Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2010-0659

Опубликовано: 30 авг. 2010
Источник: oracle-oval
Платформа: Oracle Linux 5

Описание

ELSA-2010-0659: httpd security and bug fix update (MODERATE)

[2.2.3-43.0.1.el5_5.3 ]

  • replace index.html with Oracle's index page oracle_index.html
  • update vstring and distro in specfile

[2.2.3-43.3]

  • mod_ssl: improved fix for SSLRequire's OID() function (#625452)

[2.2.3-43.2]

  • add security fixes for CVE-2010-1452, CVE-2010-2791 (#623210)
  • mod_deflate: rebase to 2.2.15 (#625435)
  • stop multiple invocations of filter init functions (#625451)

Обновленные пакеты

Oracle Linux 5

Oracle Linux ia64

httpd

2.2.3-43.0.1.el5_5.3

httpd-devel

2.2.3-43.0.1.el5_5.3

httpd-manual

2.2.3-43.0.1.el5_5.3

mod_ssl

2.2.3-43.0.1.el5_5.3

Oracle Linux x86_64

httpd

2.2.3-43.0.1.el5_5.3

httpd-devel

2.2.3-43.0.1.el5_5.3

httpd-manual

2.2.3-43.0.1.el5_5.3

mod_ssl

2.2.3-43.0.1.el5_5.3

Oracle Linux i386

httpd

2.2.3-43.0.1.el5_5.3

httpd-devel

2.2.3-43.0.1.el5_5.3

httpd-manual

2.2.3-43.0.1.el5_5.3

mod_ssl

2.2.3-43.0.1.el5_5.3

Связанные CVE

CVE-2010-1452
CVE-2010-2791

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2010-2791

ubuntu
почти 15 лет назад

mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.

redhat логотип

CVE-2010-2791

redhat
почти 15 лет назад

mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.

nvd логотип

CVE-2010-2791

nvd
почти 15 лет назад

mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.

debian логотип

CVE-2010-2791

debian
почти 15 лет назад

mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, ...

ubuntu логотип

CVE-2010-1452

ubuntu
почти 15 лет назад

The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.