Hosting Provided By

rPSA-2007-0136-1 httpd mod_ssl

From: rPath Update Announcements <announce-noreply(at)rpath.com>
Date: Wed Jun 27 2007 - 17:32:41 EDT

rPath Security Advisory: 2007-0136-1
Published: 2007-06-27
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:

Remote Deterministic Denial of Service Updated Versions:

httpd=/conary.rpath.com@rpl:devel//1/2.0.59-0.7-1 mod_ssl=/conary.rpath.com@rpl:devel//1/2.0.59-0.7-1

References:

    
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752
    
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863
    
https://issues.rpath.com/browse/RPL-1500

Description:

Previous versions of the httpd package contain two vulnerabilities that affect only non-default configurations. One enables a cross-site-scripting (XSS) attack if ExtendedStatus is enabled and the server status page is publically accessible (not generally recommended), the other allows remote attackers to cause the httpd process to crash by sending a maliciously-crafted request if caching is enabled (CacheEnable).

Copyright 2007 rPath, Inc.
This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit-license.html Received on Thu Jun 28 11:36:30 2007

This message: [ Message body ]
Next message: Foresight Linux Essential Announcement Service: "FLEA-2007-0029-1: krb5 krb5-workstation"
Previous message: securityresearch(at)netvigilance.com: "eTicket version 1.5.5 XSS Attack Vulnerability"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Thu Jun 28 2007 - 11:40:04 EDT

Do you need help?