ID

VAR-201111-0207

CVE

CVE-2011-4317

TITLE

Apache HTTP Server of mod_proxy Vulnerability in module sending requests to intranet server

DESCRIPTION

The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368. This vulnerability CVE-2011-3368 Vulnerability due to incomplete fix.By a third party @ ( At sign ) Including, and : ( colon ) Incorrectly positioned, malformed URI A request may be sent to an intranet server via. Apache HTTP Server is prone to a security-bypass vulnerability. Successful exploits will allow attackers to bypass certain security restrictions and obtain sensitive information about running web applications. CVE-2011-3368 CVE-2011-3639 CVE-2011-4317: The Apache HTTP Server did not properly validate the request URI for proxied requests. In certain reverse proxy configurations using the ProxyPassMatch directive or using the RewriteRule directive with the [P] flag, a remote attacker could make the proxy connect to an arbitrary server. The could allow the attacker to access internal servers that are not otherwise accessible from the outside. The three CVE ids denote slightly different variants of the same issue. Note that, even with this issue fixed, it is the responsibility of the administrator to ensure that the regular expression replacement pattern for the target URI does not allow a client to append arbitrary strings to the host or port parts of the target URI. For example, the configuration ProxyPassMatch ^/mail(.*) http://internal-host$1 is still insecure and should be replaced by one of the following configurations: ProxyPassMatch ^/mail(/.*) http://internal-host$1 ProxyPassMatch ^/mail/(.*) http://internal-host/$1 CVE-2012-0031: An apache2 child process could cause the parent process to crash during shutdown. This is a violation of the privilege separation between the apache2 processes and could potentially be used to worsen the impact of other vulnerabilities. CVE-2012-0053: The response message for error code 400 (bad request) could be used to expose "httpOnly" cookies. This could allow a remote attacker using cross site scripting to steal authentication cookies. For the oldstable distribution (lenny), these problems have been fixed in version apache2 2.2.9-10+lenny12. For the stable distribution (squeeze), these problems have been fixed in version apache2 2.2.16-6+squeeze6 For the testing distribution (wheezy), these problems will be fixed in version 2.2.22-1. For the unstable distribution (sid), these problems have been fixed in version 2.2.22-1. We recommend that you upgrade your apache2 packages. This update also contains updated apache2-mpm-itk packages which have been recompiled against the updated apache2 packages. The new version number for the oldstable distribution is 2.2.6-02-1+lenny7. In the stable distribution, apache2-mpm-itk has the same version number as apache2. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-servers/apache < 2.2.22-r1 >= 2.2.22-r1 Description =========== Multiple vulnerabilities have been discovered in Apache HTTP Server. Please review the CVE identifiers referenced below for details. A local attacker could gain escalated privileges. Workaround ========== There is no known workaround at this time. Resolution ========== All Apache HTTP Server users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.2.22-r1" References ========== [ 1 ] CVE-2010-0408 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0408 [ 2 ] CVE-2010-0434 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0434 [ 3 ] CVE-2010-1452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1452 [ 4 ] CVE-2010-2791 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2791 [ 5 ] CVE-2011-3192 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3192 [ 6 ] CVE-2011-3348 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3348 [ 7 ] CVE-2011-3368 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3368 [ 8 ] CVE-2011-3607 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3607 [ 9 ] CVE-2011-4317 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4317 [ 10 ] CVE-2012-0021 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0021 [ 11 ] CVE-2012-0031 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0031 [ 12 ] CVE-2012-0053 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0053 [ 13 ] CVE-2012-0883 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0883 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201206-25.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness SECUNIA ADVISORY ID: SA46987 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46987/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46987 RELEASE DATE: 2011-11-24 DISCUSS ADVISORY: http://secunia.com/advisories/46987/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46987/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46987 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Prutha Parikh has reported a weakness in Apache HTTP Server, which can be exploited by malicious people to bypass certain security restrictions. The weakness is caused due to the mod_proxy module, when configured in reverse proxy mode, incorrectly processing certain web requests. This can be exploited to send requests to an unintended server behind the proxy via a specially crafted URL. This is caused due to an incomplete fix for: SA46288 The weakness is reported in all 2.x versions. SOLUTION: Edit reverse proxy rules. PROVIDED AND/OR DISCOVERED BY: Prutha Parikh, Qualys. ORIGINAL ADVISORY: Apache: http://thread.gmane.org/gmane.comp.apache.devel/46440 Qualys: https://community.qualys.com/blogs/securitylabs/tags/cve-2011-4317 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03231301 Version: 1 HPSBMU02748 SSRT100772 rev.1 - HP OpenView Network Node Manager (OV NNM) Running Apache HTTP Server, Remote Unauthorized Disclosure of Information, Unauthorized Modification, Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2012-03-27 Last Updated: 2012-03-27 Potential Security Impact: Remote unauthorized disclosure of information, unauthorized modification, Denial of Service (DoS) Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM) running Apache HTTP Server. The vulnerabilities could be exploited remotely resulting in unauthorized disclosure of information, unauthorized modification, or Denial of Service (DoS). References: CVE-2012-0053, CVE-2012-0031, CVE-2012-0021, CVE-2011-4317, CVE-2011-3607, CVE-2011-3368 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP OpenView Network Node Manager (OV NNM) v7.53 running on HP-UX, Linux, and Solaris. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2012-0053 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2012-0031 (AV:L/AC:L/Au:N/C:P/I:P/A:P) 4.6 CVE-2012-0021 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6 CVE-2011-4317 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2011-3607 (AV:L/AC:M/Au:N/C:P/I:P/A:P) 4.4 CVE-2011-3368 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided a hotfix to resolve the vulnerabilities. The SSRT100772 hotfix is available by contacting the normal HP Services support channel. MANUAL ACTIONS: Yes - NonUpdate Install the hotfix for SSRT100772. PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS (for HP-UX) For HP-UX OV NNM 7.53 HP-UX B.11.31 HP-UX B.11.23 (IA) HP-UX B.11.23 (PA) HP-UX B.11.11 ============= OVNNMgr.OVNNM-RUN,fr=B.07.50.00 action: install the hotfix for SSRT100772 END AFFECTED VERSIONS (for HP-UX) HISTORY Version:1 (rev.1) - 27 March 2012 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk9x0CoACgkQ4B86/C0qfVl7oACeJlq9YAKCNu1EM3LrGyA/ye+H XlwAnAod0MsT/Ly2+GGMr4hpkmMCI2Wz =lRxh -----END PGP SIGNATURE----- . HP Secure Web Server (SWS) for OpenVMS V2.2 and earlier. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3607 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.1: 47721c86104358598ddc96c7e93cbdf8 2010.1/i586/apache-base-2.2.15-3.6mdv2010.2.i586.rpm c4029cf90932f6c6d864cc3d91750bca 2010.1/i586/apache-devel-2.2.15-3.6mdv2010.2.i586.rpm 1f9554a4bdb15089b2711b77fe927c61 2010.1/i586/apache-htcacheclean-2.2.15-3.6mdv2010.2.i586.rpm 8d1d86c9b9737d244fde84560718d8e4 2010.1/i586/apache-mod_authn_dbd-2.2.15-3.6mdv2010.2.i586.rpm d33b4789fd1effc6222440d4cd04dd9e 2010.1/i586/apache-mod_cache-2.2.15-3.6mdv2010.2.i586.rpm 634a44c3077bf6b56a19ba2ee367c7ec 2010.1/i586/apache-mod_dav-2.2.15-3.6mdv2010.2.i586.rpm e6d01a8e87b87234c6ac49aa9491aa6f 2010.1/i586/apache-mod_dbd-2.2.15-3.6mdv2010.2.i586.rpm 8a062c3d3255701c066879d4092f70be 2010.1/i586/apache-mod_deflate-2.2.15-3.6mdv2010.2.i586.rpm 9c8a07706f25f84c7fb1deadd948a754 2010.1/i586/apache-mod_disk_cache-2.2.15-3.6mdv2010.2.i586.rpm 8bc3e2eea57fb63efb5b184e11ca8f1b 2010.1/i586/apache-mod_file_cache-2.2.15-3.6mdv2010.2.i586.rpm 498bc63dfedfa9021a0dd91b6ffed359 2010.1/i586/apache-mod_ldap-2.2.15-3.6mdv2010.2.i586.rpm 586c31feb7fb7ca857ef7ee45bf9aebf 2010.1/i586/apache-mod_mem_cache-2.2.15-3.6mdv2010.2.i586.rpm 308a280dc26817b96a6845bc7578c3db 2010.1/i586/apache-mod_proxy-2.2.15-3.6mdv2010.2.i586.rpm 328ac2fe0f4e22d6fe07ae7f70a52fe2 2010.1/i586/apache-mod_proxy_ajp-2.2.15-3.6mdv2010.2.i586.rpm 930c0accae0dd1f5a575d3585c323ac9 2010.1/i586/apache-mod_proxy_scgi-2.2.15-3.6mdv2010.2.i586.rpm 2a5777c4e69db66cc2ae0415aaa0dc9f 2010.1/i586/apache-mod_reqtimeout-2.2.15-3.6mdv2010.2.i586.rpm 66b7801aa2e0c5dca2615ccdafed173e 2010.1/i586/apache-mod_ssl-2.2.15-3.6mdv2010.2.i586.rpm 8d9053f7c60598e3e9fd7a31c2ddaf87 2010.1/i586/apache-modules-2.2.15-3.6mdv2010.2.i586.rpm 8fad2bd2b81936e4d56feac1c7a4a241 2010.1/i586/apache-mod_userdir-2.2.15-3.6mdv2010.2.i586.rpm 12cf47a671ecc70457b74d77da1e976b 2010.1/i586/apache-mpm-event-2.2.15-3.6mdv2010.2.i586.rpm 97f21f06c7a6b92c4c31c97b0f3ab060 2010.1/i586/apache-mpm-itk-2.2.15-3.6mdv2010.2.i586.rpm 17a097d14ee2d2eb8d9f5d4f1b9c1843 2010.1/i586/apache-mpm-peruser-2.2.15-3.6mdv2010.2.i586.rpm 5b488c7767f3c922f36de062e230de3d 2010.1/i586/apache-mpm-prefork-2.2.15-3.6mdv2010.2.i586.rpm 1c8974dfcec0aa5b8d8260c258d6df49 2010.1/i586/apache-mpm-worker-2.2.15-3.6mdv2010.2.i586.rpm f8ed0cb6600be8c3ec1f2b802a7c0eed 2010.1/i586/apache-source-2.2.15-3.6mdv2010.2.i586.rpm 482f8796d668ae703faaf53d3f4c2c7f 2010.1/SRPMS/apache-2.2.15-3.6mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 04a6488038ca1a84d7e91ce51e4d677f 2010.1/x86_64/apache-base-2.2.15-3.6mdv2010.2.x86_64.rpm 2ba4bd05b46725f127e5b2033fd51667 2010.1/x86_64/apache-devel-2.2.15-3.6mdv2010.2.x86_64.rpm f351ed5721f1b05a6b7dc87ed7aa7a69 2010.1/x86_64/apache-htcacheclean-2.2.15-3.6mdv2010.2.x86_64.rpm 153c76dacd12ef6981827213ec0c8772 2010.1/x86_64/apache-mod_authn_dbd-2.2.15-3.6mdv2010.2.x86_64.rpm 7ed6d7c584fc0eb78303e39ed60b4a73 2010.1/x86_64/apache-mod_cache-2.2.15-3.6mdv2010.2.x86_64.rpm 5a3617389d5a007ecf3dfa4f5ab91b85 2010.1/x86_64/apache-mod_dav-2.2.15-3.6mdv2010.2.x86_64.rpm 93edc8b77815d7cba4373419cb8f5a59 2010.1/x86_64/apache-mod_dbd-2.2.15-3.6mdv2010.2.x86_64.rpm 6e5e5caf00902784efdf13c10939db9d 2010.1/x86_64/apache-mod_deflate-2.2.15-3.6mdv2010.2.x86_64.rpm 4a0347d7d0670c0538d2682dfe9e1e53 2010.1/x86_64/apache-mod_disk_cache-2.2.15-3.6mdv2010.2.x86_64.rpm 8bcc135e98c375d28c3afcd629535a4a 2010.1/x86_64/apache-mod_file_cache-2.2.15-3.6mdv2010.2.x86_64.rpm 214355942ac62028f2697d82906b3920 2010.1/x86_64/apache-mod_ldap-2.2.15-3.6mdv2010.2.x86_64.rpm d9701a16932c1d36f3551fd0ad99ac0f 2010.1/x86_64/apache-mod_mem_cache-2.2.15-3.6mdv2010.2.x86_64.rpm 0514e08540031d1a8fc22420440cf2eb 2010.1/x86_64/apache-mod_proxy-2.2.15-3.6mdv2010.2.x86_64.rpm 564d18314a970303342fa5ef1f5bcd23 2010.1/x86_64/apache-mod_proxy_ajp-2.2.15-3.6mdv2010.2.x86_64.rpm d77370118f402a18bd465508b9ae74c1 2010.1/x86_64/apache-mod_proxy_scgi-2.2.15-3.6mdv2010.2.x86_64.rpm fe3a57456ddb162f53ec86b64aa0f218 2010.1/x86_64/apache-mod_reqtimeout-2.2.15-3.6mdv2010.2.x86_64.rpm b880b8406d1a500a9f4503c06fcfe072 2010.1/x86_64/apache-mod_ssl-2.2.15-3.6mdv2010.2.x86_64.rpm 3392607a02a34b7a53207feb7ed73498 2010.1/x86_64/apache-modules-2.2.15-3.6mdv2010.2.x86_64.rpm f06a2e4cac81365e5c73e365b0f35abe 2010.1/x86_64/apache-mod_userdir-2.2.15-3.6mdv2010.2.x86_64.rpm 3d13698fac6a6dfdafa026b1152a5b1c 2010.1/x86_64/apache-mpm-event-2.2.15-3.6mdv2010.2.x86_64.rpm 16ba47b4fea6f39569be110bbcfaedb6 2010.1/x86_64/apache-mpm-itk-2.2.15-3.6mdv2010.2.x86_64.rpm f24cd380dad81a610d73419eaeb86e04 2010.1/x86_64/apache-mpm-peruser-2.2.15-3.6mdv2010.2.x86_64.rpm d170fad92e75077db15fd802be9deda2 2010.1/x86_64/apache-mpm-prefork-2.2.15-3.6mdv2010.2.x86_64.rpm d967b2e614babf85b3df09589e6978e2 2010.1/x86_64/apache-mpm-worker-2.2.15-3.6mdv2010.2.x86_64.rpm 2c7f977cb7a7494a3e7f020c591b5bea 2010.1/x86_64/apache-source-2.2.15-3.6mdv2010.2.x86_64.rpm 482f8796d668ae703faaf53d3f4c2c7f 2010.1/SRPMS/apache-2.2.15-3.6mdv2010.2.src.rpm Mandriva Linux 2011: 627e6ab0f50fa35c7a639626e23a38a3 2011/i586/apache-base-2.2.21-0.4-mdv2011.0.i586.rpm f834f9e39003d30ee6d2e2b7b3c6253c 2011/i586/apache-devel-2.2.21-0.4-mdv2011.0.i586.rpm e96cfc5498ea7afca1fe2b22168d3259 2011/i586/apache-htcacheclean-2.2.21-0.4-mdv2011.0.i586.rpm f6700e8a1bc0a6a34b18f5ed091231e3 2011/i586/apache-mod_authn_dbd-2.2.21-0.4-mdv2011.0.i586.rpm 8d37dfd4133c3078702921a517f726b7 2011/i586/apache-mod_cache-2.2.21-0.4-mdv2011.0.i586.rpm 49ce15b00c473c0ff39f54d5741e91a5 2011/i586/apache-mod_dav-2.2.21-0.4-mdv2011.0.i586.rpm 42cb7d2f579c14bfb8682a0b8174603f 2011/i586/apache-mod_dbd-2.2.21-0.4-mdv2011.0.i586.rpm 35fcf3b213505b161067e8ba65cbfe2a 2011/i586/apache-mod_deflate-2.2.21-0.4-mdv2011.0.i586.rpm 2d8ee244d999ddcf58afb5f92de698f4 2011/i586/apache-mod_disk_cache-2.2.21-0.4-mdv2011.0.i586.rpm b2e589ebe2292ea479929203fc3059f2 2011/i586/apache-mod_file_cache-2.2.21-0.4-mdv2011.0.i586.rpm a1506320b89211bd3bbb8f996593e094 2011/i586/apache-mod_ldap-2.2.21-0.4-mdv2011.0.i586.rpm 7ec9927d7efccf86308be53a56c8e1ec 2011/i586/apache-mod_mem_cache-2.2.21-0.4-mdv2011.0.i586.rpm 529d3fdcc50ec7f84e8fd4053d79e939 2011/i586/apache-mod_proxy-2.2.21-0.4-mdv2011.0.i586.rpm dff350fe73e8206df27faf0590062278 2011/i586/apache-mod_proxy_ajp-2.2.21-0.4-mdv2011.0.i586.rpm 91e931c21077f11a1af420edb86c14b4 2011/i586/apache-mod_proxy_scgi-2.2.21-0.4-mdv2011.0.i586.rpm c75091575000eee79711cbc988670d0d 2011/i586/apache-mod_reqtimeout-2.2.21-0.4-mdv2011.0.i586.rpm a3953933158f467b931f77939a8802f5 2011/i586/apache-mod_ssl-2.2.21-0.4-mdv2011.0.i586.rpm 3217a4a46e1b449cfef57e07a487127a 2011/i586/apache-modules-2.2.21-0.4-mdv2011.0.i586.rpm 996837cadafe02b3f3e451c30a81839d 2011/i586/apache-mod_userdir-2.2.21-0.4-mdv2011.0.i586.rpm 35b55759125bc4075676160ec82e6da4 2011/i586/apache-mpm-event-2.2.21-0.4-mdv2011.0.i586.rpm 7f73f3385505743b62016050e18e1d95 2011/i586/apache-mpm-itk-2.2.21-0.4-mdv2011.0.i586.rpm a87bd2119895110b0483548236319418 2011/i586/apache-mpm-peruser-2.2.21-0.4-mdv2011.0.i586.rpm da6507b8694c0d83c697e3438cc14f99 2011/i586/apache-mpm-prefork-2.2.21-0.4-mdv2011.0.i586.rpm 31e5c55aab89b2ac1b8e35d4694a6157 2011/i586/apache-mpm-worker-2.2.21-0.4-mdv2011.0.i586.rpm fc55eb6d0e4c1064b9712f8dfee0c9a2 2011/i586/apache-source-2.2.21-0.4-mdv2011.0.i586.rpm fabc4aa5d999deba6d27c9ada2094dd8 2011/SRPMS/apache-2.2.21-0.4.src.rpm Mandriva Linux 2011/X86_64: 256f14e15bc11b9f2e117237a0afcecd 2011/x86_64/apache-base-2.2.21-0.4-mdv2011.0.x86_64.rpm 1811331e8129fbb841591ead6d66fb3a 2011/x86_64/apache-devel-2.2.21-0.4-mdv2011.0.x86_64.rpm 2169f3ab56b419e32cdd0c6374280609 2011/x86_64/apache-htcacheclean-2.2.21-0.4-mdv2011.0.x86_64.rpm 3eb90fce534439380f8c200f212b80d1 2011/x86_64/apache-mod_authn_dbd-2.2.21-0.4-mdv2011.0.x86_64.rpm d7e9ccdb75d0f0cd938b11bf0b34ea75 2011/x86_64/apache-mod_cache-2.2.21-0.4-mdv2011.0.x86_64.rpm 22f9c708f1f1a7111306b96f2f7a2f16 2011/x86_64/apache-mod_dav-2.2.21-0.4-mdv2011.0.x86_64.rpm 9006ed39d4482543acbc0a306d1c98b9 2011/x86_64/apache-mod_dbd-2.2.21-0.4-mdv2011.0.x86_64.rpm ac342440d76088ce12784eaec8a04cfd 2011/x86_64/apache-mod_deflate-2.2.21-0.4-mdv2011.0.x86_64.rpm fe98d140fb40902b6e9e8d6209b7ee6e 2011/x86_64/apache-mod_disk_cache-2.2.21-0.4-mdv2011.0.x86_64.rpm 5fddef6bf9280f38f4758840c20500d0 2011/x86_64/apache-mod_file_cache-2.2.21-0.4-mdv2011.0.x86_64.rpm 3035cd294b73d3419a4a8bc911c95b59 2011/x86_64/apache-mod_ldap-2.2.21-0.4-mdv2011.0.x86_64.rpm e045b1f053add604a46b20c0f33654e4 2011/x86_64/apache-mod_mem_cache-2.2.21-0.4-mdv2011.0.x86_64.rpm ecdced72ed663ff13abc879888f2a369 2011/x86_64/apache-mod_proxy-2.2.21-0.4-mdv2011.0.x86_64.rpm 33dbc278cf903e327492485eb93421c0 2011/x86_64/apache-mod_proxy_ajp-2.2.21-0.4-mdv2011.0.x86_64.rpm 668df865cf090bc56386119ffbf69009 2011/x86_64/apache-mod_proxy_scgi-2.2.21-0.4-mdv2011.0.x86_64.rpm f4ffe3b3c6ea342b92f6ff616be3242f 2011/x86_64/apache-mod_reqtimeout-2.2.21-0.4-mdv2011.0.x86_64.rpm 2a459d496bcfda4a902bf5ba160005b0 2011/x86_64/apache-mod_ssl-2.2.21-0.4-mdv2011.0.x86_64.rpm ffefbf2ceabca42e49e3985bb985880f 2011/x86_64/apache-modules-2.2.21-0.4-mdv2011.0.x86_64.rpm d4bfe84a86bd688730666e116df26062 2011/x86_64/apache-mod_userdir-2.2.21-0.4-mdv2011.0.x86_64.rpm 417d6c12ec5d7580ae209a439307e0c1 2011/x86_64/apache-mpm-event-2.2.21-0.4-mdv2011.0.x86_64.rpm 3580eac20ad0954ec9c9e148070cde92 2011/x86_64/apache-mpm-itk-2.2.21-0.4-mdv2011.0.x86_64.rpm 34c074464e9776093c6fd8b0b00d277d 2011/x86_64/apache-mpm-peruser-2.2.21-0.4-mdv2011.0.x86_64.rpm 77fe238e2acd3e9f50a0c6b4e70dbd91 2011/x86_64/apache-mpm-prefork-2.2.21-0.4-mdv2011.0.x86_64.rpm 530632e85e3a1c56aeb5c22b59d51074 2011/x86_64/apache-mpm-worker-2.2.21-0.4-mdv2011.0.x86_64.rpm 54ae3219fe5921167de58e02d1709136 2011/x86_64/apache-source-2.2.21-0.4-mdv2011.0.x86_64.rpm fabc4aa5d999deba6d27c9ada2094dd8 2011/SRPMS/apache-2.2.21-0.4.src.rpm Mandriva Enterprise Server 5: 694c14ac1aa725219116cf0821bccd4d mes5/i586/apache-base-2.2.9-12.15mdvmes5.2.i586.rpm b78fcfdd2dcba4e1bbb2445850d309a6 mes5/i586/apache-devel-2.2.9-12.15mdvmes5.2.i586.rpm d0df79579e11145dc6222c7be498a08b mes5/i586/apache-htcacheclean-2.2.9-12.15mdvmes5.2.i586.rpm 41bc754f609edd0585e87bfeae433ad0 mes5/i586/apache-mod_authn_dbd-2.2.9-12.15mdvmes5.2.i586.rpm 4ed0091207ac154c47948b14937d8419 mes5/i586/apache-mod_cache-2.2.9-12.15mdvmes5.2.i586.rpm 98ec70cb55cc2d6cfe75e555827e09f6 mes5/i586/apache-mod_dav-2.2.9-12.15mdvmes5.2.i586.rpm 0b57ad40a88d289ff7e93dbee8f7029c mes5/i586/apache-mod_dbd-2.2.9-12.15mdvmes5.2.i586.rpm 60ffbd92bf1c64f9f5d9de84fc1ea3a9 mes5/i586/apache-mod_deflate-2.2.9-12.15mdvmes5.2.i586.rpm 96acedbceae6f50795f5f8eb83bf0894 mes5/i586/apache-mod_disk_cache-2.2.9-12.15mdvmes5.2.i586.rpm 2faa60da5066030c6e1739bcd2e0c186 mes5/i586/apache-mod_file_cache-2.2.9-12.15mdvmes5.2.i586.rpm d8dd234832a23fd7b8fe89b3ab2912ec mes5/i586/apache-mod_ldap-2.2.9-12.15mdvmes5.2.i586.rpm 192b0318fcc0149886d2bf65ca3eb7a0 mes5/i586/apache-mod_mem_cache-2.2.9-12.15mdvmes5.2.i586.rpm c5e14efbac8f535f9d47d71e15210ece mes5/i586/apache-mod_proxy-2.2.9-12.15mdvmes5.2.i586.rpm 86b9b67a3de9e2b3cb90369d74b259eb mes5/i586/apache-mod_proxy_ajp-2.2.9-12.15mdvmes5.2.i586.rpm 23771d89269201a8d41aad22ed7dd9fe mes5/i586/apache-mod_ssl-2.2.9-12.15mdvmes5.2.i586.rpm a9fe76cd2785c8baeb1a4cc24a9e9580 mes5/i586/apache-modules-2.2.9-12.15mdvmes5.2.i586.rpm b156b74e9d0b3f028ec422be7770c61b mes5/i586/apache-mod_userdir-2.2.9-12.15mdvmes5.2.i586.rpm ae57012ad1bfe385be299692f6b70cc1 mes5/i586/apache-mpm-event-2.2.9-12.15mdvmes5.2.i586.rpm 509a7cb7af1ac015b3b383058dc3d460 mes5/i586/apache-mpm-itk-2.2.9-12.15mdvmes5.2.i586.rpm 0f16651ec38ae7d878fe4a2368ee9d54 mes5/i586/apache-mpm-peruser-2.2.9-12.15mdvmes5.2.i586.rpm 7e1c86769e9c7869f0b8636f458ec627 mes5/i586/apache-mpm-prefork-2.2.9-12.15mdvmes5.2.i586.rpm 35ea9692f732f36905a86fb4dba9cdda mes5/i586/apache-mpm-worker-2.2.9-12.15mdvmes5.2.i586.rpm 1a8cac6533373a9fd3faa3b79599c088 mes5/i586/apache-source-2.2.9-12.15mdvmes5.2.i586.rpm d5b6cb92ebf473ba42a32b84fa40f40d mes5/SRPMS/apache-2.2.9-12.15mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 0ae1d7f13adab27acc8b786e95915c14 mes5/x86_64/apache-base-2.2.9-12.15mdvmes5.2.x86_64.rpm 1bd7812000e4f71ddd083300f004e8bd mes5/x86_64/apache-devel-2.2.9-12.15mdvmes5.2.x86_64.rpm 61b1c2004829c09e685e6fbd61ca2714 mes5/x86_64/apache-htcacheclean-2.2.9-12.15mdvmes5.2.x86_64.rpm 26d3fac76d72121901831d7cd38b3633 mes5/x86_64/apache-mod_authn_dbd-2.2.9-12.15mdvmes5.2.x86_64.rpm 4bfcbbc2d949b6c0ff387c1236a26a63 mes5/x86_64/apache-mod_cache-2.2.9-12.15mdvmes5.2.x86_64.rpm 5dfcd153e80849e6eaa29541c06938d9 mes5/x86_64/apache-mod_dav-2.2.9-12.15mdvmes5.2.x86_64.rpm 59ad16a7a1ce24740a10e24b93881225 mes5/x86_64/apache-mod_dbd-2.2.9-12.15mdvmes5.2.x86_64.rpm 7ca4dc330983a90cc76ef05025171c3e mes5/x86_64/apache-mod_deflate-2.2.9-12.15mdvmes5.2.x86_64.rpm 601d5df07381c6e7f4f4ec233d7b130f mes5/x86_64/apache-mod_disk_cache-2.2.9-12.15mdvmes5.2.x86_64.rpm 56a892846f01dc5f354091867b1c11b9 mes5/x86_64/apache-mod_file_cache-2.2.9-12.15mdvmes5.2.x86_64.rpm 3dc34aee1e773bcd1d8104d9102ad65c mes5/x86_64/apache-mod_ldap-2.2.9-12.15mdvmes5.2.x86_64.rpm 2e523ac976afa7e9fbb49851dd7cdbad mes5/x86_64/apache-mod_mem_cache-2.2.9-12.15mdvmes5.2.x86_64.rpm 2a0c71a369a519f2606266df778200cf mes5/x86_64/apache-mod_proxy-2.2.9-12.15mdvmes5.2.x86_64.rpm 8b5695a122649830105b88a62e45dede mes5/x86_64/apache-mod_proxy_ajp-2.2.9-12.15mdvmes5.2.x86_64.rpm c0ad053024a6bbcc1a618639694a4a0b mes5/x86_64/apache-mod_ssl-2.2.9-12.15mdvmes5.2.x86_64.rpm f0eb92fa6a5fd1b70d32965ac32033ff mes5/x86_64/apache-modules-2.2.9-12.15mdvmes5.2.x86_64.rpm 378560cb4256e15405e6786672586239 mes5/x86_64/apache-mod_userdir-2.2.9-12.15mdvmes5.2.x86_64.rpm c5f79fe55502f5fd2e6a80ef22d14cb5 mes5/x86_64/apache-mpm-event-2.2.9-12.15mdvmes5.2.x86_64.rpm 79c9df06193fec61ece2372929da3e72 mes5/x86_64/apache-mpm-itk-2.2.9-12.15mdvmes5.2.x86_64.rpm fad5cd549063827dc78c335162a8b5ab mes5/x86_64/apache-mpm-peruser-2.2.9-12.15mdvmes5.2.x86_64.rpm e691b3fdb827f1f03c92c3bc4265f6ee mes5/x86_64/apache-mpm-prefork-2.2.9-12.15mdvmes5.2.x86_64.rpm 8578c114dea4dd49232a82922d46fbbc mes5/x86_64/apache-mpm-worker-2.2.9-12.15mdvmes5.2.x86_64.rpm 4eba23905fbbd38d24a99f8567304372 mes5/x86_64/apache-source-2.2.9-12.15mdvmes5.2.x86_64.rpm d5b6cb92ebf473ba42a32b84fa40f40d mes5/SRPMS/apache-2.2.9-12.15mdvmes5.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

network

TYPE

Design Error

CONFIGURATIONS

EXPLOIT AVAILABILITY

PATCH

EXTERNAL IDS

REFERENCES