5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.132 Low
EPSS
Percentile
95.0%
The Apache HTTP Server is a popular and freely-available Web server.
A flaw was found in the handling of compression structures between mod_ssl
and OpenSSL. If too many connections were opened in a short period of time,
all system memory and swap space would be consumed by httpd, negatively
impacting other processes, or causing a system crash. (CVE-2008-1678)
Note: The CVE-2008-1678 issue did not affect Red Hat Enterprise Linux 5
prior to 5.3. The problem was introduced via the RHBA-2009:0181 errata in
Red Hat Enterprise Linux 5.3, which upgraded OpenSSL to the newer 0.9.8e
version.
A flaw was found in the handling of the โOptionsโ and โAllowOverrideโ
directives. In configurations using the โAllowOverrideโ directive with
certain โOptions=โ arguments, local users were not restricted from
executing commands from a Server-Side-Include script as intended.
(CVE-2009-1195)
All httpd users should upgrade to these updated packages, which contain
backported patches to resolve these issues. Users must restart httpd for
this update to take effect.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 5 | i386 | httpd | <ย 2.2.3-22.el5_3.1 | httpd-2.2.3-22.el5_3.1.i386.rpm |
RedHat | 5 | ppc | httpd | <ย 2.2.3-22.el5_3.1 | httpd-2.2.3-22.el5_3.1.ppc.rpm |
RedHat | 5 | s390x | httpd-devel | <ย 2.2.3-22.el5_3.1 | httpd-devel-2.2.3-22.el5_3.1.s390x.rpm |
RedHat | 5 | ppc | httpd-manual | <ย 2.2.3-22.el5_3.1 | httpd-manual-2.2.3-22.el5_3.1.ppc.rpm |
RedHat | 5 | s390 | httpd-devel | <ย 2.2.3-22.el5_3.1 | httpd-devel-2.2.3-22.el5_3.1.s390.rpm |
RedHat | 5 | ia64 | httpd-manual | <ย 2.2.3-22.el5_3.1 | httpd-manual-2.2.3-22.el5_3.1.ia64.rpm |
RedHat | 5 | x86_64 | mod_ssl | <ย 2.2.3-22.el5_3.1 | mod_ssl-2.2.3-22.el5_3.1.x86_64.rpm |
RedHat | 5 | x86_64 | httpd-devel | <ย 2.2.3-22.el5_3.1 | httpd-devel-2.2.3-22.el5_3.1.x86_64.rpm |
RedHat | 5 | x86_64 | httpd | <ย 2.2.3-22.el5_3.1 | httpd-2.2.3-22.el5_3.1.x86_64.rpm |
RedHat | 5 | ppc64 | httpd-devel | <ย 2.2.3-22.el5_3.1 | httpd-devel-2.2.3-22.el5_3.1.ppc64.rpm |