimeout-2.2.21-0.4-mdv2011.0.x86_64.rpm 2a459d496bcfda4a902bf5ba160005b0 2011/x86_64/apache-mod_ssl-2.2.21-0.4-mdv2011.0.x86_64.rpm ffefbf2ceabca42e49e3985bb985880f 2011/x86_64/apache-modules-2.2.21-0.4-mdv2011.0.x86_64.rpm d4bfe84a86bd688730666e116df26062 2011/x86_64/apache-mod_userdir-2.2.21-0.4-mdv2011.0.x86_64.rpm 417d6c12ec5d7580ae209a439307e0c1 2011/x86_64/apache-mpm-event-2.2.21-0.4-mdv2011.0.x86_64.rpm 3580eac20ad0954ec9c9e148070cde92 2011/x86_64/apache-mpm-itk-2.2.21-0.4-mdv2011.0.x86_64.rpm 34c074464e9776093c6fd8b0b00d277d 2011/x86_64/apache-mpm-peruser-2.2.21-0.4-mdv2011.0.x86_64.rpm 77fe238e2acd3e9f50a0c6b4e70dbd91 2011/x86_64/apache-mpm-prefork-2.2.21-0.4-mdv2011.0.x86_64.rpm 530632e85e3a1c56aeb5c22b59d51074 2011/x86_64/apache-mpm-worker-2.2.21-0.4-mdv2011.0.x86_64.rpm 54ae3219fe5921167de58e02d1709136 2011/x86_64/apache-source-2.2.21-0.4-mdv2011.0.x86_64.rpm fabc4aa5d999deba6d27c9ada2094dd8 2011/SRPMS/apache-2.2.21-0.4.src.rpm Mandriva Enterprise Server 5: 694c14ac1aa725219116cf0821bccd4d mes5/i586/apache-base-2.2.9-12.15mdvmes5.2.i586.rpm b78fcfdd2dcba4e1bbb2445850d309a6 mes5/i586/apache-devel-2.2.9-12.15mdvmes5.2.i586.rpm d0df79579e11145dc6222c7be498a08b mes5/i586/apache-htcacheclean-2.2.9-12.15mdvmes5.2.i586.rpm 41bc754f609edd0585e87bfeae433ad0 mes5/i586/apache-mod_authn_dbd-2.2.9-12.15mdvmes5.2.i586.rpm 4ed0091207ac154c47948b14937d8419 mes5/i586/apache-mod_cache-2.2.9-12.15mdvmes5.2.i586.rpm 98ec70cb55cc2d6cfe75e555827e09f6 mes5/i586/apache-mod_dav-2.2.9-12.15mdvmes5.2.i586.rpm 0b57ad40a88d289ff7e93dbee8f7029c mes5/i586/apache-mod_dbd-2.2.9-12.15mdvmes5.2.i586.rpm 60ffbd92bf1c64f9f5d9de84fc1ea3a9 mes5/i586/apache-mod_deflate-2.2.9-12.15mdvmes5.2.i586.rpm 96acedbceae6f50795f5f8eb83bf0894 mes5/i586/apache-mod_disk_cache-2.2.9-12.15mdvmes5.2.i586.rpm 2faa60da5066030c6e1739bcd2e0c186 mes5/i586/apache-mod_file_cache-2.2.9-12.15mdvmes5.2.i586.rpm d8dd234832a23fd7b8fe89b3ab2912ec mes5/i586/apache-mod_ldap-2.2.9-12.15mdvmes5.2.i586.rpm 192b0318fcc0149886d2bf65ca3eb7a0 mes5/i586/apache-mod_mem_cache-2.2.9-12.15mdvmes5.2.i586.rpm c5e14efbac8f535f9d47d71e15210ece mes5/i586/apache-mod_proxy-2.2.9-12.15mdvmes5.2.i586.rpm 86b9b67a3de9e2b3cb90369d74b259eb mes5/i586/apache-mod_proxy_ajp-2.2.9-12.15mdvmes5.2.i586.rpm 23771d89269201a8d41aad22ed7dd9fe mes5/i586/apache-mod_ssl-2.2.9-12.15mdvmes5.2.i586.rpm a9fe76cd2785c8baeb1a4cc24a9e9580 mes5/i586/apache-modules-2.2.9-12.15mdvmes5.2.i586.rpm b156b74e9d0b3f028ec422be7770c61b mes5/i586/apache-mod_userdir-2.2.9-12.15mdvmes5.2.i586.rpm ae57012ad1bfe385be299692f6b70cc1 mes5/i586/apache-mpm-event-2.2.9-12.15mdvmes5.2.i586.rpm 509a7cb7af1ac015b3b383058dc3d460 mes5/i586/apache-mpm-itk-2.2.9-12.15mdvmes5.2.i586.rpm 0f16651ec38ae7d878fe4a2368ee9d54 mes5/i586/apache-mpm-peruser-2.2.9-12.15mdvmes5.2.i586.rpm 7e1c86769e9c7869f0b8636f458ec627 mes5/i586/apache-mpm-prefork-2.2.9-12.15mdvmes5.2.i586.rpm 35ea9692f732f36905a86fb4dba9cdda mes5/i586/apache-mpm-worker-2.2.9-12.15mdvmes5.2.i586.rpm 1a8cac6533373a9fd3faa3b79599c088 mes5/i586/apache-source-2.2.9-12.15mdvmes5.2.i586.rpm d5b6cb92ebf473ba42a32b84fa40f40d mes5/SRPMS/apache-2.2.9-12.15mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 0ae1d7f13adab27acc8b786e95915c14 mes5/x86_64/apache-base-2.2.9-12.15mdvmes5.2.x86_64.rpm 1bd7812000e4f71ddd083300f004e8bd mes5/x86_64/apache-devel-2.2.9-12.15mdvmes5.2.x86_64.rpm 61b1c2004829c09e685e6fbd61ca2714 mes5/x86_64/apache-htcacheclean-2.2.9-12.15mdvmes5.2.x86_64.rpm 26d3fac76d72121901831d7cd38b3633 mes5/x86_64/apache-mod_authn_dbd-2.2.9-12.15mdvmes5.2.x86_64.rpm 4bfcbbc2d949b6c0ff387c1236a26a63 mes5/x86_64/apache-mod_cache-2.2.9-12.15mdvmes5.2.x86_64.rpm 5dfcd153e80849e6eaa29541c06938d9 mes5/x86_64/apache-mod_dav-2.2.9-12.15mdvmes5.2.x86_64.rpm 59ad16a7a1ce24740a10e24b93881225 mes5/x86_64/apache-mod_dbd-2.2.9-12.15mdvmes5.2.x86_64.rpm 7ca4dc330983a90cc76ef05025171c3e mes5/x86_64/apache-mod_deflate-2.2.9-12.15mdvmes5.2.x86_64.rpm 601d5df07381c6e7f4f4ec233d7b130f mes5/x86_64/apache-mod_disk_cache-2.2.9-12.15mdvmes5.2.x86_64.rpm 56a892846f01dc5f354091867b1c11b9 mes5/x86_64/apache-mod_file_cache-2.2.9-12.15mdvmes5.2.x86_64.rpm 3dc34aee1e773bcd1d8104d9102ad65c mes5/x86_64/apache-mod_ldap-2.2.9-12.15mdvmes5.2.x86_64.rpm 2e523ac976afa7e9fbb49851dd7cdbad mes5/x86_64/apache-mod_mem_cache-2.2.9-12.15mdvmes5.2.x86_64.rpm 2a0c71a369a519f2606266df778200cf mes5/x86_64/apache-mod_proxy-2.2.9-12.15mdvmes5.2.x86_64.rpm 8b5695a122649830105b88a62e45dede mes5/x86_64/apache-mod_proxy_ajp-2.2.9-12.15mdvmes5.2.x86_64.rpm c0ad053024a6bbcc1a618639694a4a0b mes5/x86_64/apache-mod_ssl-2.2.9-12.15mdvmes5.2.x86_64.rpm f0eb92fa6a5fd1b70d32965ac32033ff mes5/x86_64/apache-modules-2.2.9-12.15mdvmes5.2.x86_64.rpm 378560cb4256e15405e6786672586239 mes5/x86_64/apache-mod_userdir-2.2.9-12.15mdvmes5.2.x86_64.rpm c5f79fe55502f5fd2e6a80ef22d14cb5 mes5/x86_64/apache-mpm-event-2.2.9-12.15mdvmes5.2.x86_64.rpm 79c9df06193fec61ece2372929da3e72 mes5/x86_64/apache-mpm-itk-2.2.9-12.15mdvmes5.2.x86_64.rpm fad5cd549063827dc78c335162a8b5ab mes5/x86_64/apache-mpm-peruser-2.2.9-12.15mdvmes5.2.x86_64.rpm e691b3fdb827f1f03c92c3bc4265f6ee mes5/x86_64/apache-mpm-prefork-2.2.9-12.15mdvmes5.2.x86_64.rpm 8578c114dea4dd49232a82922d46fbbc mes5/x86_64/apache-mpm-worker-2.2.9-12.15mdvmes5.2.x86_64.rpm 4eba23905fbbd38d24a99f8567304372 mes5/x86_64/apache-source-2.2.9-12.15mdvmes5.2.x86_64.rpm d5b6cb92ebf473ba42a32b84fa40f40d mes5/SRPMS/apache-2.2.9-12.15mdvmes5.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

local

TYPE

Boundary Condition Error

CONFIGURATIONS

EXPLOIT AVAILABILITY

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

halfdog

SOURCES

LAST UPDATE DATE

2025-10-16T20:06:05.815000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE