[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2009-1191: mod_proxy_ajp information disclosure vulnerability
From: Vincent Danen <vdanen () redhat ! com>
Date: 2009-04-23 17:11:22
Message-ID: 20090423171122.GF4522 () redhat ! com
[Download RAW message or body]
This is just a heads up about an information disclosure vulnerability in
mod_proxy_ajp, similar to the issue in mod_jk (CVE-2008-5519).
This only affects mod_proxy_ajp in httpd 2.2.11; prior versions do not
have this problem. The issue was caused by the following patch:
http://svn.apache.org/viewvc?view=rev&revision=711779
The patch that will be applied to httpd 2.2.12 is here:
http://www.apache.org/dist/httpd/patches/apply_to_2.2.11/PR46949.diff
More information can be found in our bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-1191
This would only affect earlier versions of Apache if you had backported
the problem patch to earlier versions.
--
Vincent Danen / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic