RHSA-2001:126: Updated apache packages available
Description
Updated Apache packages are now available for Red Hat Linux 6.2, 7, 7.1, and 7.2. These packages upgrade the Apache Web server to version 1.3.22, which closes a potential security bug which would present clients with a listing of the contents of a directory instead of the contents of an index file, or in case of an error, the error message.
By using a carefully constructed HTTP request, a server with mod_negotiation and either mod_dir or mod_autoindex loaded could be tricked into displaying a listing of the contents of a directory, despite the presence of an index file. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2001-0730, and CAN-2001-0731 to these issues.
Solution(s)
- redhat-upgrade-apache
- redhat-upgrade-apache-devel
- redhat-upgrade-apache-manual
- redhat-upgrade-expat
- redhat-upgrade-expat-devel
- redhat-upgrade-mm
- redhat-upgrade-mm-devel
- redhat-upgrade-mod_bandwidth
- redhat-upgrade-mod_put
- redhat-upgrade-mod_ssl
- redhat-upgrade-mod_throttle
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center