LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 16, 2012

Book review: Open Advice

Linux support for ARM big.LITTLE

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

apache2: information disclosure

Package(s):apache CVE #(s):CVE-2007-1862
Created:June 20, 2007 Updated:February 18, 2008
Description: From the Mandriva advisory: "The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously-used data, which could be used to obtain potentially sensitive information by unauthorized users."
Alerts:
Fedora FEDORA-2008-1711 2008-02-15
Fedora FEDORA-2007-0704 2007-06-26
Mandriva MDKSA-2007:127 2007-06-19
(Log in to post comments)

apache2: information disclosure

Posted Jun 21, 2007 8:45 UTC (Thu) by mjcox@redhat.com (subscriber, #31775) [Link]

This issue was specific to httpd version 2.2.4 and did not affect the versions of httpd as shipped with Red Hat Enterprise Linux 2.1, 3, 4 or 5.

apache2: information disclosure

Posted Oct 13, 2007 17:03 UTC (Sat) by kreutzm (subscriber, #4700) [Link]

Same thing for Debian, both Sarge and Etch are not vulnerable.

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds