(RHSA-2008:0967) Moderate: httpd security and bug fix update

2008-11-1100:00:00

access.redhat.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.055 Low

EPSS

Percentile

92.4%

JSON

The Apache HTTP Server is a popular Web server.

A flaw was found in the mod_proxy Apache module. An attacker in control of
a Web server to which requests were being proxied could have caused a
limited denial of service due to CPU consumption and stack exhaustion.
(CVE-2008-2364)

A flaw was found in the mod_proxy_ftp Apache module. If Apache was
configured to support FTP-over-HTTP proxying, a remote attacker could have
performed a cross-site scripting attack. (CVE-2008-2939)

In addition, these updated packages fix a bug found in the handling of the
“ProxyRemoteMatch” directive in the Red Hat Enterprise Linux 4 httpd
packages. This bug is not present in the Red Hat Enterprise Linux 3 or Red
Hat Enterprise Linux 5 packages.

Users of httpd should upgrade to these updated packages, which contain
backported patches to correct these issues.

OSVersionArchitecturePackageVersionFilename
RedHat5ia64mod_ssl< 2.2.3-11.el5_2.4mod_ssl-2.2.3-11.el5_2.4.ia64.rpm
RedHatanyia64httpd< 2.0.52-41.ent.2httpd-2.0.52-41.ent.2.ia64.rpm
RedHat5ia64httpd-manual< 2.2.3-11.el5_2.4httpd-manual-2.2.3-11.el5_2.4.ia64.rpm
RedHatanys390httpd-suexec< 2.0.52-41.ent.2httpd-suexec-2.0.52-41.ent.2.s390.rpm
RedHat5ppchttpd< 2.2.3-11.el5_2.4httpd-2.2.3-11.el5_2.4.ppc.rpm
RedHat5i386httpd< 2.2.3-11.el5_2.4httpd-2.2.3-11.el5_2.4.i386.rpm
RedHatanys390httpd-manual< 2.0.52-41.ent.2httpd-manual-2.0.52-41.ent.2.s390.rpm
RedHatanyx86_64httpd-suexec< 2.0.52-41.ent.2httpd-suexec-2.0.52-41.ent.2.x86_64.rpm
RedHatanyi386mod_ssl< 2.0.52-41.ent.2mod_ssl-2.0.52-41.ent.2.i386.rpm
RedHatanys390xhttpd-suexec< 2.0.52-41.ent.2httpd-suexec-2.0.52-41.ent.2.s390x.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	5	ia64	mod_ssl	< 2.2.3-11.el5_2.4	mod_ssl-2.2.3-11.el5_2.4.ia64.rpm
RedHat	any	ia64	httpd	< 2.0.52-41.ent.2	httpd-2.0.52-41.ent.2.ia64.rpm
RedHat	5	ia64	httpd-manual	< 2.2.3-11.el5_2.4	httpd-manual-2.2.3-11.el5_2.4.ia64.rpm
RedHat	any	s390	httpd-suexec	< 2.0.52-41.ent.2	httpd-suexec-2.0.52-41.ent.2.s390.rpm
RedHat	5	ppc	httpd	< 2.2.3-11.el5_2.4	httpd-2.2.3-11.el5_2.4.ppc.rpm
RedHat	5	i386	httpd	< 2.2.3-11.el5_2.4	httpd-2.2.3-11.el5_2.4.i386.rpm
RedHat	any	s390	httpd-manual	< 2.0.52-41.ent.2	httpd-manual-2.0.52-41.ent.2.s390.rpm
RedHat	any	x86_64	httpd-suexec	< 2.0.52-41.ent.2	httpd-suexec-2.0.52-41.ent.2.x86_64.rpm
RedHat	any	i386	mod_ssl	< 2.0.52-41.ent.2	mod_ssl-2.0.52-41.ent.2.i386.rpm
RedHat	any	s390x	httpd-suexec	< 2.0.52-41.ent.2	httpd-suexec-2.0.52-41.ent.2.s390x.rpm