Rapid7 Vulnerability & Exploit Database

RHSA-2009:1058: httpd security update

Back to Search

RHSA-2009:1058: httpd security update

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
04/23/2009
Created
07/25/2018
Added
09/12/2009
Modified
07/04/2017

Description

Updated httpd packages that fix a security issue in mod_proxy_ajp are now available for JBoss Enterprise Web Server 1.0.0. This update has been rated as having important security impact by the Red Hat Security Response Team.

The Apache HTTP Server is a popular Web server. The Apache mod_proxy_ajp module provides Apache JServ Protocol (AJP) support to the Apache mod_proxy module. An information disclosure flaw was found in mod_proxy_ajp. In certain situations, if a user sent a carefully crafted HTTP request, the httpd server could return a response intended for another user. (CVE-2009-1191) Users are advised to upgrade to these updated packages, which resolve this issue. Users must restart httpd for this update to take effect.

Solution(s)

  • redhat-upgrade-httpd
  • redhat-upgrade-httpd-devel
  • redhat-upgrade-httpd-manual
  • redhat-upgrade-httpd22
  • redhat-upgrade-httpd22-apr
  • redhat-upgrade-httpd22-apr-devel
  • redhat-upgrade-httpd22-apr-util
  • redhat-upgrade-httpd22-apr-util-devel
  • redhat-upgrade-httpd22-devel
  • redhat-upgrade-mod_ssl
  • redhat-upgrade-mod_ssl22

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;