Updated httpd packages that fix a security issue in mod_proxy_ajp are now available for JBoss Enterprise Web Server 1.0.0. This update has been rated as having important security impact by the Red Hat Security Response Team.
The Apache HTTP Server is a popular Web server. The Apache mod_proxy_ajp module provides Apache JServ Protocol (AJP) support to the Apache mod_proxy module. An information disclosure flaw was found in mod_proxy_ajp. In certain situations, if a user sent a carefully crafted HTTP request, the httpd server could return a response intended for another user. (CVE-2009-1191) Users are advised to upgrade to these updated packages, which resolve this issue. Users must restart httpd for this update to take effect.