Описание
ELSA-2017-1721: httpd security and bug fix update (MODERATE)
[2.2.15-60.0.1.4]
- replace index.html with Oracle's index page oracle_index.html
- update vstring in specfile
[2.2.15-60.4]
- Related: #1427675 - CVE-2016-8743 httpd: Apache HTTP Request Parsing Whitespace Defects
[2.2.15-60.3]
- Resolves: #1463205 - CVE-2017-7668 httpd: ap_find_token() buffer overread
[2.2.15-60.2]
- Resolves: #1463354 - segfault in ap_proxy_set_scoreboard_lb
[2.2.15-60.1]
- Resolves: #1427675 - CVE-2016-8743 httpd: Apache HTTP Request Parsing Whitespace Defects
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
httpd
2.2.15-60.0.1.el6_9.4
httpd-devel
2.2.15-60.0.1.el6_9.4
httpd-manual
2.2.15-60.0.1.el6_9.4
httpd-tools
2.2.15-60.0.1.el6_9.4
mod_ssl
2.2.15-60.0.1.el6_9.4
Oracle Linux i686
httpd
2.2.15-60.0.1.el6_9.4
httpd-devel
2.2.15-60.0.1.el6_9.4
httpd-manual
2.2.15-60.0.1.el6_9.4
httpd-tools
2.2.15-60.0.1.el6_9.4
mod_ssl
2.2.15-60.0.1.el6_9.4
Связанные CVE
Связанные уязвимости
Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution.
Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution.
Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution.
Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was li ...
Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution.