Lucene search

K
suseSuseOPENSUSE-SU-2011:1217-1
HistoryNov 04, 2011 - 9:08 a.m.

apache2: Fixed several security issues (important)

2011-11-0409:08:34
lists.opensuse.org
17

0.974 High

EPSS

Percentile

99.9%

This update fixes several security issues in the Apache
webserver.

The patch for the ByteRange remote denial of service attack
(CVE-2011-3192) was refined and the configuration options
used by upstream were added. Introduce new config option:
Allow MaxRanges Number of ranges requested, if exceeded,
the complete content is served. default: 200 0|unlimited:
unlimited none: Range headers are ignored. This option is a
backport from 2.2.21.

Also fixed: CVE-2011-3348: Denial of service in proxy_ajp
when using a undefined method.

CVE-2011-3368: Exposure of internal servers via reverse
proxy methods with mod_proxy enabled and incorrect Rewrite
or Proxy Rules.