Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2010-0168

Опубликовано: 25 мар. 2010
Источник: oracle-oval
Платформа: Oracle Linux 5

Описание

ELSA-2010-0168: httpd security and enhancement update (MODERATE)

[2.2.3-31.0.1.el5_4.4]

  • Replace index.html with Oracle's index page oracle_index.html
  • Update vstring and distro in specfile

[2.2.3-31.4]

  • require and BR a version of OpenSSL with the secure reneg API (#567980)

[2.2.3-31.3]

  • mod_ssl: add SSLInsecureRenegotiation (#567980)
  • add security fixes for CVE-2010-0408, CVE-2010-0434 (#570440)

Обновленные пакеты

Oracle Linux 5

Oracle Linux ia64

httpd

2.2.3-31.0.1.el5_4.4

httpd-devel

2.2.3-31.0.1.el5_4.4

httpd-manual

2.2.3-31.0.1.el5_4.4

mod_ssl

2.2.3-31.0.1.el5_4.4

Oracle Linux x86_64

httpd

2.2.3-31.0.1.el5_4.4

httpd-devel

2.2.3-31.0.1.el5_4.4

httpd-manual

2.2.3-31.0.1.el5_4.4

mod_ssl

2.2.3-31.0.1.el5_4.4

Oracle Linux i386

httpd

2.2.3-31.0.1.el5_4.4

httpd-devel

2.2.3-31.0.1.el5_4.4

httpd-manual

2.2.3-31.0.1.el5_4.4

mod_ssl

2.2.3-31.0.1.el5_4.4

Связанные CVE

CVE-2010-0408
CVE-2010-0434

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2010-0434

ubuntu
больше 15 лет назад

The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.

redhat логотип

CVE-2010-0434

redhat
больше 15 лет назад

The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.

nvd логотип

CVE-2010-0434

nvd
больше 15 лет назад

The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.

debian логотип

CVE-2010-0434

debian
больше 15 лет назад

The ap_read_request function in server/protocol.c in the Apache HTTP S ...

ubuntu логотип

CVE-2010-0408

ubuntu
больше 15 лет назад

The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.