Vulnerability & Exploit Database

Back to search

RHSA-2008:0967: httpd security and bug fix update

Severity CVSS Published Added Modified
5 (AV:N/AC:L/Au:N/C:N/I:N/A:P) June 12, 2008 February 21, 2009 July 03, 2017

Description

The Apache HTTP Server is a popular Web server.A flaw was found in the mod_proxy Apache module. An attacker in control ofa Web server to which requests were being proxied could have caused alimited denial of service due to CPU consumption and stack exhaustion.(CVE-2008-2364)A flaw was found in the mod_proxy_ftp Apache module. If Apache wasconfigured to support FTP-over-HTTP proxying, a remote attacker could haveperformed a cross-site scripting attack. (CVE-2008-2939)In addition, these updated packages fix a bug found in the handling of the"ProxyRemoteMatch" directive in the Red Hat Enterprise Linux 4 httpdpackages. This bug is not present in the Red Hat Enterprise Linux 3 or RedHat Enterprise Linux 5 packages.Users of httpd should upgrade to these updated packages, which containbackported patches to correct these issues.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now

References

Solution

redhat-upgrade-httpd

Related Vulnerabilities