LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

apache: multiple vulnerabilities

Package(s):apache CVE #(s):CVE-2007-6420 CVE-2008-2364 CVE-2008-2939
Created:December 5, 2008 Updated:December 7, 2009
Description: The Apache web server has multiple vulnerabilities. From the Red Hat vulnerability report:

A flaw was found in the mod_proxy module. An attacker who has control of a web server to which requests are being proxied could cause a limited denial of service due to CPU consumption and stack exhaustion. (CVE-2008-2364)

A flaw was found in the mod_proxy_ftp module. Where Apache is configured to support ftp-over-httpd proxying, a remote attacker could perform a cross-site scripting attack. (CVE-2008-2939)

A cross-site request forgery issue was found in the mod_proxy_balancer module. A remote attacker could cause a denial of service if mod_proxy_balancer is enabled and an authenticated user is targeted. (CVE-2007-6420)

Alerts:
Mandriva MDVSA-2009:323 2009-12-07
Mandriva MDVSA-2009:124-1 2009-07-08
Mandriva MDVSA-2009:124 2009-05-31
Ubuntu USN-731-1 2009-03-10
SuSE SUSE-SR:2009:006 2009-03-10
Red Hat RHSA-2008:0966-02 2008-12-04
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds