Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2012-0053
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T18:09:17.304Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "HPSBMU02786", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" }, { "name": "MDVSA-2012:012", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:012" }, { "name": "51706", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/51706" }, { "name": "SSRT101112", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=136441204617335\u0026w=2" }, { "name": "RHSA-2012:0543", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0543.html" }, { "name": "SSRT100772", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=133294460209056\u0026w=2" }, { "name": "RHSA-2012:0128", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0128.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "name": "HPSBST02848", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=136441204617335\u0026w=2" }, { "name": "HPSBMU02748", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=133294460209056\u0026w=2" }, { "name": "RHSA-2012:0542", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0542.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://httpd.apache.org/security/vulnerabilities_22.html" }, { "name": "APPLE-SA-2012-09-19-2", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT5501" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=785069" }, { "name": "SSRT100852", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "name": "SSRT100877", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" }, { "name": "HPSBMU02776", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "name": "HPSBUX02761", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=133494237717847\u0026w=2" }, { "name": "openSUSE-SU-2012:0314", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00026.html" }, { "name": "MDVSA-2013:150", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" }, { "name": "48551", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48551" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1235454" }, { "name": "DSA-2405", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2012/dsa-2405" }, { "name": "SSRT100823", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=133494237717847\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://kb.juniper.net/JSA10585" }, { "name": "SUSE-SU-2012:0323", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00002.html" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [8/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1888194 [8/13] - /httpd/site/trunk/content/security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [8/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-01-23T00:00:00", "descriptions": [ { "lang": "en", "value": "protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-06T10:09:05", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "HPSBMU02786", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" }, { "name": "MDVSA-2012:012", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:012" }, { "name": "51706", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/51706" }, { "name": "SSRT101112", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=136441204617335\u0026w=2" }, { "name": "RHSA-2012:0543", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0543.html" }, { "name": "SSRT100772", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=133294460209056\u0026w=2" }, { "name": "RHSA-2012:0128", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0128.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "name": "HPSBST02848", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=136441204617335\u0026w=2" }, { "name": "HPSBMU02748", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=133294460209056\u0026w=2" }, { "name": "RHSA-2012:0542", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0542.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://httpd.apache.org/security/vulnerabilities_22.html" }, { "name": "APPLE-SA-2012-09-19-2", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT5501" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=785069" }, { "name": "SSRT100852", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "name": "SSRT100877", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" }, { "name": "HPSBMU02776", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "name": "HPSBUX02761", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=133494237717847\u0026w=2" }, { "name": "openSUSE-SU-2012:0314", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00026.html" }, { "name": "MDVSA-2013:150", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" }, { "name": "48551", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48551" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1235454" }, { "name": "DSA-2405", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2012/dsa-2405" }, { "name": "SSRT100823", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=133494237717847\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://kb.juniper.net/JSA10585" }, { "name": "SUSE-SU-2012:0323", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00002.html" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [8/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1888194 [8/13] - /httpd/site/trunk/content/security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [8/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-0053", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "HPSBMU02786", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" }, { "name": "MDVSA-2012:012", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:012" }, { "name": "51706", "refsource": "BID", "url": "http://www.securityfocus.com/bid/51706" }, { "name": "SSRT101112", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=136441204617335\u0026w=2" }, { "name": "RHSA-2012:0543", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-0543.html" }, { "name": "SSRT100772", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=133294460209056\u0026w=2" }, { "name": "RHSA-2012:0128", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-0128.html" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "name": "HPSBST02848", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=136441204617335\u0026w=2" }, { "name": "HPSBMU02748", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=133294460209056\u0026w=2" }, { "name": "RHSA-2012:0542", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-0542.html" }, { "name": "http://httpd.apache.org/security/vulnerabilities_22.html", "refsource": "CONFIRM", "url": "http://httpd.apache.org/security/vulnerabilities_22.html" }, { "name": "APPLE-SA-2012-09-19-2", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html" }, { "name": "http://support.apple.com/kb/HT5501", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT5501" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=785069", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=785069" }, { "name": "SSRT100852", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "name": "SSRT100877", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" }, { "name": "HPSBMU02776", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "name": "HPSBUX02761", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=133494237717847\u0026w=2" }, { "name": "openSUSE-SU-2012:0314", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00026.html" }, { "name": "MDVSA-2013:150", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" }, { "name": "48551", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48551" }, { "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1235454", "refsource": "CONFIRM", "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1235454" }, { "name": "DSA-2405", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2012/dsa-2405" }, { "name": "SSRT100823", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=133494237717847\u0026w=2" }, { "name": "http://kb.juniper.net/JSA10585", "refsource": "CONFIRM", "url": "http://kb.juniper.net/JSA10585" }, { "name": "SUSE-SU-2012:0323", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00002.html" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [8/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1888194 [8/13] - /httpd/site/trunk/content/security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [8/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-0053", "datePublished": "2012-01-28T02:00:00", "dateReserved": "2011-12-07T00:00:00", "dateUpdated": "2024-08-06T18:09:17.304Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2012-0053\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2012-01-28T04:05:00.797\",\"lastModified\":\"2024-11-21T01:34:17.753\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.\"},{\"lang\":\"es\",\"value\":\"protocol.c en Apache HTTP Server v2.2.x hasta la v2.2.21 no limita adecuadamente la informaci\u00f3n de cabecera durante la construcci\u00f3n de mensajes de error Bad Request (errores 400), lo que permite obtener los valores de las cookies HTTPOnly a atacantes remotos a trav\u00e9s de vectores relacionados con una cabecera (1) demasiado larga o (2) mal formada con un script web desarrollado para este fin.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.0\",\"versionEndExcluding\":\"2.0.65\",\"matchCriteriaId\":\"868A95C4-8C91-4B85-95B1-483A43A1C744\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.2.0\",\"versionEndExcluding\":\"2.2.22\",\"matchCriteriaId\":\"CC4C3235-1C3B-4946-A1A8-9734D4735EC9\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C757774-08E7-40AA-B532-6F705C8F7639\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"036E8A89-7A16-411F-9D31-676313BB7244\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16F59A04-14CF-49E2-9973-645477EA09DA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE554781-1EB9-446E-911F-6C11970C47F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*\",\"matchCriteriaId\":\"D1D7B467-58DD-45F1-9F1F-632620DF072A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"436EF2ED-FDBB-4B64-8EC4-33C3E4253F06\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:storage:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52B90A04-DD6D-4AE7-A0E5-6B381127D507\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0554C89-3716-49F3-BFAE-E008D5E4E29C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BBCD86A-E6C7-4444-9D74-F861084090F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_web_server:1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"14259BF1-3601-4BF1-A591-FC4DE1639C57\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D8B549B-E57B-4DFE-8A13-CAB06B5356B3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"}]}]}],\"references\":[{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://httpd.apache.org/security/vulnerabilities_22.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://kb.juniper.net/JSA10585\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\",\"Mailing List\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00026.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00002.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=133294460209056\u0026w=2\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=133294460209056\u0026w=2\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=133494237717847\u0026w=2\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=133494237717847\u0026w=2\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=136441204617335\u0026w=2\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=136441204617335\u0026w=2\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2012-0128.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2012-0542.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2012-0543.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/48551\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://support.apple.com/kb/HT5501\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://svn.apache.org/viewvc?view=revision\u0026revision=1235454\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2012/dsa-2405\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2012:012\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2013:150\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/51706\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=785069\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://httpd.apache.org/security/vulnerabilities_22.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://kb.juniper.net/JSA10585\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Mailing List\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00026.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=133294460209056\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=133294460209056\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=133494237717847\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=133494237717847\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=136441204617335\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=136441204617335\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2012-0128.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2012-0542.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2012-0543.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/48551\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://support.apple.com/kb/HT5501\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://svn.apache.org/viewvc?view=revision\u0026revision=1235454\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2012/dsa-2405\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2012:012\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2013:150\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/51706\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=785069\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}" } }
rhsa-2012_0128
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated httpd packages that fix multiple security issues are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "The Apache HTTP Server is a popular web server.\n\nIt was discovered that the fix for CVE-2011-3368 (released via\nRHSA-2011:1391) did not completely address the problem. An attacker could\nbypass the fix and make a reverse proxy connect to an arbitrary server not\ndirectly accessible to the attacker by sending an HTTP version 0.9 request,\nor by using a specially-crafted URI. (CVE-2011-3639, CVE-2011-4317)\n\nThe httpd server included the full HTTP header line in the default error\npage generated when receiving an excessively long or malformed header.\nMalicious JavaScript running in the server\u0027s domain context could use this\nflaw to gain access to httpOnly cookies. (CVE-2012-0053)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way httpd performed substitutions in regular expressions. An\nattacker able to set certain httpd settings, such as a user permitted to\noverride the httpd configuration for a specific directory using a\n\".htaccess\" file, could use this flaw to crash the httpd child process or,\npossibly, execute arbitrary code with the privileges of the \"apache\" user.\n(CVE-2011-3607)\n\nA flaw was found in the way httpd handled child process status information.\nA malicious program running with httpd child process privileges (such as a\nPHP or CGI script) could use this flaw to cause the parent httpd process to\ncrash during httpd service shutdown. (CVE-2012-0031)\n\nAll httpd users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, the httpd daemon will be restarted automatically.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2012:0128", "url": "https://access.redhat.com/errata/RHSA-2012:0128" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://rhn.redhat.com/errata/RHSA-2011-1391.html", "url": "https://rhn.redhat.com/errata/RHSA-2011-1391.html" }, { "category": "external", "summary": "752080", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=752080" }, { "category": "external", "summary": "756483", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=756483" }, { "category": "external", "summary": "769844", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=769844" }, { "category": "external", "summary": "773744", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=773744" }, { "category": "external", "summary": "785069", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=785069" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_0128.json" } ], "title": "Red Hat Security Advisory: httpd security update", "tracking": { "current_release_date": "2024-11-22T05:04:18+00:00", "generator": { "date": "2024-11-22T05:04:18+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2012:0128", "initial_release_date": "2012-02-13T20:28:00+00:00", "revision_history": [ { "date": "2012-02-13T20:28:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2012-02-13T20:33:00+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T05:04:18+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop (v. 6)", "product": { "name": "Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.2.z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:6::client" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop Optional (v. 6)", "product": { "name": "Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.2.z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:6::client" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux HPC Node (v. 6)", "product": { "name": "Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.2.z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:6::computenode" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product": { "name": "Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.2.z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:6::computenode" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server (v. 6)", "product": { "name": "Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.2.z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:6::server" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Workstation (v. 6)", "product": { "name": "Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.2.z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:6::workstation" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "httpd-manual-0:2.2.15-15.el6_2.1.noarch", "product": { "name": "httpd-manual-0:2.2.15-15.el6_2.1.noarch", "product_id": "httpd-manual-0:2.2.15-15.el6_2.1.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-manual@2.2.15-15.el6_2.1?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "product": { "name": "mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "product_id": "mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.2.15-15.el6_2.1?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "product": { "name": "httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "product_id": "httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.15-15.el6_2.1?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "product": { "name": "httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "product_id": "httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.15-15.el6_2.1?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "product": { "name": "httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "product_id": "httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools@2.2.15-15.el6_2.1?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-0:2.2.15-15.el6_2.1.x86_64", "product": { "name": "httpd-0:2.2.15-15.el6_2.1.x86_64", "product_id": "httpd-0:2.2.15-15.el6_2.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.15-15.el6_2.1?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "httpd-devel-0:2.2.15-15.el6_2.1.i686", "product": { "name": "httpd-devel-0:2.2.15-15.el6_2.1.i686", "product_id": "httpd-devel-0:2.2.15-15.el6_2.1.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.15-15.el6_2.1?arch=i686" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "product": { "name": "httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "product_id": "httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.15-15.el6_2.1?arch=i686" } } }, { "category": "product_version", "name": "httpd-tools-0:2.2.15-15.el6_2.1.i686", "product": { "name": "httpd-tools-0:2.2.15-15.el6_2.1.i686", "product_id": "httpd-tools-0:2.2.15-15.el6_2.1.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools@2.2.15-15.el6_2.1?arch=i686" } } }, { "category": "product_version", "name": "httpd-0:2.2.15-15.el6_2.1.i686", "product": { "name": "httpd-0:2.2.15-15.el6_2.1.i686", "product_id": "httpd-0:2.2.15-15.el6_2.1.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.15-15.el6_2.1?arch=i686" } } }, { "category": "product_version", "name": "mod_ssl-1:2.2.15-15.el6_2.1.i686", "product": { "name": "mod_ssl-1:2.2.15-15.el6_2.1.i686", "product_id": "mod_ssl-1:2.2.15-15.el6_2.1.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.2.15-15.el6_2.1?arch=i686\u0026epoch=1" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "httpd-0:2.2.15-15.el6_2.1.src", "product": { "name": "httpd-0:2.2.15-15.el6_2.1.src", "product_id": "httpd-0:2.2.15-15.el6_2.1.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.15-15.el6_2.1?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "product": { "name": "httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "product_id": "httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools@2.2.15-15.el6_2.1?arch=ppc64" } } }, { "category": "product_version", "name": "mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "product": { "name": "mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "product_id": "mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.2.15-15.el6_2.1?arch=ppc64\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "product": { "name": "httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "product_id": "httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.15-15.el6_2.1?arch=ppc64" } } }, { "category": "product_version", "name": "httpd-0:2.2.15-15.el6_2.1.ppc64", "product": { "name": "httpd-0:2.2.15-15.el6_2.1.ppc64", "product_id": "httpd-0:2.2.15-15.el6_2.1.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.15-15.el6_2.1?arch=ppc64" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "product": { "name": "httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "product_id": "httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.15-15.el6_2.1?arch=ppc64" } } } ], "category": "architecture", "name": "ppc64" }, { "branches": [ { "category": "product_version", "name": "httpd-devel-0:2.2.15-15.el6_2.1.ppc", "product": { "name": "httpd-devel-0:2.2.15-15.el6_2.1.ppc", "product_id": "httpd-devel-0:2.2.15-15.el6_2.1.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.15-15.el6_2.1?arch=ppc" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "product": { "name": "httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "product_id": "httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.15-15.el6_2.1?arch=ppc" } } } ], "category": "architecture", "name": "ppc" }, { "branches": [ { "category": "product_version", "name": "httpd-tools-0:2.2.15-15.el6_2.1.s390x", "product": { "name": "httpd-tools-0:2.2.15-15.el6_2.1.s390x", "product_id": "httpd-tools-0:2.2.15-15.el6_2.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools@2.2.15-15.el6_2.1?arch=s390x" } } }, { "category": "product_version", "name": "mod_ssl-1:2.2.15-15.el6_2.1.s390x", "product": { "name": "mod_ssl-1:2.2.15-15.el6_2.1.s390x", "product_id": "mod_ssl-1:2.2.15-15.el6_2.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.2.15-15.el6_2.1?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-devel-0:2.2.15-15.el6_2.1.s390x", "product": { "name": "httpd-devel-0:2.2.15-15.el6_2.1.s390x", "product_id": "httpd-devel-0:2.2.15-15.el6_2.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.15-15.el6_2.1?arch=s390x" } } }, { "category": "product_version", "name": "httpd-0:2.2.15-15.el6_2.1.s390x", "product": { "name": "httpd-0:2.2.15-15.el6_2.1.s390x", "product_id": "httpd-0:2.2.15-15.el6_2.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.15-15.el6_2.1?arch=s390x" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "product": { "name": "httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "product_id": "httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.15-15.el6_2.1?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "httpd-devel-0:2.2.15-15.el6_2.1.s390", "product": { "name": "httpd-devel-0:2.2.15-15.el6_2.1.s390", "product_id": "httpd-devel-0:2.2.15-15.el6_2.1.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.15-15.el6_2.1?arch=s390" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "product": { "name": "httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "product_id": "httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.15-15.el6_2.1?arch=s390" } } } ], "category": "architecture", "name": "s390" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-15.el6_2.1.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686" }, "product_reference": "httpd-0:2.2.15-15.el6_2.1.i686", "relates_to_product_reference": "6Client-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-15.el6_2.1.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64" }, "product_reference": "httpd-0:2.2.15-15.el6_2.1.ppc64", "relates_to_product_reference": "6Client-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-15.el6_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x" }, "product_reference": "httpd-0:2.2.15-15.el6_2.1.s390x", "relates_to_product_reference": "6Client-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-15.el6_2.1.src as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.src" }, "product_reference": "httpd-0:2.2.15-15.el6_2.1.src", "relates_to_product_reference": "6Client-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-15.el6_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64" }, "product_reference": "httpd-0:2.2.15-15.el6_2.1.x86_64", "relates_to_product_reference": "6Client-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-15.el6_2.1.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686" }, "product_reference": "httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "relates_to_product_reference": "6Client-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc" }, "product_reference": "httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "relates_to_product_reference": "6Client-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64" }, "product_reference": "httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "relates_to_product_reference": "6Client-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-15.el6_2.1.s390 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390" }, "product_reference": "httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "relates_to_product_reference": "6Client-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x" }, "product_reference": "httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "relates_to_product_reference": "6Client-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64" }, "product_reference": "httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "relates_to_product_reference": "6Client-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-15.el6_2.1.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686" }, "product_reference": "httpd-devel-0:2.2.15-15.el6_2.1.i686", "relates_to_product_reference": "6Client-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-15.el6_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc" }, "product_reference": "httpd-devel-0:2.2.15-15.el6_2.1.ppc", "relates_to_product_reference": "6Client-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-15.el6_2.1.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64" }, "product_reference": "httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "relates_to_product_reference": "6Client-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-15.el6_2.1.s390 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390" }, "product_reference": "httpd-devel-0:2.2.15-15.el6_2.1.s390", "relates_to_product_reference": "6Client-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-15.el6_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x" }, "product_reference": "httpd-devel-0:2.2.15-15.el6_2.1.s390x", "relates_to_product_reference": "6Client-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-15.el6_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64" }, "product_reference": "httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "relates_to_product_reference": "6Client-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.15-15.el6_2.1.noarch as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch" }, "product_reference": "httpd-manual-0:2.2.15-15.el6_2.1.noarch", "relates_to_product_reference": "6Client-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-15.el6_2.1.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686" }, "product_reference": "httpd-tools-0:2.2.15-15.el6_2.1.i686", "relates_to_product_reference": "6Client-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-15.el6_2.1.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64" }, "product_reference": "httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "relates_to_product_reference": "6Client-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-15.el6_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x" }, "product_reference": "httpd-tools-0:2.2.15-15.el6_2.1.s390x", "relates_to_product_reference": "6Client-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-15.el6_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64" }, "product_reference": "httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "relates_to_product_reference": "6Client-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-15.el6_2.1.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686" }, "product_reference": "mod_ssl-1:2.2.15-15.el6_2.1.i686", "relates_to_product_reference": "6Client-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-15.el6_2.1.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64" }, "product_reference": "mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "relates_to_product_reference": "6Client-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-15.el6_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x" }, "product_reference": "mod_ssl-1:2.2.15-15.el6_2.1.s390x", "relates_to_product_reference": "6Client-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-15.el6_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64" }, "product_reference": "mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "relates_to_product_reference": "6Client-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-15.el6_2.1.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686" }, "product_reference": "httpd-0:2.2.15-15.el6_2.1.i686", "relates_to_product_reference": "6Client-optional-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-15.el6_2.1.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64" }, "product_reference": "httpd-0:2.2.15-15.el6_2.1.ppc64", "relates_to_product_reference": "6Client-optional-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-15.el6_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x" }, "product_reference": "httpd-0:2.2.15-15.el6_2.1.s390x", "relates_to_product_reference": "6Client-optional-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-15.el6_2.1.src as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.src" }, "product_reference": "httpd-0:2.2.15-15.el6_2.1.src", "relates_to_product_reference": "6Client-optional-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-15.el6_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64" }, "product_reference": "httpd-0:2.2.15-15.el6_2.1.x86_64", "relates_to_product_reference": "6Client-optional-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-15.el6_2.1.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686" }, "product_reference": "httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "relates_to_product_reference": "6Client-optional-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc" }, "product_reference": "httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "relates_to_product_reference": "6Client-optional-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64" }, "product_reference": "httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "relates_to_product_reference": "6Client-optional-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-15.el6_2.1.s390 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390" }, "product_reference": "httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "relates_to_product_reference": "6Client-optional-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x" }, "product_reference": "httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "relates_to_product_reference": "6Client-optional-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64" }, "product_reference": "httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "relates_to_product_reference": "6Client-optional-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-15.el6_2.1.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686" }, "product_reference": "httpd-devel-0:2.2.15-15.el6_2.1.i686", "relates_to_product_reference": "6Client-optional-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-15.el6_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc" }, "product_reference": "httpd-devel-0:2.2.15-15.el6_2.1.ppc", "relates_to_product_reference": "6Client-optional-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-15.el6_2.1.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64" }, "product_reference": "httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "relates_to_product_reference": "6Client-optional-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-15.el6_2.1.s390 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390" }, "product_reference": "httpd-devel-0:2.2.15-15.el6_2.1.s390", "relates_to_product_reference": "6Client-optional-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-15.el6_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x" }, "product_reference": "httpd-devel-0:2.2.15-15.el6_2.1.s390x", "relates_to_product_reference": "6Client-optional-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-15.el6_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64" }, "product_reference": "httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "relates_to_product_reference": "6Client-optional-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.15-15.el6_2.1.noarch as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch" }, "product_reference": "httpd-manual-0:2.2.15-15.el6_2.1.noarch", "relates_to_product_reference": "6Client-optional-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-15.el6_2.1.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686" }, "product_reference": "httpd-tools-0:2.2.15-15.el6_2.1.i686", "relates_to_product_reference": "6Client-optional-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-15.el6_2.1.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64" }, "product_reference": "httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "relates_to_product_reference": "6Client-optional-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-15.el6_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x" }, "product_reference": "httpd-tools-0:2.2.15-15.el6_2.1.s390x", "relates_to_product_reference": "6Client-optional-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-15.el6_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64" }, "product_reference": "httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "relates_to_product_reference": "6Client-optional-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-15.el6_2.1.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686" }, "product_reference": "mod_ssl-1:2.2.15-15.el6_2.1.i686", "relates_to_product_reference": "6Client-optional-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-15.el6_2.1.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64" }, "product_reference": "mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "relates_to_product_reference": "6Client-optional-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-15.el6_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x" }, "product_reference": "mod_ssl-1:2.2.15-15.el6_2.1.s390x", "relates_to_product_reference": "6Client-optional-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-15.el6_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64" }, "product_reference": "mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "relates_to_product_reference": "6Client-optional-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-15.el6_2.1.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686" }, "product_reference": "httpd-0:2.2.15-15.el6_2.1.i686", "relates_to_product_reference": "6ComputeNode-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-15.el6_2.1.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64" }, "product_reference": "httpd-0:2.2.15-15.el6_2.1.ppc64", "relates_to_product_reference": "6ComputeNode-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-15.el6_2.1.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x" }, "product_reference": "httpd-0:2.2.15-15.el6_2.1.s390x", "relates_to_product_reference": "6ComputeNode-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-15.el6_2.1.src as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.src" }, "product_reference": "httpd-0:2.2.15-15.el6_2.1.src", "relates_to_product_reference": "6ComputeNode-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-15.el6_2.1.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64" }, "product_reference": "httpd-0:2.2.15-15.el6_2.1.x86_64", "relates_to_product_reference": "6ComputeNode-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-15.el6_2.1.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686" }, "product_reference": "httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "relates_to_product_reference": "6ComputeNode-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc" }, "product_reference": "httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "relates_to_product_reference": "6ComputeNode-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64" }, "product_reference": "httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "relates_to_product_reference": "6ComputeNode-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-15.el6_2.1.s390 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390" }, "product_reference": "httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "relates_to_product_reference": "6ComputeNode-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x" }, "product_reference": "httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "relates_to_product_reference": "6ComputeNode-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64" }, "product_reference": "httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "relates_to_product_reference": "6ComputeNode-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-15.el6_2.1.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686" }, "product_reference": "httpd-devel-0:2.2.15-15.el6_2.1.i686", "relates_to_product_reference": "6ComputeNode-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-15.el6_2.1.ppc as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc" }, "product_reference": "httpd-devel-0:2.2.15-15.el6_2.1.ppc", "relates_to_product_reference": "6ComputeNode-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-15.el6_2.1.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64" }, "product_reference": "httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "relates_to_product_reference": "6ComputeNode-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-15.el6_2.1.s390 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390" }, "product_reference": "httpd-devel-0:2.2.15-15.el6_2.1.s390", "relates_to_product_reference": "6ComputeNode-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-15.el6_2.1.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x" }, "product_reference": "httpd-devel-0:2.2.15-15.el6_2.1.s390x", "relates_to_product_reference": "6ComputeNode-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-15.el6_2.1.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64" }, "product_reference": "httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "relates_to_product_reference": "6ComputeNode-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.15-15.el6_2.1.noarch as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch" }, "product_reference": "httpd-manual-0:2.2.15-15.el6_2.1.noarch", "relates_to_product_reference": "6ComputeNode-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-15.el6_2.1.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686" }, "product_reference": "httpd-tools-0:2.2.15-15.el6_2.1.i686", "relates_to_product_reference": "6ComputeNode-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-15.el6_2.1.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64" }, "product_reference": "httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "relates_to_product_reference": "6ComputeNode-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-15.el6_2.1.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x" }, "product_reference": "httpd-tools-0:2.2.15-15.el6_2.1.s390x", "relates_to_product_reference": "6ComputeNode-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-15.el6_2.1.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64" }, "product_reference": "httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "relates_to_product_reference": "6ComputeNode-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-15.el6_2.1.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686" }, "product_reference": "mod_ssl-1:2.2.15-15.el6_2.1.i686", "relates_to_product_reference": "6ComputeNode-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-15.el6_2.1.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64" }, "product_reference": "mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "relates_to_product_reference": "6ComputeNode-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-15.el6_2.1.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x" }, "product_reference": "mod_ssl-1:2.2.15-15.el6_2.1.s390x", "relates_to_product_reference": "6ComputeNode-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-15.el6_2.1.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64" }, "product_reference": "mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "relates_to_product_reference": "6ComputeNode-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-15.el6_2.1.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686" }, "product_reference": "httpd-0:2.2.15-15.el6_2.1.i686", "relates_to_product_reference": "6ComputeNode-optional-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-15.el6_2.1.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64" }, "product_reference": "httpd-0:2.2.15-15.el6_2.1.ppc64", "relates_to_product_reference": "6ComputeNode-optional-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-15.el6_2.1.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x" }, "product_reference": "httpd-0:2.2.15-15.el6_2.1.s390x", "relates_to_product_reference": "6ComputeNode-optional-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-15.el6_2.1.src as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.src" }, "product_reference": "httpd-0:2.2.15-15.el6_2.1.src", "relates_to_product_reference": "6ComputeNode-optional-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-15.el6_2.1.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64" }, "product_reference": "httpd-0:2.2.15-15.el6_2.1.x86_64", "relates_to_product_reference": "6ComputeNode-optional-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-15.el6_2.1.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686" }, "product_reference": "httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "relates_to_product_reference": "6ComputeNode-optional-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc" }, "product_reference": "httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "relates_to_product_reference": "6ComputeNode-optional-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64" }, "product_reference": "httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "relates_to_product_reference": "6ComputeNode-optional-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-15.el6_2.1.s390 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390" }, "product_reference": "httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "relates_to_product_reference": "6ComputeNode-optional-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x" }, "product_reference": "httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "relates_to_product_reference": "6ComputeNode-optional-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64" }, "product_reference": "httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "relates_to_product_reference": "6ComputeNode-optional-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-15.el6_2.1.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686" }, "product_reference": "httpd-devel-0:2.2.15-15.el6_2.1.i686", "relates_to_product_reference": "6ComputeNode-optional-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-15.el6_2.1.ppc as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc" }, "product_reference": "httpd-devel-0:2.2.15-15.el6_2.1.ppc", "relates_to_product_reference": "6ComputeNode-optional-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-15.el6_2.1.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64" }, "product_reference": "httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "relates_to_product_reference": "6ComputeNode-optional-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-15.el6_2.1.s390 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390" }, "product_reference": "httpd-devel-0:2.2.15-15.el6_2.1.s390", "relates_to_product_reference": "6ComputeNode-optional-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-15.el6_2.1.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x" }, "product_reference": "httpd-devel-0:2.2.15-15.el6_2.1.s390x", "relates_to_product_reference": "6ComputeNode-optional-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-15.el6_2.1.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64" }, "product_reference": "httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "relates_to_product_reference": "6ComputeNode-optional-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.15-15.el6_2.1.noarch as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch" }, "product_reference": "httpd-manual-0:2.2.15-15.el6_2.1.noarch", "relates_to_product_reference": "6ComputeNode-optional-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-15.el6_2.1.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686" }, "product_reference": "httpd-tools-0:2.2.15-15.el6_2.1.i686", "relates_to_product_reference": "6ComputeNode-optional-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-15.el6_2.1.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64" }, "product_reference": "httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "relates_to_product_reference": "6ComputeNode-optional-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-15.el6_2.1.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x" }, "product_reference": "httpd-tools-0:2.2.15-15.el6_2.1.s390x", "relates_to_product_reference": "6ComputeNode-optional-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-15.el6_2.1.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64" }, "product_reference": "httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "relates_to_product_reference": "6ComputeNode-optional-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-15.el6_2.1.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686" }, "product_reference": "mod_ssl-1:2.2.15-15.el6_2.1.i686", "relates_to_product_reference": "6ComputeNode-optional-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-15.el6_2.1.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64" }, "product_reference": "mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "relates_to_product_reference": "6ComputeNode-optional-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-15.el6_2.1.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x" }, "product_reference": "mod_ssl-1:2.2.15-15.el6_2.1.s390x", "relates_to_product_reference": "6ComputeNode-optional-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-15.el6_2.1.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64" }, "product_reference": "mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "relates_to_product_reference": "6ComputeNode-optional-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-15.el6_2.1.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686" }, "product_reference": "httpd-0:2.2.15-15.el6_2.1.i686", "relates_to_product_reference": "6Server-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-15.el6_2.1.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64" }, "product_reference": "httpd-0:2.2.15-15.el6_2.1.ppc64", "relates_to_product_reference": "6Server-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-15.el6_2.1.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x" }, "product_reference": "httpd-0:2.2.15-15.el6_2.1.s390x", "relates_to_product_reference": "6Server-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-15.el6_2.1.src as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.src" }, "product_reference": "httpd-0:2.2.15-15.el6_2.1.src", "relates_to_product_reference": "6Server-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-15.el6_2.1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64" }, "product_reference": "httpd-0:2.2.15-15.el6_2.1.x86_64", "relates_to_product_reference": "6Server-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-15.el6_2.1.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686" }, "product_reference": "httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "relates_to_product_reference": "6Server-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc" }, "product_reference": "httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "relates_to_product_reference": "6Server-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64" }, "product_reference": "httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "relates_to_product_reference": "6Server-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-15.el6_2.1.s390 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390" }, "product_reference": "httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "relates_to_product_reference": "6Server-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x" }, "product_reference": "httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "relates_to_product_reference": "6Server-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64" }, "product_reference": "httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "relates_to_product_reference": "6Server-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-15.el6_2.1.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686" }, "product_reference": "httpd-devel-0:2.2.15-15.el6_2.1.i686", "relates_to_product_reference": "6Server-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-15.el6_2.1.ppc as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc" }, "product_reference": "httpd-devel-0:2.2.15-15.el6_2.1.ppc", "relates_to_product_reference": "6Server-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-15.el6_2.1.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64" }, "product_reference": "httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "relates_to_product_reference": "6Server-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-15.el6_2.1.s390 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390" }, "product_reference": "httpd-devel-0:2.2.15-15.el6_2.1.s390", "relates_to_product_reference": "6Server-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-15.el6_2.1.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x" }, "product_reference": "httpd-devel-0:2.2.15-15.el6_2.1.s390x", "relates_to_product_reference": "6Server-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-15.el6_2.1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64" }, "product_reference": "httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "relates_to_product_reference": "6Server-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.15-15.el6_2.1.noarch as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch" }, "product_reference": "httpd-manual-0:2.2.15-15.el6_2.1.noarch", "relates_to_product_reference": "6Server-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-15.el6_2.1.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686" }, "product_reference": "httpd-tools-0:2.2.15-15.el6_2.1.i686", "relates_to_product_reference": "6Server-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-15.el6_2.1.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64" }, "product_reference": "httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "relates_to_product_reference": "6Server-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-15.el6_2.1.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x" }, "product_reference": "httpd-tools-0:2.2.15-15.el6_2.1.s390x", "relates_to_product_reference": "6Server-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-15.el6_2.1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64" }, "product_reference": "httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "relates_to_product_reference": "6Server-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-15.el6_2.1.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686" }, "product_reference": "mod_ssl-1:2.2.15-15.el6_2.1.i686", "relates_to_product_reference": "6Server-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-15.el6_2.1.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64" }, "product_reference": "mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "relates_to_product_reference": "6Server-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-15.el6_2.1.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x" }, "product_reference": "mod_ssl-1:2.2.15-15.el6_2.1.s390x", "relates_to_product_reference": "6Server-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-15.el6_2.1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64" }, "product_reference": "mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "relates_to_product_reference": "6Server-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-15.el6_2.1.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686" }, "product_reference": "httpd-0:2.2.15-15.el6_2.1.i686", "relates_to_product_reference": "6Workstation-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-15.el6_2.1.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64" }, "product_reference": "httpd-0:2.2.15-15.el6_2.1.ppc64", "relates_to_product_reference": "6Workstation-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-15.el6_2.1.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x" }, "product_reference": "httpd-0:2.2.15-15.el6_2.1.s390x", "relates_to_product_reference": "6Workstation-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-15.el6_2.1.src as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.src" }, "product_reference": "httpd-0:2.2.15-15.el6_2.1.src", "relates_to_product_reference": "6Workstation-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-15.el6_2.1.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64" }, "product_reference": "httpd-0:2.2.15-15.el6_2.1.x86_64", "relates_to_product_reference": "6Workstation-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-15.el6_2.1.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686" }, "product_reference": "httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "relates_to_product_reference": "6Workstation-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc" }, "product_reference": "httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "relates_to_product_reference": "6Workstation-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64" }, "product_reference": "httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "relates_to_product_reference": "6Workstation-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-15.el6_2.1.s390 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390" }, "product_reference": "httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "relates_to_product_reference": "6Workstation-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x" }, "product_reference": "httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "relates_to_product_reference": "6Workstation-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64" }, "product_reference": "httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "relates_to_product_reference": "6Workstation-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-15.el6_2.1.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686" }, "product_reference": "httpd-devel-0:2.2.15-15.el6_2.1.i686", "relates_to_product_reference": "6Workstation-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-15.el6_2.1.ppc as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc" }, "product_reference": "httpd-devel-0:2.2.15-15.el6_2.1.ppc", "relates_to_product_reference": "6Workstation-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-15.el6_2.1.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64" }, "product_reference": "httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "relates_to_product_reference": "6Workstation-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-15.el6_2.1.s390 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390" }, "product_reference": "httpd-devel-0:2.2.15-15.el6_2.1.s390", "relates_to_product_reference": "6Workstation-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-15.el6_2.1.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x" }, "product_reference": "httpd-devel-0:2.2.15-15.el6_2.1.s390x", "relates_to_product_reference": "6Workstation-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-15.el6_2.1.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64" }, "product_reference": "httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "relates_to_product_reference": "6Workstation-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.15-15.el6_2.1.noarch as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch" }, "product_reference": "httpd-manual-0:2.2.15-15.el6_2.1.noarch", "relates_to_product_reference": "6Workstation-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-15.el6_2.1.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686" }, "product_reference": "httpd-tools-0:2.2.15-15.el6_2.1.i686", "relates_to_product_reference": "6Workstation-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-15.el6_2.1.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64" }, "product_reference": "httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "relates_to_product_reference": "6Workstation-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-15.el6_2.1.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x" }, "product_reference": "httpd-tools-0:2.2.15-15.el6_2.1.s390x", "relates_to_product_reference": "6Workstation-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-15.el6_2.1.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64" }, "product_reference": "httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "relates_to_product_reference": "6Workstation-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-15.el6_2.1.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686" }, "product_reference": "mod_ssl-1:2.2.15-15.el6_2.1.i686", "relates_to_product_reference": "6Workstation-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-15.el6_2.1.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64" }, "product_reference": "mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "relates_to_product_reference": "6Workstation-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-15.el6_2.1.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x" }, "product_reference": "mod_ssl-1:2.2.15-15.el6_2.1.s390x", "relates_to_product_reference": "6Workstation-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-15.el6_2.1.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64" }, "product_reference": "mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "relates_to_product_reference": "6Workstation-6.2.z" } ] }, "vulnerabilities": [ { "cve": "CVE-2011-3607", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2011-11-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "769844" } ], "notes": [ { "category": "description", "text": "Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: ap_pregsub Integer overflow to buffer overflow", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-3607" }, { "category": "external", "summary": "RHBZ#769844", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=769844" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-3607", "url": "https://www.cve.org/CVERecord?id=CVE-2011-3607" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-3607", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3607" } ], "release_date": "2011-11-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-02-13T20:28:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0128" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "httpd: ap_pregsub Integer overflow to buffer overflow" }, { "cve": "CVE-2011-3639", "discovery_date": "2011-10-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "752080" } ], "notes": [ { "category": "description", "text": "The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: http 0.9 request bypass of the reverse proxy vulnerability CVE-2011-3368 fix", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-3639" }, { "category": "external", "summary": "RHBZ#752080", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=752080" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-3639", "url": "https://www.cve.org/CVERecord?id=CVE-2011-3639" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-3639", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3639" } ], "release_date": "2011-10-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-02-13T20:28:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0128" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: http 0.9 request bypass of the reverse proxy vulnerability CVE-2011-3368 fix" }, { "cve": "CVE-2011-4317", "discovery_date": "2011-11-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "756483" } ], "notes": [ { "category": "description", "text": "The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: uri scheme bypass of the reverse proxy vulnerability CVE-2011-3368 fix", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue did not affect the versions of httpd as shipped with Red Hat Enterprise Linux 4 and 5 due to differences in apr-util\u0027s apr_uri_parse() implementation.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-4317" }, { "category": "external", "summary": "RHBZ#756483", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=756483" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-4317", "url": "https://www.cve.org/CVERecord?id=CVE-2011-4317" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-4317", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4317" }, { "category": "external", "summary": "https://community.qualys.com/blogs/securitylabs/2011/11/23/apache-reverse-proxy-bypass-issue", "url": "https://community.qualys.com/blogs/securitylabs/2011/11/23/apache-reverse-proxy-bypass-issue" } ], "release_date": "2011-11-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-02-13T20:28:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0128" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: uri scheme bypass of the reverse proxy vulnerability CVE-2011-3368 fix" }, { "cve": "CVE-2012-0031", "discovery_date": "2012-01-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "773744" } ], "notes": [ { "category": "description", "text": "scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: possible crash on shutdown due to flaw in scoreboard handling", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-0031" }, { "category": "external", "summary": "RHBZ#773744", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=773744" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-0031", "url": "https://www.cve.org/CVERecord?id=CVE-2012-0031" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-0031", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0031" } ], "release_date": "2012-01-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-02-13T20:28:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0128" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "httpd: possible crash on shutdown due to flaw in scoreboard handling" }, { "cve": "CVE-2012-0053", "discovery_date": "2012-01-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "785069" } ], "notes": [ { "category": "description", "text": "protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: cookie exposure due to error responses", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects httpd packages as shipped with Red Hat Enterprise Linux 3 and 4, which are now in the Extended Life Phase of their life cycle. Therefore this issue is not planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-0053" }, { "category": "external", "summary": "RHBZ#785069", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=785069" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-0053", "url": "https://www.cve.org/CVERecord?id=CVE-2012-0053" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-0053", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0053" } ], "release_date": "2012-01-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-02-13T20:28:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0128" }, { "category": "workaround", "details": "As noted in the original reporter\u0027s advisory (see comment #5), this issue can be mitigated by using a custom ErrorDocument setting, such as:\n\n ErrorDocument 400 \"Bad Request\"\n\n http://httpd.apache.org/docs/2.2/mod/core.html#errordocument\n\nIt should be noted that ErrorDocument setting using path or external URL does not mitigate this issue.\n\n\nIt should also be noted that this is not an issue by itself. This can only be exploited via some other cross-site scripting (XSS) flaw found in a web application running on the server and may allow injected JavaScript to gain access to HttpOnly cookies, if the application uses this protection for its cookies.", "product_ids": [ "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Client-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Client-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Client-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Client-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6ComputeNode-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6ComputeNode-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6ComputeNode-optional-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6ComputeNode-optional-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Server-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Server-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.src", "6Workstation-6.2.z:httpd-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-debuginfo-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-devel-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:httpd-manual-0:2.2.15-15.el6_2.1.noarch", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:httpd-tools-0:2.2.15-15.el6_2.1.x86_64", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.i686", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.ppc64", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.s390x", "6Workstation-6.2.z:mod_ssl-1:2.2.15-15.el6_2.1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: cookie exposure due to error responses" } ] }
rhsa-2012_0543
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for the Apache HTTP Server component for JBoss Enterprise Web\nServer 1.0.2 that fixes multiple security issues and one bug is now\navailable from the Red Hat Customer Portal.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "The Apache HTTP Server (\"httpd\") is the namesake project of The Apache\nSoftware Foundation.\n\nIt was discovered that the Apache HTTP Server did not properly validate the\nrequest URI for proxied requests. In certain configurations, if a reverse\nproxy used the ProxyPassMatch directive, or if it used the RewriteRule\ndirective with the proxy flag, a remote attacker could make the proxy\nconnect to an arbitrary server, possibly disclosing sensitive information\nfrom internal web servers not directly accessible to the attacker.\n(CVE-2011-3368)\n\nIt was discovered that mod_proxy_ajp incorrectly returned an \"Internal\nServer Error\" response when processing certain malformed HTTP requests,\nwhich caused the back-end server to be marked as failed in configurations\nwhere mod_proxy was used in load balancer mode. A remote attacker could\ncause mod_proxy to not send requests to back-end AJP (Apache JServ\nProtocol) servers for the retry timeout period or until all back-end\nservers were marked as failed. (CVE-2011-3348)\n\nThe httpd server included the full HTTP header line in the default error\npage generated when receiving an excessively long or malformed header.\nMalicious JavaScript running in the server\u0027s domain context could use this\nflaw to gain access to httpOnly cookies. (CVE-2012-0053)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way httpd performed substitutions in regular expressions. An\nattacker able to set certain httpd settings, such as a user permitted to\noverride the httpd configuration for a specific directory using a\n\".htaccess\" file, could use this flaw to crash the httpd child process or,\npossibly, execute arbitrary code with the privileges of the \"apache\" user.\n(CVE-2011-3607)\n\nA NULL pointer dereference flaw was found in the httpd mod_log_config\nmodule. In configurations where cookie logging is enabled, a remote\nattacker could use this flaw to crash the httpd child process via an HTTP\nrequest with a malformed Cookie header. (CVE-2012-0021)\n\nA flaw was found in the way httpd handled child process status information.\nA malicious program running with httpd child process privileges (such as a\nPHP or CGI script) could use this flaw to cause the parent httpd process to\ncrash during httpd service shutdown. (CVE-2012-0031)\n\nRed Hat would like to thank Context Information Security for reporting the\nCVE-2011-3368 issue.\n\nThis update also fixes the following bug:\n\n* The fix for CVE-2011-3192 provided by the RHSA-2011:1330 update\nintroduced a regression in the way httpd handled certain Range HTTP header\nvalues. This update corrects this regression. (BZ#749071)\n\nAll users of JBoss Enterprise Web Server 1.0.2 as provided from the Red Hat\nCustomer Portal are advised to apply this update.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2012:0543", "url": "https://access.redhat.com/errata/RHSA-2012:0543" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=webserver\u0026downloadType=securityPatches\u0026version=1.0.2", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=webserver\u0026downloadType=securityPatches\u0026version=1.0.2" }, { "category": "external", "summary": "https://rhn.redhat.com/errata/RHSA-2011-1330.html", "url": "https://rhn.redhat.com/errata/RHSA-2011-1330.html" }, { "category": "external", "summary": "736690", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=736690" }, { "category": "external", "summary": "740045", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=740045" }, { "category": "external", "summary": "769844", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=769844" }, { "category": "external", "summary": "773744", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=773744" }, { "category": "external", "summary": "785065", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=785065" }, { "category": "external", "summary": "785069", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=785069" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_0543.json" } ], "title": "Red Hat Security Advisory: httpd security and bug fix update", "tracking": { "current_release_date": "2024-11-22T05:04:30+00:00", "generator": { "date": "2024-11-22T05:04:30+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2012:0543", "initial_release_date": "2012-05-07T18:16:00+00:00", "revision_history": [ { "date": "2012-05-07T18:16:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2019-02-20T12:43:19+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T05:04:30+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Web Server 1.0", "product": { "name": "Red Hat JBoss Web Server 1.0", "product_id": "Red Hat JBoss Web Server 1.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1.0" } } } ], "category": "product_family", "name": "Red Hat JBoss Web Server" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2011-3348", "discovery_date": "2011-09-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "736690" } ], "notes": [ { "category": "description", "text": "The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary \"error state\" in the backend server) via a malformed HTTP request.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_proxy_ajp remote temporary DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue did not affect the versions of httpd as shipped with Red Hat Enterprise Linux 4 and 5 as this flaw was introduced in version 2.2.12.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Web Server 1.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-3348" }, { "category": "external", "summary": "RHBZ#736690", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=736690" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-3348", "url": "https://www.cve.org/CVERecord?id=CVE-2011-3348" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-3348", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3348" }, { "category": "external", "summary": "http://httpd.apache.org/security/vulnerabilities_22.html#2.2.21", "url": "http://httpd.apache.org/security/vulnerabilities_22.html#2.2.21" } ], "release_date": "2011-09-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-05-07T18:16:00+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise Web Server installation (including all\napplications and configuration files).\n\nThe Apache HTTP Server must be restarted for this update to take effect.", "product_ids": [ "Red Hat JBoss Web Server 1.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0543" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "Red Hat JBoss Web Server 1.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: mod_proxy_ajp remote temporary DoS" }, { "acknowledgments": [ { "names": [ "Context Information Security" ] } ], "cve": "CVE-2011-3368", "discovery_date": "2011-09-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "740045" } ], "notes": [ { "category": "description", "text": "The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: reverse web proxy vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Web Server 1.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-3368" }, { "category": "external", "summary": "RHBZ#740045", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=740045" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-3368", "url": "https://www.cve.org/CVERecord?id=CVE-2011-3368" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-3368", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3368" }, { "category": "external", "summary": "http://www.contextis.com/research/blog/reverseproxybypass/", "url": "http://www.contextis.com/research/blog/reverseproxybypass/" } ], "release_date": "2011-10-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-05-07T18:16:00+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise Web Server installation (including all\napplications and configuration files).\n\nThe Apache HTTP Server must be restarted for this update to take effect.", "product_ids": [ "Red Hat JBoss Web Server 1.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0543" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss Web Server 1.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: reverse web proxy vulnerability" }, { "cve": "CVE-2011-3607", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2011-11-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "769844" } ], "notes": [ { "category": "description", "text": "Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: ap_pregsub Integer overflow to buffer overflow", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Web Server 1.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-3607" }, { "category": "external", "summary": "RHBZ#769844", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=769844" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-3607", "url": "https://www.cve.org/CVERecord?id=CVE-2011-3607" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-3607", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3607" } ], "release_date": "2011-11-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-05-07T18:16:00+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise Web Server installation (including all\napplications and configuration files).\n\nThe Apache HTTP Server must be restarted for this update to take effect.", "product_ids": [ "Red Hat JBoss Web Server 1.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0543" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "Red Hat JBoss Web Server 1.0" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "httpd: ap_pregsub Integer overflow to buffer overflow" }, { "cve": "CVE-2012-0021", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2012-01-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "785065" } ], "notes": [ { "category": "description", "text": "The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: NULL pointer dereference crash in mod_log_config", "title": "Vulnerability summary" }, { "category": "other", "text": "Not vulnerable. This issue did not affect the versions of httpd as shipped with Red Hat Enterprise Linux 4, 5, or 6.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Web Server 1.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-0021" }, { "category": "external", "summary": "RHBZ#785065", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=785065" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-0021", "url": "https://www.cve.org/CVERecord?id=CVE-2012-0021" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-0021", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0021" } ], "release_date": "2011-11-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-05-07T18:16:00+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise Web Server installation (including all\napplications and configuration files).\n\nThe Apache HTTP Server must be restarted for this update to take effect.", "product_ids": [ "Red Hat JBoss Web Server 1.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0543" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "Red Hat JBoss Web Server 1.0" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "httpd: NULL pointer dereference crash in mod_log_config" }, { "cve": "CVE-2012-0031", "discovery_date": "2012-01-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "773744" } ], "notes": [ { "category": "description", "text": "scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: possible crash on shutdown due to flaw in scoreboard handling", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Web Server 1.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-0031" }, { "category": "external", "summary": "RHBZ#773744", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=773744" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-0031", "url": "https://www.cve.org/CVERecord?id=CVE-2012-0031" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-0031", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0031" } ], "release_date": "2012-01-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-05-07T18:16:00+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise Web Server installation (including all\napplications and configuration files).\n\nThe Apache HTTP Server must be restarted for this update to take effect.", "product_ids": [ "Red Hat JBoss Web Server 1.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0543" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "Red Hat JBoss Web Server 1.0" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "httpd: possible crash on shutdown due to flaw in scoreboard handling" }, { "cve": "CVE-2012-0053", "discovery_date": "2012-01-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "785069" } ], "notes": [ { "category": "description", "text": "protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: cookie exposure due to error responses", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects httpd packages as shipped with Red Hat Enterprise Linux 3 and 4, which are now in the Extended Life Phase of their life cycle. Therefore this issue is not planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Web Server 1.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-0053" }, { "category": "external", "summary": "RHBZ#785069", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=785069" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-0053", "url": "https://www.cve.org/CVERecord?id=CVE-2012-0053" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-0053", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0053" } ], "release_date": "2012-01-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-05-07T18:16:00+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise Web Server installation (including all\napplications and configuration files).\n\nThe Apache HTTP Server must be restarted for this update to take effect.", "product_ids": [ "Red Hat JBoss Web Server 1.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0543" }, { "category": "workaround", "details": "As noted in the original reporter\u0027s advisory (see comment #5), this issue can be mitigated by using a custom ErrorDocument setting, such as:\n\n ErrorDocument 400 \"Bad Request\"\n\n http://httpd.apache.org/docs/2.2/mod/core.html#errordocument\n\nIt should be noted that ErrorDocument setting using path or external URL does not mitigate this issue.\n\n\nIt should also be noted that this is not an issue by itself. This can only be exploited via some other cross-site scripting (XSS) flaw found in a web application running on the server and may allow injected JavaScript to gain access to HttpOnly cookies, if the application uses this protection for its cookies.", "product_ids": [ "Red Hat JBoss Web Server 1.0" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss Web Server 1.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: cookie exposure due to error responses" } ] }
rhsa-2012_0542
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated httpd packages that fix multiple security issues and one bug are\nnow available for JBoss Enterprise Web Server 1.0.2 for Red Hat Enterprise\nLinux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "The Apache HTTP Server (\"httpd\") is the namesake project of The Apache\nSoftware Foundation.\n\nIt was discovered that the Apache HTTP Server did not properly validate the\nrequest URI for proxied requests. In certain configurations, if a reverse\nproxy used the ProxyPassMatch directive, or if it used the RewriteRule\ndirective with the proxy flag, a remote attacker could make the proxy\nconnect to an arbitrary server, possibly disclosing sensitive information\nfrom internal web servers not directly accessible to the attacker.\n(CVE-2011-3368)\n\nIt was discovered that mod_proxy_ajp incorrectly returned an \"Internal\nServer Error\" response when processing certain malformed HTTP requests,\nwhich caused the back-end server to be marked as failed in configurations\nwhere mod_proxy was used in load balancer mode. A remote attacker could\ncause mod_proxy to not send requests to back-end AJP (Apache JServ\nProtocol) servers for the retry timeout period or until all back-end\nservers were marked as failed. (CVE-2011-3348)\n\nThe httpd server included the full HTTP header line in the default error\npage generated when receiving an excessively long or malformed header.\nMalicious JavaScript running in the server\u0027s domain context could use this\nflaw to gain access to httpOnly cookies. (CVE-2012-0053)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way httpd performed substitutions in regular expressions. An\nattacker able to set certain httpd settings, such as a user permitted to\noverride the httpd configuration for a specific directory using a\n\".htaccess\" file, could use this flaw to crash the httpd child process or,\npossibly, execute arbitrary code with the privileges of the \"apache\" user.\n(CVE-2011-3607)\n\nA NULL pointer dereference flaw was found in the httpd mod_log_config\nmodule. In configurations where cookie logging is enabled, a remote\nattacker could use this flaw to crash the httpd child process via an HTTP\nrequest with a malformed Cookie header. (CVE-2012-0021)\n\nA flaw was found in the way httpd handled child process status information.\nA malicious program running with httpd child process privileges (such as a\nPHP or CGI script) could use this flaw to cause the parent httpd process to\ncrash during httpd service shutdown. (CVE-2012-0031)\n\nRed Hat would like to thank Context Information Security for reporting the\nCVE-2011-3368 issue.\n\nThis update also fixes the following bug:\n\n* The fix for CVE-2011-3192 provided by the RHSA-2011:1329 update\nintroduced a regression in the way httpd handled certain Range HTTP header\nvalues. This update corrects this regression. (BZ#749071)\n\nAll users of JBoss Enterprise Web Server 1.0.2 should upgrade to these\nupdated packages, which contain backported patches to correct these issues.\nAfter installing the updated packages, users must restart the httpd\nservice for the update to take effect.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2012:0542", "url": "https://access.redhat.com/errata/RHSA-2012:0542" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://rhn.redhat.com/errata/RHSA-2011-1329.html", "url": "https://rhn.redhat.com/errata/RHSA-2011-1329.html" }, { "category": "external", "summary": "736690", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=736690" }, { "category": "external", "summary": "740045", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=740045" }, { "category": "external", "summary": "749071", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=749071" }, { "category": "external", "summary": "769844", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=769844" }, { "category": "external", "summary": "773744", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=773744" }, { "category": "external", "summary": "785065", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=785065" }, { "category": "external", "summary": "785069", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=785069" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_0542.json" } ], "title": "Red Hat Security Advisory: httpd security and bug fix update", "tracking": { "current_release_date": "2024-11-22T05:04:26+00:00", "generator": { "date": "2024-11-22T05:04:26+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2012:0542", "initial_release_date": "2012-05-07T18:13:00+00:00", "revision_history": [ { "date": "2012-05-07T18:13:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2012-05-07T18:22:44+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T05:04:26+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product": { "name": "Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1::el5" } } }, { "category": "product_name", "name": "Red Hat JBoss Enterprise Web Server 1 for RHEL 6 Server", "product": { "name": "Red Hat JBoss Enterprise Web Server 1 for RHEL 6 Server", "product_id": "6Server-JBEWS-1", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1::el6" } } } ], "category": "product_family", "name": "Red Hat JBoss Web Server" }, { "branches": [ { "category": "product_version", "name": "httpd-manual-0:2.2.17-15.4.ep5.el5.i386", "product": { "name": "httpd-manual-0:2.2.17-15.4.ep5.el5.i386", "product_id": "httpd-manual-0:2.2.17-15.4.ep5.el5.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-manual@2.2.17-15.4.ep5.el5?arch=i386" } } }, { "category": "product_version", "name": "httpd-0:2.2.17-15.4.ep5.el5.i386", "product": { "name": "httpd-0:2.2.17-15.4.ep5.el5.i386", "product_id": "httpd-0:2.2.17-15.4.ep5.el5.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.17-15.4.ep5.el5?arch=i386" } } }, { "category": "product_version", "name": "mod_ssl-1:2.2.17-15.4.ep5.el5.i386", "product": { "name": "mod_ssl-1:2.2.17-15.4.ep5.el5.i386", "product_id": "mod_ssl-1:2.2.17-15.4.ep5.el5.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.2.17-15.4.ep5.el5?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-devel-0:2.2.17-15.4.ep5.el5.i386", "product": { "name": "httpd-devel-0:2.2.17-15.4.ep5.el5.i386", "product_id": "httpd-devel-0:2.2.17-15.4.ep5.el5.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.17-15.4.ep5.el5?arch=i386" } } }, { "category": "product_version", "name": "httpd-devel-0:2.2.17-15.4.ep5.el6.i386", "product": { "name": "httpd-devel-0:2.2.17-15.4.ep5.el6.i386", "product_id": "httpd-devel-0:2.2.17-15.4.ep5.el6.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.17-15.4.ep5.el6?arch=i386" } } }, { "category": "product_version", "name": "httpd-tools-0:2.2.17-15.4.ep5.el6.i386", "product": { "name": "httpd-tools-0:2.2.17-15.4.ep5.el6.i386", "product_id": "httpd-tools-0:2.2.17-15.4.ep5.el6.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools@2.2.17-15.4.ep5.el6?arch=i386" } } }, { "category": "product_version", "name": "httpd-manual-0:2.2.17-15.4.ep5.el6.i386", "product": { "name": "httpd-manual-0:2.2.17-15.4.ep5.el6.i386", "product_id": "httpd-manual-0:2.2.17-15.4.ep5.el6.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-manual@2.2.17-15.4.ep5.el6?arch=i386" } } }, { "category": "product_version", "name": "httpd-0:2.2.17-15.4.ep5.el6.i386", "product": { "name": "httpd-0:2.2.17-15.4.ep5.el6.i386", "product_id": "httpd-0:2.2.17-15.4.ep5.el6.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.17-15.4.ep5.el6?arch=i386" } } }, { "category": "product_version", "name": "mod_ssl-1:2.2.17-15.4.ep5.el6.i386", "product": { "name": "mod_ssl-1:2.2.17-15.4.ep5.el6.i386", "product_id": "mod_ssl-1:2.2.17-15.4.ep5.el6.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.2.17-15.4.ep5.el6?arch=i386\u0026epoch=1" } } } ], "category": "architecture", "name": "i386" }, { "branches": [ { "category": "product_version", "name": "httpd-manual-0:2.2.17-15.4.ep5.el5.x86_64", "product": { "name": "httpd-manual-0:2.2.17-15.4.ep5.el5.x86_64", "product_id": "httpd-manual-0:2.2.17-15.4.ep5.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-manual@2.2.17-15.4.ep5.el5?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-0:2.2.17-15.4.ep5.el5.x86_64", "product": { "name": "httpd-0:2.2.17-15.4.ep5.el5.x86_64", "product_id": "httpd-0:2.2.17-15.4.ep5.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.17-15.4.ep5.el5?arch=x86_64" } } }, { "category": "product_version", "name": "mod_ssl-1:2.2.17-15.4.ep5.el5.x86_64", "product": { "name": "mod_ssl-1:2.2.17-15.4.ep5.el5.x86_64", "product_id": "mod_ssl-1:2.2.17-15.4.ep5.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.2.17-15.4.ep5.el5?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-devel-0:2.2.17-15.4.ep5.el5.x86_64", "product": { "name": "httpd-devel-0:2.2.17-15.4.ep5.el5.x86_64", "product_id": "httpd-devel-0:2.2.17-15.4.ep5.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.17-15.4.ep5.el5?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-devel-0:2.2.17-15.4.ep5.el6.x86_64", "product": { "name": "httpd-devel-0:2.2.17-15.4.ep5.el6.x86_64", "product_id": "httpd-devel-0:2.2.17-15.4.ep5.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.17-15.4.ep5.el6?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-tools-0:2.2.17-15.4.ep5.el6.x86_64", "product": { "name": "httpd-tools-0:2.2.17-15.4.ep5.el6.x86_64", "product_id": "httpd-tools-0:2.2.17-15.4.ep5.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools@2.2.17-15.4.ep5.el6?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-manual-0:2.2.17-15.4.ep5.el6.x86_64", "product": { "name": "httpd-manual-0:2.2.17-15.4.ep5.el6.x86_64", "product_id": "httpd-manual-0:2.2.17-15.4.ep5.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-manual@2.2.17-15.4.ep5.el6?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-0:2.2.17-15.4.ep5.el6.x86_64", "product": { "name": "httpd-0:2.2.17-15.4.ep5.el6.x86_64", "product_id": "httpd-0:2.2.17-15.4.ep5.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.17-15.4.ep5.el6?arch=x86_64" } } }, { "category": "product_version", "name": "mod_ssl-1:2.2.17-15.4.ep5.el6.x86_64", "product": { "name": "mod_ssl-1:2.2.17-15.4.ep5.el6.x86_64", "product_id": "mod_ssl-1:2.2.17-15.4.ep5.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.2.17-15.4.ep5.el6?arch=x86_64\u0026epoch=1" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "httpd-0:2.2.17-15.4.ep5.el5.src", "product": { "name": "httpd-0:2.2.17-15.4.ep5.el5.src", "product_id": "httpd-0:2.2.17-15.4.ep5.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.17-15.4.ep5.el5?arch=src" } } }, { "category": "product_version", "name": "httpd-0:2.2.17-15.4.ep5.el6.src", "product": { "name": "httpd-0:2.2.17-15.4.ep5.el6.src", "product_id": "httpd-0:2.2.17-15.4.ep5.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.17-15.4.ep5.el6?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.17-15.4.ep5.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.i386" }, "product_reference": "httpd-0:2.2.17-15.4.ep5.el5.i386", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.17-15.4.ep5.el5.src as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.src" }, "product_reference": "httpd-0:2.2.17-15.4.ep5.el5.src", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.17-15.4.ep5.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.x86_64" }, "product_reference": "httpd-0:2.2.17-15.4.ep5.el5.x86_64", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.17-15.4.ep5.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.17-15.4.ep5.el5.i386" }, "product_reference": "httpd-devel-0:2.2.17-15.4.ep5.el5.i386", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.17-15.4.ep5.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.17-15.4.ep5.el5.x86_64" }, "product_reference": "httpd-devel-0:2.2.17-15.4.ep5.el5.x86_64", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.17-15.4.ep5.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.17-15.4.ep5.el5.i386" }, "product_reference": "httpd-manual-0:2.2.17-15.4.ep5.el5.i386", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.17-15.4.ep5.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.17-15.4.ep5.el5.x86_64" }, "product_reference": "httpd-manual-0:2.2.17-15.4.ep5.el5.x86_64", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.17-15.4.ep5.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.17-15.4.ep5.el5.i386" }, "product_reference": "mod_ssl-1:2.2.17-15.4.ep5.el5.i386", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.17-15.4.ep5.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.17-15.4.ep5.el5.x86_64" }, "product_reference": "mod_ssl-1:2.2.17-15.4.ep5.el5.x86_64", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.17-15.4.ep5.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 6 Server", "product_id": "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.i386" }, "product_reference": "httpd-0:2.2.17-15.4.ep5.el6.i386", "relates_to_product_reference": "6Server-JBEWS-1" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.17-15.4.ep5.el6.src as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 6 Server", "product_id": "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.src" }, "product_reference": "httpd-0:2.2.17-15.4.ep5.el6.src", "relates_to_product_reference": "6Server-JBEWS-1" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.17-15.4.ep5.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 6 Server", "product_id": "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.x86_64" }, "product_reference": "httpd-0:2.2.17-15.4.ep5.el6.x86_64", "relates_to_product_reference": "6Server-JBEWS-1" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.17-15.4.ep5.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 6 Server", "product_id": "6Server-JBEWS-1:httpd-devel-0:2.2.17-15.4.ep5.el6.i386" }, "product_reference": "httpd-devel-0:2.2.17-15.4.ep5.el6.i386", "relates_to_product_reference": "6Server-JBEWS-1" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.17-15.4.ep5.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 6 Server", "product_id": "6Server-JBEWS-1:httpd-devel-0:2.2.17-15.4.ep5.el6.x86_64" }, "product_reference": "httpd-devel-0:2.2.17-15.4.ep5.el6.x86_64", "relates_to_product_reference": "6Server-JBEWS-1" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.17-15.4.ep5.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 6 Server", "product_id": "6Server-JBEWS-1:httpd-manual-0:2.2.17-15.4.ep5.el6.i386" }, "product_reference": "httpd-manual-0:2.2.17-15.4.ep5.el6.i386", "relates_to_product_reference": "6Server-JBEWS-1" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.17-15.4.ep5.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 6 Server", "product_id": "6Server-JBEWS-1:httpd-manual-0:2.2.17-15.4.ep5.el6.x86_64" }, "product_reference": "httpd-manual-0:2.2.17-15.4.ep5.el6.x86_64", "relates_to_product_reference": "6Server-JBEWS-1" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.17-15.4.ep5.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 6 Server", "product_id": "6Server-JBEWS-1:httpd-tools-0:2.2.17-15.4.ep5.el6.i386" }, "product_reference": "httpd-tools-0:2.2.17-15.4.ep5.el6.i386", "relates_to_product_reference": "6Server-JBEWS-1" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.17-15.4.ep5.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 6 Server", "product_id": "6Server-JBEWS-1:httpd-tools-0:2.2.17-15.4.ep5.el6.x86_64" }, "product_reference": "httpd-tools-0:2.2.17-15.4.ep5.el6.x86_64", "relates_to_product_reference": "6Server-JBEWS-1" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.17-15.4.ep5.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 6 Server", "product_id": "6Server-JBEWS-1:mod_ssl-1:2.2.17-15.4.ep5.el6.i386" }, "product_reference": "mod_ssl-1:2.2.17-15.4.ep5.el6.i386", "relates_to_product_reference": "6Server-JBEWS-1" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.17-15.4.ep5.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 6 Server", "product_id": "6Server-JBEWS-1:mod_ssl-1:2.2.17-15.4.ep5.el6.x86_64" }, "product_reference": "mod_ssl-1:2.2.17-15.4.ep5.el6.x86_64", "relates_to_product_reference": "6Server-JBEWS-1" } ] }, "vulnerabilities": [ { "cve": "CVE-2011-3348", "discovery_date": "2011-09-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "736690" } ], "notes": [ { "category": "description", "text": "The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary \"error state\" in the backend server) via a malformed HTTP request.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_proxy_ajp remote temporary DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue did not affect the versions of httpd as shipped with Red Hat Enterprise Linux 4 and 5 as this flaw was introduced in version 2.2.12.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.17-15.4.ep5.el5.x86_64", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.src", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-devel-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-devel-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-manual-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-manual-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-tools-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-tools-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:mod_ssl-1:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:mod_ssl-1:2.2.17-15.4.ep5.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-3348" }, { "category": "external", "summary": "RHBZ#736690", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=736690" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-3348", "url": "https://www.cve.org/CVERecord?id=CVE-2011-3348" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-3348", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3348" }, { "category": "external", "summary": "http://httpd.apache.org/security/vulnerabilities_22.html#2.2.21", "url": "http://httpd.apache.org/security/vulnerabilities_22.html#2.2.21" } ], "release_date": "2011-09-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-05-07T18:13:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.17-15.4.ep5.el5.x86_64", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.src", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-devel-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-devel-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-manual-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-manual-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-tools-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-tools-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:mod_ssl-1:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:mod_ssl-1:2.2.17-15.4.ep5.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0542" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.17-15.4.ep5.el5.x86_64", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.src", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-devel-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-devel-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-manual-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-manual-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-tools-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-tools-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:mod_ssl-1:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:mod_ssl-1:2.2.17-15.4.ep5.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: mod_proxy_ajp remote temporary DoS" }, { "acknowledgments": [ { "names": [ "Context Information Security" ] } ], "cve": "CVE-2011-3368", "discovery_date": "2011-09-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "740045" } ], "notes": [ { "category": "description", "text": "The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: reverse web proxy vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.17-15.4.ep5.el5.x86_64", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.src", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-devel-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-devel-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-manual-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-manual-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-tools-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-tools-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:mod_ssl-1:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:mod_ssl-1:2.2.17-15.4.ep5.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-3368" }, { "category": "external", "summary": "RHBZ#740045", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=740045" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-3368", "url": "https://www.cve.org/CVERecord?id=CVE-2011-3368" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-3368", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3368" }, { "category": "external", "summary": "http://www.contextis.com/research/blog/reverseproxybypass/", "url": "http://www.contextis.com/research/blog/reverseproxybypass/" } ], "release_date": "2011-10-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-05-07T18:13:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.17-15.4.ep5.el5.x86_64", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.src", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-devel-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-devel-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-manual-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-manual-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-tools-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-tools-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:mod_ssl-1:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:mod_ssl-1:2.2.17-15.4.ep5.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0542" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.17-15.4.ep5.el5.x86_64", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.src", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-devel-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-devel-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-manual-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-manual-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-tools-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-tools-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:mod_ssl-1:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:mod_ssl-1:2.2.17-15.4.ep5.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: reverse web proxy vulnerability" }, { "cve": "CVE-2011-3607", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2011-11-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "769844" } ], "notes": [ { "category": "description", "text": "Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: ap_pregsub Integer overflow to buffer overflow", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.17-15.4.ep5.el5.x86_64", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.src", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-devel-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-devel-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-manual-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-manual-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-tools-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-tools-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:mod_ssl-1:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:mod_ssl-1:2.2.17-15.4.ep5.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-3607" }, { "category": "external", "summary": "RHBZ#769844", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=769844" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-3607", "url": "https://www.cve.org/CVERecord?id=CVE-2011-3607" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-3607", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3607" } ], "release_date": "2011-11-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-05-07T18:13:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.17-15.4.ep5.el5.x86_64", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.src", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-devel-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-devel-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-manual-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-manual-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-tools-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-tools-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:mod_ssl-1:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:mod_ssl-1:2.2.17-15.4.ep5.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0542" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.17-15.4.ep5.el5.x86_64", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.src", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-devel-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-devel-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-manual-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-manual-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-tools-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-tools-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:mod_ssl-1:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:mod_ssl-1:2.2.17-15.4.ep5.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "httpd: ap_pregsub Integer overflow to buffer overflow" }, { "cve": "CVE-2012-0021", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2012-01-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "785065" } ], "notes": [ { "category": "description", "text": "The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: NULL pointer dereference crash in mod_log_config", "title": "Vulnerability summary" }, { "category": "other", "text": "Not vulnerable. This issue did not affect the versions of httpd as shipped with Red Hat Enterprise Linux 4, 5, or 6.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.17-15.4.ep5.el5.x86_64", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.src", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-devel-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-devel-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-manual-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-manual-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-tools-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-tools-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:mod_ssl-1:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:mod_ssl-1:2.2.17-15.4.ep5.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-0021" }, { "category": "external", "summary": "RHBZ#785065", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=785065" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-0021", "url": "https://www.cve.org/CVERecord?id=CVE-2012-0021" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-0021", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0021" } ], "release_date": "2011-11-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-05-07T18:13:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.17-15.4.ep5.el5.x86_64", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.src", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-devel-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-devel-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-manual-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-manual-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-tools-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-tools-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:mod_ssl-1:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:mod_ssl-1:2.2.17-15.4.ep5.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0542" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.17-15.4.ep5.el5.x86_64", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.src", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-devel-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-devel-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-manual-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-manual-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-tools-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-tools-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:mod_ssl-1:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:mod_ssl-1:2.2.17-15.4.ep5.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "httpd: NULL pointer dereference crash in mod_log_config" }, { "cve": "CVE-2012-0031", "discovery_date": "2012-01-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "773744" } ], "notes": [ { "category": "description", "text": "scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: possible crash on shutdown due to flaw in scoreboard handling", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.17-15.4.ep5.el5.x86_64", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.src", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-devel-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-devel-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-manual-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-manual-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-tools-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-tools-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:mod_ssl-1:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:mod_ssl-1:2.2.17-15.4.ep5.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-0031" }, { "category": "external", "summary": "RHBZ#773744", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=773744" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-0031", "url": "https://www.cve.org/CVERecord?id=CVE-2012-0031" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-0031", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0031" } ], "release_date": "2012-01-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-05-07T18:13:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.17-15.4.ep5.el5.x86_64", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.src", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-devel-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-devel-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-manual-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-manual-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-tools-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-tools-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:mod_ssl-1:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:mod_ssl-1:2.2.17-15.4.ep5.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0542" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.17-15.4.ep5.el5.x86_64", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.src", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-devel-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-devel-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-manual-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-manual-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-tools-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-tools-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:mod_ssl-1:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:mod_ssl-1:2.2.17-15.4.ep5.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "httpd: possible crash on shutdown due to flaw in scoreboard handling" }, { "cve": "CVE-2012-0053", "discovery_date": "2012-01-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "785069" } ], "notes": [ { "category": "description", "text": "protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: cookie exposure due to error responses", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects httpd packages as shipped with Red Hat Enterprise Linux 3 and 4, which are now in the Extended Life Phase of their life cycle. Therefore this issue is not planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.17-15.4.ep5.el5.x86_64", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.src", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-devel-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-devel-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-manual-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-manual-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-tools-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-tools-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:mod_ssl-1:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:mod_ssl-1:2.2.17-15.4.ep5.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-0053" }, { "category": "external", "summary": "RHBZ#785069", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=785069" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-0053", "url": "https://www.cve.org/CVERecord?id=CVE-2012-0053" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-0053", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0053" } ], "release_date": "2012-01-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-05-07T18:13:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.17-15.4.ep5.el5.x86_64", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.src", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-devel-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-devel-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-manual-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-manual-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-tools-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-tools-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:mod_ssl-1:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:mod_ssl-1:2.2.17-15.4.ep5.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0542" }, { "category": "workaround", "details": "As noted in the original reporter\u0027s advisory (see comment #5), this issue can be mitigated by using a custom ErrorDocument setting, such as:\n\n ErrorDocument 400 \"Bad Request\"\n\n http://httpd.apache.org/docs/2.2/mod/core.html#errordocument\n\nIt should be noted that ErrorDocument setting using path or external URL does not mitigate this issue.\n\n\nIt should also be noted that this is not an issue by itself. This can only be exploited via some other cross-site scripting (XSS) flaw found in a web application running on the server and may allow injected JavaScript to gain access to HttpOnly cookies, if the application uses this protection for its cookies.", "product_ids": [ "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.17-15.4.ep5.el5.x86_64", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.src", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-devel-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-devel-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-manual-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-manual-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-tools-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-tools-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:mod_ssl-1:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:mod_ssl-1:2.2.17-15.4.ep5.el6.x86_64" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.17-15.4.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.17-15.4.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.17-15.4.ep5.el5.x86_64", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.src", "6Server-JBEWS-1:httpd-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-devel-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-devel-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-manual-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-manual-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:httpd-tools-0:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:httpd-tools-0:2.2.17-15.4.ep5.el6.x86_64", "6Server-JBEWS-1:mod_ssl-1:2.2.17-15.4.ep5.el6.i386", "6Server-JBEWS-1:mod_ssl-1:2.2.17-15.4.ep5.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: cookie exposure due to error responses" } ] }
rhsa-2012_0323
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated httpd packages that fix multiple security issues are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "The Apache HTTP Server is a popular web server.\n\nIt was discovered that the fix for CVE-2011-3368 (released via\nRHSA-2011:1392) did not completely address the problem. An attacker could\nbypass the fix and make a reverse proxy connect to an arbitrary server not\ndirectly accessible to the attacker by sending an HTTP version 0.9 request.\n(CVE-2011-3639)\n\nThe httpd server included the full HTTP header line in the default error\npage generated when receiving an excessively long or malformed header.\nMalicious JavaScript running in the server\u0027s domain context could use this\nflaw to gain access to httpOnly cookies. (CVE-2012-0053)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way httpd performed substitutions in regular expressions. An\nattacker able to set certain httpd settings, such as a user permitted to\noverride the httpd configuration for a specific directory using a\n\".htaccess\" file, could use this flaw to crash the httpd child process or,\npossibly, execute arbitrary code with the privileges of the \"apache\" user.\n(CVE-2011-3607)\n\nA flaw was found in the way httpd handled child process status information.\nA malicious program running with httpd child process privileges (such as a\nPHP or CGI script) could use this flaw to cause the parent httpd process to\ncrash during httpd service shutdown. (CVE-2012-0031)\n\nAll httpd users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, the httpd daemon will be restarted automatically.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2012:0323", "url": "https://access.redhat.com/errata/RHSA-2012:0323" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://rhn.redhat.com/errata/RHSA-2011-1392.html", "url": "https://rhn.redhat.com/errata/RHSA-2011-1392.html" }, { "category": "external", "summary": "752080", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=752080" }, { "category": "external", "summary": "769844", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=769844" }, { "category": "external", "summary": "773744", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=773744" }, { "category": "external", "summary": "785069", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=785069" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_0323.json" } ], "title": "Red Hat Security Advisory: httpd security update", "tracking": { "current_release_date": "2024-11-22T05:04:22+00:00", "generator": { "date": "2024-11-22T05:04:22+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2012:0323", "initial_release_date": "2012-02-21T21:49:00+00:00", "revision_history": [ { "date": "2012-02-21T21:49:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2012-02-21T21:57:25+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T05:04:22+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop (v. 5 client)", "product": { "name": "Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:5::client" } } }, { "category": "product_name", "name": "RHEL Desktop Workstation (v. 5 client)", "product": { "name": "RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:5::client_workstation" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux (v. 5 server)", "product": { "name": "Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:5::server" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "mod_ssl-1:2.2.3-63.el5_8.1.i386", "product": { "name": "mod_ssl-1:2.2.3-63.el5_8.1.i386", "product_id": "mod_ssl-1:2.2.3-63.el5_8.1.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.2.3-63.el5_8.1?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-0:2.2.3-63.el5_8.1.i386", "product": { "name": "httpd-0:2.2.3-63.el5_8.1.i386", "product_id": "httpd-0:2.2.3-63.el5_8.1.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.3-63.el5_8.1?arch=i386" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "product": { "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "product_id": "httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.3-63.el5_8.1?arch=i386" } } }, { "category": "product_version", "name": "httpd-manual-0:2.2.3-63.el5_8.1.i386", "product": { "name": "httpd-manual-0:2.2.3-63.el5_8.1.i386", "product_id": "httpd-manual-0:2.2.3-63.el5_8.1.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-manual@2.2.3-63.el5_8.1?arch=i386" } } }, { "category": "product_version", "name": "httpd-devel-0:2.2.3-63.el5_8.1.i386", "product": { "name": "httpd-devel-0:2.2.3-63.el5_8.1.i386", "product_id": "httpd-devel-0:2.2.3-63.el5_8.1.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.3-63.el5_8.1?arch=i386" } } } ], "category": "architecture", "name": "i386" }, { "branches": [ { "category": "product_version", "name": "mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "product": { "name": "mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "product_id": "mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.2.3-63.el5_8.1?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-0:2.2.3-63.el5_8.1.x86_64", "product": { "name": "httpd-0:2.2.3-63.el5_8.1.x86_64", "product_id": "httpd-0:2.2.3-63.el5_8.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.3-63.el5_8.1?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "product": { "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "product_id": "httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.3-63.el5_8.1?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "product": { "name": "httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "product_id": "httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-manual@2.2.3-63.el5_8.1?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "product": { "name": "httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "product_id": "httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.3-63.el5_8.1?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "httpd-0:2.2.3-63.el5_8.1.src", "product": { "name": "httpd-0:2.2.3-63.el5_8.1.src", "product_id": "httpd-0:2.2.3-63.el5_8.1.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.3-63.el5_8.1?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "mod_ssl-1:2.2.3-63.el5_8.1.ia64", "product": { "name": "mod_ssl-1:2.2.3-63.el5_8.1.ia64", "product_id": "mod_ssl-1:2.2.3-63.el5_8.1.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.2.3-63.el5_8.1?arch=ia64\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-manual-0:2.2.3-63.el5_8.1.ia64", "product": { "name": "httpd-manual-0:2.2.3-63.el5_8.1.ia64", "product_id": "httpd-manual-0:2.2.3-63.el5_8.1.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-manual@2.2.3-63.el5_8.1?arch=ia64" } } }, { "category": "product_version", "name": "httpd-devel-0:2.2.3-63.el5_8.1.ia64", "product": { "name": "httpd-devel-0:2.2.3-63.el5_8.1.ia64", "product_id": "httpd-devel-0:2.2.3-63.el5_8.1.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.3-63.el5_8.1?arch=ia64" } } }, { "category": "product_version", "name": "httpd-0:2.2.3-63.el5_8.1.ia64", "product": { "name": "httpd-0:2.2.3-63.el5_8.1.ia64", "product_id": "httpd-0:2.2.3-63.el5_8.1.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.3-63.el5_8.1?arch=ia64" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "product": { "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "product_id": "httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.3-63.el5_8.1?arch=ia64" } } } ], "category": "architecture", "name": "ia64" }, { "branches": [ { "category": "product_version", "name": "mod_ssl-1:2.2.3-63.el5_8.1.ppc", "product": { "name": "mod_ssl-1:2.2.3-63.el5_8.1.ppc", "product_id": "mod_ssl-1:2.2.3-63.el5_8.1.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.2.3-63.el5_8.1?arch=ppc\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-manual-0:2.2.3-63.el5_8.1.ppc", "product": { "name": "httpd-manual-0:2.2.3-63.el5_8.1.ppc", "product_id": "httpd-manual-0:2.2.3-63.el5_8.1.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-manual@2.2.3-63.el5_8.1?arch=ppc" } } }, { "category": "product_version", "name": "httpd-devel-0:2.2.3-63.el5_8.1.ppc", "product": { "name": "httpd-devel-0:2.2.3-63.el5_8.1.ppc", "product_id": "httpd-devel-0:2.2.3-63.el5_8.1.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.3-63.el5_8.1?arch=ppc" } } }, { "category": "product_version", "name": "httpd-0:2.2.3-63.el5_8.1.ppc", "product": { "name": "httpd-0:2.2.3-63.el5_8.1.ppc", "product_id": "httpd-0:2.2.3-63.el5_8.1.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.3-63.el5_8.1?arch=ppc" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "product": { "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "product_id": "httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.3-63.el5_8.1?arch=ppc" } } } ], "category": "architecture", "name": "ppc" }, { "branches": [ { "category": "product_version", "name": "httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "product": { "name": "httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "product_id": "httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.3-63.el5_8.1?arch=ppc64" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "product": { "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "product_id": "httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.3-63.el5_8.1?arch=ppc64" } } } ], "category": "architecture", "name": "ppc64" }, { "branches": [ { "category": "product_version", "name": "mod_ssl-1:2.2.3-63.el5_8.1.s390x", "product": { "name": "mod_ssl-1:2.2.3-63.el5_8.1.s390x", "product_id": "mod_ssl-1:2.2.3-63.el5_8.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.2.3-63.el5_8.1?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-manual-0:2.2.3-63.el5_8.1.s390x", "product": { "name": "httpd-manual-0:2.2.3-63.el5_8.1.s390x", "product_id": "httpd-manual-0:2.2.3-63.el5_8.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-manual@2.2.3-63.el5_8.1?arch=s390x" } } }, { "category": "product_version", "name": "httpd-devel-0:2.2.3-63.el5_8.1.s390x", "product": { "name": "httpd-devel-0:2.2.3-63.el5_8.1.s390x", "product_id": "httpd-devel-0:2.2.3-63.el5_8.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.3-63.el5_8.1?arch=s390x" } } }, { "category": "product_version", "name": "httpd-0:2.2.3-63.el5_8.1.s390x", "product": { "name": "httpd-0:2.2.3-63.el5_8.1.s390x", "product_id": "httpd-0:2.2.3-63.el5_8.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.3-63.el5_8.1?arch=s390x" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "product": { "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "product_id": "httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.3-63.el5_8.1?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "httpd-devel-0:2.2.3-63.el5_8.1.s390", "product": { "name": "httpd-devel-0:2.2.3-63.el5_8.1.s390", "product_id": "httpd-devel-0:2.2.3-63.el5_8.1.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.3-63.el5_8.1?arch=s390" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "product": { "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "product_id": "httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.3-63.el5_8.1?arch=s390" } } } ], "category": "architecture", "name": "s390" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.3-63.el5_8.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386" }, "product_reference": "httpd-0:2.2.3-63.el5_8.1.i386", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.3-63.el5_8.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64" }, "product_reference": "httpd-0:2.2.3-63.el5_8.1.ia64", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.3-63.el5_8.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc" }, "product_reference": "httpd-0:2.2.3-63.el5_8.1.ppc", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.3-63.el5_8.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x" }, "product_reference": "httpd-0:2.2.3-63.el5_8.1.s390x", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.3-63.el5_8.1.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src" }, "product_reference": "httpd-0:2.2.3-63.el5_8.1.src", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.3-63.el5_8.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64" }, "product_reference": "httpd-0:2.2.3-63.el5_8.1.x86_64", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386" }, "product_reference": "httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64" }, "product_reference": "httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc" }, "product_reference": "httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64" }, "product_reference": "httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.s390 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390" }, "product_reference": "httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x" }, "product_reference": "httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64" }, "product_reference": "httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-63.el5_8.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386" }, "product_reference": "httpd-devel-0:2.2.3-63.el5_8.1.i386", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-63.el5_8.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64" }, "product_reference": "httpd-devel-0:2.2.3-63.el5_8.1.ia64", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-63.el5_8.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc" }, "product_reference": "httpd-devel-0:2.2.3-63.el5_8.1.ppc", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-63.el5_8.1.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64" }, "product_reference": "httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-63.el5_8.1.s390 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390" }, "product_reference": "httpd-devel-0:2.2.3-63.el5_8.1.s390", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-63.el5_8.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x" }, "product_reference": "httpd-devel-0:2.2.3-63.el5_8.1.s390x", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-63.el5_8.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64" }, "product_reference": "httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.3-63.el5_8.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386" }, "product_reference": "httpd-manual-0:2.2.3-63.el5_8.1.i386", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.3-63.el5_8.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64" }, "product_reference": "httpd-manual-0:2.2.3-63.el5_8.1.ia64", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.3-63.el5_8.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc" }, "product_reference": "httpd-manual-0:2.2.3-63.el5_8.1.ppc", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.3-63.el5_8.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x" }, "product_reference": "httpd-manual-0:2.2.3-63.el5_8.1.s390x", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.3-63.el5_8.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64" }, "product_reference": "httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.3-63.el5_8.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386" }, "product_reference": "mod_ssl-1:2.2.3-63.el5_8.1.i386", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.3-63.el5_8.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64" }, "product_reference": "mod_ssl-1:2.2.3-63.el5_8.1.ia64", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.3-63.el5_8.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc" }, "product_reference": "mod_ssl-1:2.2.3-63.el5_8.1.ppc", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.3-63.el5_8.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x" }, "product_reference": "mod_ssl-1:2.2.3-63.el5_8.1.s390x", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.3-63.el5_8.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64" }, "product_reference": "mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.3-63.el5_8.1.i386 as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386" }, "product_reference": "httpd-0:2.2.3-63.el5_8.1.i386", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.3-63.el5_8.1.ia64 as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64" }, "product_reference": "httpd-0:2.2.3-63.el5_8.1.ia64", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.3-63.el5_8.1.ppc as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc" }, "product_reference": "httpd-0:2.2.3-63.el5_8.1.ppc", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.3-63.el5_8.1.s390x as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x" }, "product_reference": "httpd-0:2.2.3-63.el5_8.1.s390x", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.3-63.el5_8.1.src as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src" }, "product_reference": "httpd-0:2.2.3-63.el5_8.1.src", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.3-63.el5_8.1.x86_64 as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64" }, "product_reference": "httpd-0:2.2.3-63.el5_8.1.x86_64", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.i386 as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386" }, "product_reference": "httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64 as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64" }, "product_reference": "httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc" }, "product_reference": "httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64 as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64" }, "product_reference": "httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.s390 as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390" }, "product_reference": "httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x" }, "product_reference": "httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64 as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64" }, "product_reference": "httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-63.el5_8.1.i386 as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386" }, "product_reference": "httpd-devel-0:2.2.3-63.el5_8.1.i386", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-63.el5_8.1.ia64 as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64" }, "product_reference": "httpd-devel-0:2.2.3-63.el5_8.1.ia64", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-63.el5_8.1.ppc as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc" }, "product_reference": "httpd-devel-0:2.2.3-63.el5_8.1.ppc", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-63.el5_8.1.ppc64 as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64" }, "product_reference": "httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-63.el5_8.1.s390 as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390" }, "product_reference": "httpd-devel-0:2.2.3-63.el5_8.1.s390", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-63.el5_8.1.s390x as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x" }, "product_reference": "httpd-devel-0:2.2.3-63.el5_8.1.s390x", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-63.el5_8.1.x86_64 as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64" }, "product_reference": "httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.3-63.el5_8.1.i386 as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386" }, "product_reference": "httpd-manual-0:2.2.3-63.el5_8.1.i386", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.3-63.el5_8.1.ia64 as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64" }, "product_reference": "httpd-manual-0:2.2.3-63.el5_8.1.ia64", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.3-63.el5_8.1.ppc as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc" }, "product_reference": "httpd-manual-0:2.2.3-63.el5_8.1.ppc", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.3-63.el5_8.1.s390x as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x" }, "product_reference": "httpd-manual-0:2.2.3-63.el5_8.1.s390x", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.3-63.el5_8.1.x86_64 as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64" }, "product_reference": "httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.3-63.el5_8.1.i386 as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386" }, "product_reference": "mod_ssl-1:2.2.3-63.el5_8.1.i386", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.3-63.el5_8.1.ia64 as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64" }, "product_reference": "mod_ssl-1:2.2.3-63.el5_8.1.ia64", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.3-63.el5_8.1.ppc as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc" }, "product_reference": "mod_ssl-1:2.2.3-63.el5_8.1.ppc", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.3-63.el5_8.1.s390x as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x" }, "product_reference": "mod_ssl-1:2.2.3-63.el5_8.1.s390x", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.3-63.el5_8.1.x86_64 as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64" }, "product_reference": "mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.3-63.el5_8.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386" }, "product_reference": "httpd-0:2.2.3-63.el5_8.1.i386", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.3-63.el5_8.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64" }, "product_reference": "httpd-0:2.2.3-63.el5_8.1.ia64", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.3-63.el5_8.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc" }, "product_reference": "httpd-0:2.2.3-63.el5_8.1.ppc", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.3-63.el5_8.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x" }, "product_reference": "httpd-0:2.2.3-63.el5_8.1.s390x", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.3-63.el5_8.1.src as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src" }, "product_reference": "httpd-0:2.2.3-63.el5_8.1.src", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.3-63.el5_8.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64" }, "product_reference": "httpd-0:2.2.3-63.el5_8.1.x86_64", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386" }, "product_reference": "httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64" }, "product_reference": "httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc" }, "product_reference": "httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64" }, "product_reference": "httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.s390 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390" }, "product_reference": "httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x" }, "product_reference": "httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64" }, "product_reference": "httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-63.el5_8.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386" }, "product_reference": "httpd-devel-0:2.2.3-63.el5_8.1.i386", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-63.el5_8.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64" }, "product_reference": "httpd-devel-0:2.2.3-63.el5_8.1.ia64", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-63.el5_8.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc" }, "product_reference": "httpd-devel-0:2.2.3-63.el5_8.1.ppc", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-63.el5_8.1.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64" }, "product_reference": "httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-63.el5_8.1.s390 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390" }, "product_reference": "httpd-devel-0:2.2.3-63.el5_8.1.s390", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-63.el5_8.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x" }, "product_reference": "httpd-devel-0:2.2.3-63.el5_8.1.s390x", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-63.el5_8.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64" }, "product_reference": "httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.3-63.el5_8.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386" }, "product_reference": "httpd-manual-0:2.2.3-63.el5_8.1.i386", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.3-63.el5_8.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64" }, "product_reference": "httpd-manual-0:2.2.3-63.el5_8.1.ia64", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.3-63.el5_8.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc" }, "product_reference": "httpd-manual-0:2.2.3-63.el5_8.1.ppc", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.3-63.el5_8.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x" }, "product_reference": "httpd-manual-0:2.2.3-63.el5_8.1.s390x", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.3-63.el5_8.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64" }, "product_reference": "httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.3-63.el5_8.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386" }, "product_reference": "mod_ssl-1:2.2.3-63.el5_8.1.i386", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.3-63.el5_8.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64" }, "product_reference": "mod_ssl-1:2.2.3-63.el5_8.1.ia64", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.3-63.el5_8.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc" }, "product_reference": "mod_ssl-1:2.2.3-63.el5_8.1.ppc", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.3-63.el5_8.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x" }, "product_reference": "mod_ssl-1:2.2.3-63.el5_8.1.s390x", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.3-63.el5_8.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64" }, "product_reference": "mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "relates_to_product_reference": "5Server-5.8.Z" } ] }, "vulnerabilities": [ { "cve": "CVE-2011-3607", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2011-11-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "769844" } ], "notes": [ { "category": "description", "text": "Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: ap_pregsub Integer overflow to buffer overflow", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-3607" }, { "category": "external", "summary": "RHBZ#769844", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=769844" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-3607", "url": "https://www.cve.org/CVERecord?id=CVE-2011-3607" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-3607", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3607" } ], "release_date": "2011-11-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-02-21T21:49:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0323" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "httpd: ap_pregsub Integer overflow to buffer overflow" }, { "cve": "CVE-2011-3639", "discovery_date": "2011-10-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "752080" } ], "notes": [ { "category": "description", "text": "The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: http 0.9 request bypass of the reverse proxy vulnerability CVE-2011-3368 fix", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-3639" }, { "category": "external", "summary": "RHBZ#752080", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=752080" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-3639", "url": "https://www.cve.org/CVERecord?id=CVE-2011-3639" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-3639", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3639" } ], "release_date": "2011-10-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-02-21T21:49:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0323" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: http 0.9 request bypass of the reverse proxy vulnerability CVE-2011-3368 fix" }, { "cve": "CVE-2012-0031", "discovery_date": "2012-01-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "773744" } ], "notes": [ { "category": "description", "text": "scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: possible crash on shutdown due to flaw in scoreboard handling", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-0031" }, { "category": "external", "summary": "RHBZ#773744", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=773744" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-0031", "url": "https://www.cve.org/CVERecord?id=CVE-2012-0031" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-0031", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0031" } ], "release_date": "2012-01-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-02-21T21:49:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0323" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "httpd: possible crash on shutdown due to flaw in scoreboard handling" }, { "cve": "CVE-2012-0053", "discovery_date": "2012-01-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "785069" } ], "notes": [ { "category": "description", "text": "protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: cookie exposure due to error responses", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects httpd packages as shipped with Red Hat Enterprise Linux 3 and 4, which are now in the Extended Life Phase of their life cycle. Therefore this issue is not planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-0053" }, { "category": "external", "summary": "RHBZ#785069", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=785069" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-0053", "url": "https://www.cve.org/CVERecord?id=CVE-2012-0053" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-0053", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0053" } ], "release_date": "2012-01-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-02-21T21:49:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0323" }, { "category": "workaround", "details": "As noted in the original reporter\u0027s advisory (see comment #5), this issue can be mitigated by using a custom ErrorDocument setting, such as:\n\n ErrorDocument 400 \"Bad Request\"\n\n http://httpd.apache.org/docs/2.2/mod/core.html#errordocument\n\nIt should be noted that ErrorDocument setting using path or external URL does not mitigate this issue.\n\n\nIt should also be noted that this is not an issue by itself. This can only be exploited via some other cross-site scripting (XSS) flaw found in a web application running on the server and may allow injected JavaScript to gain access to HttpOnly cookies, if the application uses this protection for its cookies.", "product_ids": [ "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: cookie exposure due to error responses" } ] }
var-201201-0038
Vulnerability from variot
protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script. Apache HTTP Server is prone to an information-disclosure vulnerability. The issue occurs in the default error response for status code 400. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks. The vulnerability affects Apache HTTP Server versions 2.2.0 through 2.2.21. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: httpd security update Advisory ID: RHSA-2012:0128-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0128.html Issue date: 2012-02-13 CVE Names: CVE-2011-3607 CVE-2011-3639 CVE-2011-4317 CVE-2012-0031 CVE-2012-0053 =====================================================================
- Summary:
Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64
It was discovered that the fix for CVE-2011-3368 (released via RHSA-2011:1391) did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request, or by using a specially-crafted URI. (CVE-2011-3639, CVE-2011-4317)
The httpd server included the full HTTP header line in the default error page generated when receiving an excessively long or malformed header. Malicious JavaScript running in the server's domain context could use this flaw to gain access to httpOnly cookies. (CVE-2012-0053)
An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way httpd performed substitutions in regular expressions. An attacker able to set certain httpd settings, such as a user permitted to override the httpd configuration for a specific directory using a ".htaccess" file, could use this flaw to crash the httpd child process or, possibly, execute arbitrary code with the privileges of the "apache" user. (CVE-2011-3607)
A flaw was found in the way httpd handled child process status information. A malicious program running with httpd child process privileges (such as a PHP or CGI script) could use this flaw to cause the parent httpd process to crash during httpd service shutdown. (CVE-2012-0031)
All httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon will be restarted automatically.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259
- Bugs fixed (http://bugzilla.redhat.com/):
752080 - CVE-2011-3639 httpd: http 0.9 request bypass of the reverse proxy vulnerability CVE-2011-3368 fix 756483 - CVE-2011-4317 httpd: uri scheme bypass of the reverse proxy vulnerability CVE-2011-3368 fix 769844 - CVE-2011-3607 httpd: ap_pregsub Integer overflow to buffer overflow 773744 - CVE-2012-0031 httpd: possible crash on shutdown due to flaw in scoreboard handling 785069 - CVE-2012-0053 httpd: cookie exposure due to error responses
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/httpd-2.2.15-15.el6_2.1.src.rpm
i386: httpd-2.2.15-15.el6_2.1.i686.rpm httpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm httpd-tools-2.2.15-15.el6_2.1.i686.rpm
x86_64: httpd-2.2.15-15.el6_2.1.x86_64.rpm httpd-debuginfo-2.2.15-15.el6_2.1.x86_64.rpm httpd-tools-2.2.15-15.el6_2.1.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/httpd-2.2.15-15.el6_2.1.src.rpm
i386: httpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm httpd-devel-2.2.15-15.el6_2.1.i686.rpm mod_ssl-2.2.15-15.el6_2.1.i686.rpm
noarch: httpd-manual-2.2.15-15.el6_2.1.noarch.rpm
x86_64: httpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm httpd-debuginfo-2.2.15-15.el6_2.1.x86_64.rpm httpd-devel-2.2.15-15.el6_2.1.i686.rpm httpd-devel-2.2.15-15.el6_2.1.x86_64.rpm mod_ssl-2.2.15-15.el6_2.1.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/httpd-2.2.15-15.el6_2.1.src.rpm
x86_64: httpd-2.2.15-15.el6_2.1.x86_64.rpm httpd-debuginfo-2.2.15-15.el6_2.1.x86_64.rpm httpd-tools-2.2.15-15.el6_2.1.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/httpd-2.2.15-15.el6_2.1.src.rpm
noarch: httpd-manual-2.2.15-15.el6_2.1.noarch.rpm
x86_64: httpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm httpd-debuginfo-2.2.15-15.el6_2.1.x86_64.rpm httpd-devel-2.2.15-15.el6_2.1.i686.rpm httpd-devel-2.2.15-15.el6_2.1.x86_64.rpm mod_ssl-2.2.15-15.el6_2.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/httpd-2.2.15-15.el6_2.1.src.rpm
i386: httpd-2.2.15-15.el6_2.1.i686.rpm httpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm httpd-devel-2.2.15-15.el6_2.1.i686.rpm httpd-tools-2.2.15-15.el6_2.1.i686.rpm mod_ssl-2.2.15-15.el6_2.1.i686.rpm
noarch: httpd-manual-2.2.15-15.el6_2.1.noarch.rpm
ppc64: httpd-2.2.15-15.el6_2.1.ppc64.rpm httpd-debuginfo-2.2.15-15.el6_2.1.ppc.rpm httpd-debuginfo-2.2.15-15.el6_2.1.ppc64.rpm httpd-devel-2.2.15-15.el6_2.1.ppc.rpm httpd-devel-2.2.15-15.el6_2.1.ppc64.rpm httpd-tools-2.2.15-15.el6_2.1.ppc64.rpm mod_ssl-2.2.15-15.el6_2.1.ppc64.rpm
s390x: httpd-2.2.15-15.el6_2.1.s390x.rpm httpd-debuginfo-2.2.15-15.el6_2.1.s390.rpm httpd-debuginfo-2.2.15-15.el6_2.1.s390x.rpm httpd-devel-2.2.15-15.el6_2.1.s390.rpm httpd-devel-2.2.15-15.el6_2.1.s390x.rpm httpd-tools-2.2.15-15.el6_2.1.s390x.rpm mod_ssl-2.2.15-15.el6_2.1.s390x.rpm
x86_64: httpd-2.2.15-15.el6_2.1.x86_64.rpm httpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm httpd-debuginfo-2.2.15-15.el6_2.1.x86_64.rpm httpd-devel-2.2.15-15.el6_2.1.i686.rpm httpd-devel-2.2.15-15.el6_2.1.x86_64.rpm httpd-tools-2.2.15-15.el6_2.1.x86_64.rpm mod_ssl-2.2.15-15.el6_2.1.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/httpd-2.2.15-15.el6_2.1.src.rpm
i386: httpd-2.2.15-15.el6_2.1.i686.rpm httpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm httpd-devel-2.2.15-15.el6_2.1.i686.rpm httpd-tools-2.2.15-15.el6_2.1.i686.rpm mod_ssl-2.2.15-15.el6_2.1.i686.rpm
noarch: httpd-manual-2.2.15-15.el6_2.1.noarch.rpm
x86_64: httpd-2.2.15-15.el6_2.1.x86_64.rpm httpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm httpd-debuginfo-2.2.15-15.el6_2.1.x86_64.rpm httpd-devel-2.2.15-15.el6_2.1.i686.rpm httpd-devel-2.2.15-15.el6_2.1.x86_64.rpm httpd-tools-2.2.15-15.el6_2.1.x86_64.rpm mod_ssl-2.2.15-15.el6_2.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2011-3607.html https://www.redhat.com/security/data/cve/CVE-2011-3639.html https://www.redhat.com/security/data/cve/CVE-2011-4317.html https://www.redhat.com/security/data/cve/CVE-2012-0031.html https://www.redhat.com/security/data/cve/CVE-2012-0053.html https://access.redhat.com/security/updates/classification/#moderate https://rhn.redhat.com/errata/RHSA-2011-1391.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFPOXUIXlSAg2UNWIIRAg4AAJ9vTPttyKrbHbaSV7xCAzG89ytZgACfTSq+ HOLS5+cKusdo+jUiYKIV4mw= =fM2U -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Please review the CVE identifiers referenced below for details.
Impact
A remote attacker might obtain sensitive information, gain privileges, send requests to unintended servers behind proxies, bypass certain security restrictions, obtain the values of HTTPOnly cookies, or cause a Denial of Service in various ways.
A local attacker could gain escalated privileges.
Workaround
There is no known workaround at this time.
Resolution
All Apache HTTP Server users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.2.22-r1"
References
[ 1 ] CVE-2010-0408 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0408 [ 2 ] CVE-2010-0434 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0434 [ 3 ] CVE-2010-1452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1452 [ 4 ] CVE-2010-2791 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2791 [ 5 ] CVE-2011-3192 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3192 [ 6 ] CVE-2011-3348 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3348 [ 7 ] CVE-2011-3368 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3368 [ 8 ] CVE-2011-3607 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3607 [ 9 ] CVE-2011-4317 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4317 [ 10 ] CVE-2012-0021 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0021 [ 11 ] CVE-2012-0031 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0031 [ 12 ] CVE-2012-0053 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0053 [ 13 ] CVE-2012-0883 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0883
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201206-25.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . HP System Management Homepage (SMH) before v7.1.1 running on Linux, Windows and VMware ESX.
It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. (CVE-2011-3368)
It was discovered that mod_proxy_ajp incorrectly returned an "Internal Server Error" response when processing certain malformed HTTP requests, which caused the back-end server to be marked as failed in configurations where mod_proxy was used in load balancer mode. A remote attacker could cause mod_proxy to not send requests to back-end AJP (Apache JServ Protocol) servers for the retry timeout period or until all back-end servers were marked as failed. (CVE-2011-3607)
A NULL pointer dereference flaw was found in the httpd mod_log_config module.
This update also fixes the following bug:
- The fix for CVE-2011-3192 provided by the RHSA-2011:1330 update introduced a regression in the way httpd handled certain Range HTTP header values. This update corrects this regression. Solution:
The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing JBoss Enterprise Web Server installation (including all applications and configuration files).
Release Date: 2012-04-18 Last Updated: 2012-04-18
Potential Security Impact: Remote Denial of Service (DoS), local increase of privilege
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX Running Apache. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to gain a local increase of privilege.
References: CVE-2011-3607, CVE-2012-0021, CVE-2012-0031, CVE-2012-0053
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.23, B.11.31 running HP-UX Apache Web Server Suite v3.22 or earlier HP-UX B.11.11 running HP-UX Apache Web Server Suite v2.34 or earlier
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2011-3607 (AV:L/AC:M/Au:N/C:P/I:P/A:P) 4.4 CVE-2012-0021 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6 CVE-2012-0031 (AV:L/AC:L/Au:N/C:P/I:P/A:P) 4.6 CVE-2012-0053 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following software updates to resolve the vulnerability. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.23 HP-UX B.11.31 ================== hpuxws22APCH32.APACHE hpuxws22APCH32.APACHE2 hpuxws22APCH32.AUTH_LDAP hpuxws22APCH32.AUTH_LDAP2 hpuxws22APCH32.MOD_JK hpuxws22APCH32.MOD_JK2 hpuxws22APCH32.MOD_PERL hpuxws22APCH32.MOD_PERL2 hpuxws22APCH32.PHP hpuxws22APCH32.PHP2 hpuxws22APCH32.WEBPROXY hpuxws22APCH32.WEBPROXY2 action: install revision B.2.2.15.12 or subsequent
HP-UX B.11.11
hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.64.03 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) - 18 April 2012 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
TITLE: Hitachi Multiple Products Apache HTTP Server "httpOnly" Cookie Disclosure Vulnerability
SECUNIA ADVISORY ID: SA51626
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51626/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51626
RELEASE DATE: 2012-12-26
DISCUSS ADVISORY: http://secunia.com/advisories/51626/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/51626/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=51626
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Hitachi has acknowledged a vulnerability in multiple products, which can be exploited by malicious people to disclose potentially sensitive information.
For more information see vulnerability #1 in: SA47779
Please see the vendor's advisory for a list of affected products.
ORIGINAL ADVISORY: Hitachi (HS12-033): http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-033/index.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Mandriva Linux Security Advisory MDVSA-2012:012 http://www.mandriva.com/security/
Package : apache Date : February 2, 2012 Affected: 2010.1, 2011., Enterprise Server 5.0
Problem Description:
Multiple vulnerabilities has been found and corrected in apache (ASF HTTPD):
The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a \%{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value (CVE-2012-0021).
scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function (CVE-2012-0031).
The updated packages have been upgraded to the latest 2.2.22 version which is not vulnerable to this issue.
Additionally APR and APR-UTIL has been upgraded to the latest versions 1.4.5 and 1.4.1 respectively which holds many improvments over the previous versions. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFPKoIMmqjQ0CJFipgRApUPAKDybXSBuVY2HxRpnqQnFpCmVw9TjACgjD7S qoOiBUIAc3k8YDXisM5t9Gc= =3aR8 -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201201-0038", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "web server", "scope": "eq", "trust": 1.8, "vendor": "hitachi", "version": "02-03" }, { "model": "web server 02-04-/a", "scope": null, "trust": 1.5, "vendor": "hitachi", "version": null }, { "model": "web server", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "02-01" }, { "model": "web server", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "02-02" }, { "model": "http server", "scope": "lt", "trust": 1.0, "vendor": "apache", "version": "2.0.65" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "6.0" }, { "model": "linux enterprise server", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "10" }, { "model": "jboss enterprise web server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "1.0.0" }, { "model": "enterprise linux eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.2" }, { "model": "http server", "scope": "lt", "trust": 1.0, "vendor": "apache", "version": "2.2.22" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "5.0" }, { "model": "linux enterprise software development kit", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "10" }, { "model": "storage", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "2.0" }, { "model": "enterprise linux server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "http server", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "2.2.0" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "7.0" }, { "model": "opensuse", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "11.4" }, { "model": "http server", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "2.0.0" }, { "model": "web server 01-02-/b", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "web server 01-02-/a", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "web server 01-02-/c", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "http server", "scope": "eq", "trust": 0.8, "vendor": "apache", "version": "2.2.x to 2.2.21" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6.8" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.7 to v10.7.4" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6.8" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.7 to v10.7.4" }, { "model": "sparc enterprise m3000 server", "scope": null, "trust": 0.8, "vendor": "oracle", "version": null }, { "model": "sparc enterprise m4000 server", "scope": null, "trust": 0.8, "vendor": "oracle", "version": null }, { "model": "sparc enterprise m5000 server", "scope": null, "trust": 0.8, "vendor": "oracle", "version": null }, { "model": "sparc enterprise m8000 server", "scope": null, "trust": 0.8, "vendor": "oracle", "version": null }, { "model": "sparc enterprise m9000 server", "scope": null, "trust": 0.8, "vendor": "oracle", "version": null }, { "model": "xcp", "scope": "lt", "trust": 0.8, "vendor": "oracle", "version": "1118" }, { "model": "hp system management homepage", "scope": "lt", "trust": 0.8, "vendor": "hewlett packard", "version": "v7.1.1 (linux" }, { "model": "hp system management homepage", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "windows and vmware esx)" }, { "model": "hp xp p9000", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "command view advanced edition suite" }, { "model": "cosminexus application server enterprise", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 6" }, { "model": "cosminexus application server standard", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 6" }, { "model": "cosminexus application server version 5", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer light version 6", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer professional version 6", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer standard version 6", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer version 5", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus http server", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base version 6" }, { "model": "cosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 6" }, { "model": "device manager", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "software" }, { "model": "global link manager", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "software" }, { "model": "provisioning manager", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "software" }, { "model": "replication manager", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "software" }, { "model": "tiered storage manager", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "software" }, { "model": "tuning manager", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "software" }, { "model": "web server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "web server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- security enhancement" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "(64)" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "-r" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "express" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard-r" }, { "model": "ucosminexus application server enterprise", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server smart edition", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "01" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional for plug-in" }, { "model": "ucosminexus developer light", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer standard", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base" }, { "model": "ucosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base(64)" }, { "model": "ucosminexus service architect", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "(64)" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- messaging" }, { "model": "interstage application framework suite", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage apworks", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage business application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage job workload server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage studio", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage web server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage web server express", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker resource coordinator", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "web server linux", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "04-00" }, { "model": "web server linux", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "03-00" }, { "model": "web server 02-04-/b", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "web server", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "02-04" }, { "model": "web server", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "01-02" }, { "model": "web server hp-ux", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "03-00" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.2.21" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.2.14" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.2.18" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.2.15" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.2.20" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.2.13" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.2.17" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.2.16" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.2.19" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.2.12" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.49" }, { "model": "nsm3000", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.35" }, { "model": "p9000 replication manager", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.4.1-00" }, { "model": "interstage apworks modelers-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.50" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "linux enterprise sdk sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.10" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "p9000 replication monitor", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0-00" }, { "model": "interstage studio standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "web server hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "04-00" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.39" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "web server aix", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "04-00" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.10" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "firepass", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "7.0" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "11.1" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "web server windows", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "04-10" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "10.0" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.3" }, { "model": "web server hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "04-10-02" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.1" }, { "model": "xp p9000 command view advanced edition", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1-00" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.43" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.55" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "interstage business application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.0" }, { "model": "web server", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-00-01" }, { "model": "web server security enhancement 02-04-/b", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "big-ip apm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.17" }, { "model": "web server solaris", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "04-00-01" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.21" }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "10.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.2" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.20" }, { "model": "network and security manager software", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "2012.2-" }, { "model": "web server windows", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "04-10-03" }, { "model": "big-ip psm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux enterprise server sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "xp p9000 command view advanced edition", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.4.1-00" }, { "model": "web server windows", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "04-10-01(x64)" }, { "model": "interstage apworks modelers-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "jboss enterprise web server for rhel server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "51.0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.1" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.45" }, { "model": "web server windows", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-10" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.2" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip ltm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip webaccelerator hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.0" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.0" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.1" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.40" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.4" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip link controller hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "web appliance", "scope": "ne", "trust": 0.3, "vendor": "sophos", "version": "3.7.9.1" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.28" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.3" }, { "model": "cosminexus", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "8.0" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.3" }, { "model": "web appliance", "scope": "eq", "trust": 0.3, "vendor": "sophos", "version": "3.7.9" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.60" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.8" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "freeflow print server 73.c0.41", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.2" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.59" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "nsmexpress", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip gtm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "firepass", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.1" }, { "model": "interstage studio standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.2" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.5" }, { "model": "web server hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-00-05" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "12.2" }, { "model": "voice portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "junos space 13.1r1.6", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.51" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2011" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "p9000 tiered storage manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0.0-00" }, { "model": "web server", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-00-02" }, { "model": "web server )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "02-03" }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.4" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "nsm appliance generic offline for centos", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": "51" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "linux lts sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "onboard administrator", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.50" }, { "model": "storwize unified", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v70001.3.23" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "onboard administrator", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.55" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0.0" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "12.1" }, { "model": "web server hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "04-10-01" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "freeflow print server 73.b3.61", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.13" }, { "model": "web server 02-04-/a (windows(ip", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "mac os", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.7.5" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.38" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.46" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.63" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.14" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.3.20" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.2" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "big-ip edge gateway hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "web server windows", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "04-00-05" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "linux enterprise server for vmware sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.18" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "2.2.22-dev", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": null }, { "model": "web server hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-10" }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.1" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "web server hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-10-09" }, { "model": "big-ip analytics 11.0.0-hf2", "scope": null, "trust": 0.3, "vendor": "f5", "version": null }, { "model": "enterprise server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.15" }, { "model": "interstage studio standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "big-ip asm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.9" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "linux x86 64 -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.1" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.3.0.0" }, { "model": "enterprise linux hpc node optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "onboard administrator", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "3.56" }, { "model": "web server hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "04-00-04" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "cosminexus", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.0" }, { "model": "web server windows", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-00" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "enterprise server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "11.3" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.32" }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.3" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.47" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.3.1.0" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.1.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.1" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.56" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.37" }, { "model": "interstage studio standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "10.0" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "xp provisioning manager", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.0.0-00" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "linux enterprise server sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "web server", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "02-05" }, { "model": "web appliance", "scope": "ne", "trust": 0.3, "vendor": "sophos", "version": "3.8.1.1" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "storwize unified", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v70001.40" }, { "model": "cosminexus", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.3.1" }, { "model": "web server )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "02-04" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2011" }, { "model": "linux lts lpia", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.44" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.19" }, { "model": "web server 01-02-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "cosminexus", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "9.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.3" }, { "model": "web server windows", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-10-10" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.64" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "apache", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "2.0.65" }, { "model": "p9000 replication manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0-00" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "p9000 replication monitor", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0.0-00" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.1" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.11" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.52" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.36" }, { "model": "web appliance", "scope": "eq", "trust": 0.3, "vendor": "sophos", "version": "3.8.0" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "web server windows", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "04-00" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "web server windows", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-00-060" }, { "model": "interstage job workload server", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.1" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.10" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "cosminexus", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "5.0" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "12.0" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.6" }, { "model": "jboss enterprise web server for rhel", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "61.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.16" }, { "model": "xp provisioning manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0.0-00" }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.12" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.5" }, { "model": "linux lts powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.53" }, { "model": "linux enterprise sdk sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "interstage apworks modelers-j edition 6.0a", "scope": null, "trust": 0.3, "vendor": "fujitsu", "version": null }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "web server windows", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "04-10-03(x64)" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.1" }, { "model": "web server aix", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-00" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0.00" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "linux -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.3" }, { "model": "web server 02-04-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.3.0.5" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "big-ip wom hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "enterprise linux desktop optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.48" }, { "model": "web server solaris", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-00" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "xp p9000 command view advanced edition", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.0-00" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "web server hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-00-01" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.2" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.2" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.40" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0" }, { "model": "interstage studio enterprise edition b", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.1.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.61" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0.00" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.4" }, { "model": "p9000 tiered storage manager", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.4.1-00" }, { "model": "cosminexus developer no version", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "mac os", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.8.2" }, { "model": "interstage studio standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.1" }, { "model": "interstage application server enterprise edition a", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2" }, { "model": "web appliance", "scope": "eq", "trust": 0.3, "vendor": "sophos", "version": "3.8.1" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.58" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.54" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "enterprise linux desktop workstation client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.42" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "11.2" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0.1" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.41" }, { "model": "cosminexus application server no version", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.57" }, { "model": "system management homepage", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.1.1" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "interstage studio standard-j edition b", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.1.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.2" } ], "sources": [ { "db": "BID", "id": "51706" }, { "db": "JVNDB", "id": "JVNDB-2012-001258" }, { "db": "CNNVD", "id": "CNNVD-201201-403" }, { "db": "NVD", "id": "CVE-2012-0053" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:apache:http_server", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:mac_os_x", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:mac_os_x_server", "vulnerable": true }, { "cpe22Uri": "cpe:/h:oracle:sparc_enterprise_m3000_server", "vulnerable": true }, { "cpe22Uri": "cpe:/h:oracle:sparc_enterprise_m4000_server", "vulnerable": true }, { "cpe22Uri": "cpe:/h:oracle:sparc_enterprise_m5000_server", "vulnerable": true }, { "cpe22Uri": "cpe:/h:oracle:sparc_enterprise_m8000_server", "vulnerable": true }, { "cpe22Uri": "cpe:/h:oracle:sparc_enterprise_m9000_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:xcp", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hp:system_management_homepage", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hp:xp_p9000", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server_enterprise", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server_standard", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server_version_5", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_developer_light_version_6", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_developer_professional_version_6", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_developer_standard_version_6", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_developer_version_5", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_http_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_primary_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:device_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:global_link_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:provisioning_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:replication_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:tiered_storage_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:tuning_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:hitachi_web_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server_enterprise", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server_smart_edition", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server_standard", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer_light", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer_standard", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_primary_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_service_architect", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_service_platform", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_apworks", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_studio", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_web_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_web_server_express", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_resource_coordinator", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-001258" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Norman Hippert", "sources": [ { "db": "BID", "id": "51706" } ], "trust": 0.3 }, "cve": "CVE-2012-0053", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2012-0053", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2012-0053", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2012-0053", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201201-403", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2012-0053", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2012-0053" }, { "db": "JVNDB", "id": "JVNDB-2012-001258" }, { "db": "CNNVD", "id": "CNNVD-201201-403" }, { "db": "NVD", "id": "CVE-2012-0053" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script. Apache HTTP Server is prone to an information-disclosure vulnerability. The issue occurs in the default error response for status code 400. \nSuccessful exploits will allow attackers to obtain sensitive information that may aid in further attacks. \nThe vulnerability affects Apache HTTP Server versions 2.2.0 through 2.2.21. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: httpd security update\nAdvisory ID: RHSA-2012:0128-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2012-0128.html\nIssue date: 2012-02-13\nCVE Names: CVE-2011-3607 CVE-2011-3639 CVE-2011-4317 \n CVE-2012-0031 CVE-2012-0053 \n=====================================================================\n\n1. Summary:\n\nUpdated httpd packages that fix multiple security issues are now available\nfor Red Hat Enterprise Linux 6. \n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64\n\n3. \n\nIt was discovered that the fix for CVE-2011-3368 (released via\nRHSA-2011:1391) did not completely address the problem. An attacker could\nbypass the fix and make a reverse proxy connect to an arbitrary server not\ndirectly accessible to the attacker by sending an HTTP version 0.9 request,\nor by using a specially-crafted URI. (CVE-2011-3639, CVE-2011-4317)\n\nThe httpd server included the full HTTP header line in the default error\npage generated when receiving an excessively long or malformed header. \nMalicious JavaScript running in the server\u0027s domain context could use this\nflaw to gain access to httpOnly cookies. (CVE-2012-0053)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way httpd performed substitutions in regular expressions. An\nattacker able to set certain httpd settings, such as a user permitted to\noverride the httpd configuration for a specific directory using a\n\".htaccess\" file, could use this flaw to crash the httpd child process or,\npossibly, execute arbitrary code with the privileges of the \"apache\" user. \n(CVE-2011-3607)\n\nA flaw was found in the way httpd handled child process status information. \nA malicious program running with httpd child process privileges (such as a\nPHP or CGI script) could use this flaw to cause the parent httpd process to\ncrash during httpd service shutdown. (CVE-2012-0031)\n\nAll httpd users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, the httpd daemon will be restarted automatically. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n752080 - CVE-2011-3639 httpd: http 0.9 request bypass of the reverse proxy vulnerability CVE-2011-3368 fix\n756483 - CVE-2011-4317 httpd: uri scheme bypass of the reverse proxy vulnerability CVE-2011-3368 fix\n769844 - CVE-2011-3607 httpd: ap_pregsub Integer overflow to buffer overflow\n773744 - CVE-2012-0031 httpd: possible crash on shutdown due to flaw in scoreboard handling\n785069 - CVE-2012-0053 httpd: cookie exposure due to error responses\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/httpd-2.2.15-15.el6_2.1.src.rpm\n\ni386:\nhttpd-2.2.15-15.el6_2.1.i686.rpm\nhttpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm\nhttpd-tools-2.2.15-15.el6_2.1.i686.rpm\n\nx86_64:\nhttpd-2.2.15-15.el6_2.1.x86_64.rpm\nhttpd-debuginfo-2.2.15-15.el6_2.1.x86_64.rpm\nhttpd-tools-2.2.15-15.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/httpd-2.2.15-15.el6_2.1.src.rpm\n\ni386:\nhttpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm\nhttpd-devel-2.2.15-15.el6_2.1.i686.rpm\nmod_ssl-2.2.15-15.el6_2.1.i686.rpm\n\nnoarch:\nhttpd-manual-2.2.15-15.el6_2.1.noarch.rpm\n\nx86_64:\nhttpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm\nhttpd-debuginfo-2.2.15-15.el6_2.1.x86_64.rpm\nhttpd-devel-2.2.15-15.el6_2.1.i686.rpm\nhttpd-devel-2.2.15-15.el6_2.1.x86_64.rpm\nmod_ssl-2.2.15-15.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/httpd-2.2.15-15.el6_2.1.src.rpm\n\nx86_64:\nhttpd-2.2.15-15.el6_2.1.x86_64.rpm\nhttpd-debuginfo-2.2.15-15.el6_2.1.x86_64.rpm\nhttpd-tools-2.2.15-15.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/httpd-2.2.15-15.el6_2.1.src.rpm\n\nnoarch:\nhttpd-manual-2.2.15-15.el6_2.1.noarch.rpm\n\nx86_64:\nhttpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm\nhttpd-debuginfo-2.2.15-15.el6_2.1.x86_64.rpm\nhttpd-devel-2.2.15-15.el6_2.1.i686.rpm\nhttpd-devel-2.2.15-15.el6_2.1.x86_64.rpm\nmod_ssl-2.2.15-15.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/httpd-2.2.15-15.el6_2.1.src.rpm\n\ni386:\nhttpd-2.2.15-15.el6_2.1.i686.rpm\nhttpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm\nhttpd-devel-2.2.15-15.el6_2.1.i686.rpm\nhttpd-tools-2.2.15-15.el6_2.1.i686.rpm\nmod_ssl-2.2.15-15.el6_2.1.i686.rpm\n\nnoarch:\nhttpd-manual-2.2.15-15.el6_2.1.noarch.rpm\n\nppc64:\nhttpd-2.2.15-15.el6_2.1.ppc64.rpm\nhttpd-debuginfo-2.2.15-15.el6_2.1.ppc.rpm\nhttpd-debuginfo-2.2.15-15.el6_2.1.ppc64.rpm\nhttpd-devel-2.2.15-15.el6_2.1.ppc.rpm\nhttpd-devel-2.2.15-15.el6_2.1.ppc64.rpm\nhttpd-tools-2.2.15-15.el6_2.1.ppc64.rpm\nmod_ssl-2.2.15-15.el6_2.1.ppc64.rpm\n\ns390x:\nhttpd-2.2.15-15.el6_2.1.s390x.rpm\nhttpd-debuginfo-2.2.15-15.el6_2.1.s390.rpm\nhttpd-debuginfo-2.2.15-15.el6_2.1.s390x.rpm\nhttpd-devel-2.2.15-15.el6_2.1.s390.rpm\nhttpd-devel-2.2.15-15.el6_2.1.s390x.rpm\nhttpd-tools-2.2.15-15.el6_2.1.s390x.rpm\nmod_ssl-2.2.15-15.el6_2.1.s390x.rpm\n\nx86_64:\nhttpd-2.2.15-15.el6_2.1.x86_64.rpm\nhttpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm\nhttpd-debuginfo-2.2.15-15.el6_2.1.x86_64.rpm\nhttpd-devel-2.2.15-15.el6_2.1.i686.rpm\nhttpd-devel-2.2.15-15.el6_2.1.x86_64.rpm\nhttpd-tools-2.2.15-15.el6_2.1.x86_64.rpm\nmod_ssl-2.2.15-15.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/httpd-2.2.15-15.el6_2.1.src.rpm\n\ni386:\nhttpd-2.2.15-15.el6_2.1.i686.rpm\nhttpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm\nhttpd-devel-2.2.15-15.el6_2.1.i686.rpm\nhttpd-tools-2.2.15-15.el6_2.1.i686.rpm\nmod_ssl-2.2.15-15.el6_2.1.i686.rpm\n\nnoarch:\nhttpd-manual-2.2.15-15.el6_2.1.noarch.rpm\n\nx86_64:\nhttpd-2.2.15-15.el6_2.1.x86_64.rpm\nhttpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm\nhttpd-debuginfo-2.2.15-15.el6_2.1.x86_64.rpm\nhttpd-devel-2.2.15-15.el6_2.1.i686.rpm\nhttpd-devel-2.2.15-15.el6_2.1.x86_64.rpm\nhttpd-tools-2.2.15-15.el6_2.1.x86_64.rpm\nmod_ssl-2.2.15-15.el6_2.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-3607.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3639.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-4317.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0031.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0053.html\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://rhn.redhat.com/errata/RHSA-2011-1391.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2012 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFPOXUIXlSAg2UNWIIRAg4AAJ9vTPttyKrbHbaSV7xCAzG89ytZgACfTSq+\nHOLS5+cKusdo+jUiYKIV4mw=\n=fM2U\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \nPlease review the CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker might obtain sensitive information, gain privileges,\nsend requests to unintended servers behind proxies, bypass certain\nsecurity restrictions, obtain the values of HTTPOnly cookies, or cause\na Denial of Service in various ways. \n\nA local attacker could gain escalated privileges. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Apache HTTP Server users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/apache-2.2.22-r1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2010-0408\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0408\n[ 2 ] CVE-2010-0434\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0434\n[ 3 ] CVE-2010-1452\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1452\n[ 4 ] CVE-2010-2791\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2791\n[ 5 ] CVE-2011-3192\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3192\n[ 6 ] CVE-2011-3348\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3348\n[ 7 ] CVE-2011-3368\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3368\n[ 8 ] CVE-2011-3607\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3607\n[ 9 ] CVE-2011-4317\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4317\n[ 10 ] CVE-2012-0021\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0021\n[ 11 ] CVE-2012-0031\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0031\n[ 12 ] CVE-2012-0053\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0053\n[ 13 ] CVE-2012-0883\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0883\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201206-25.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. \nHP System Management Homepage (SMH) before v7.1.1 running on Linux, Windows\nand VMware ESX. \n\nIt was discovered that the Apache HTTP Server did not properly validate the\nrequest URI for proxied requests. \n(CVE-2011-3368)\n\nIt was discovered that mod_proxy_ajp incorrectly returned an \"Internal\nServer Error\" response when processing certain malformed HTTP requests,\nwhich caused the back-end server to be marked as failed in configurations\nwhere mod_proxy was used in load balancer mode. A remote attacker could\ncause mod_proxy to not send requests to back-end AJP (Apache JServ\nProtocol) servers for the retry timeout period or until all back-end\nservers were marked as failed. \n(CVE-2011-3607)\n\nA NULL pointer dereference flaw was found in the httpd mod_log_config\nmodule. \n\nThis update also fixes the following bug:\n\n* The fix for CVE-2011-3192 provided by the RHSA-2011:1330 update\nintroduced a regression in the way httpd handled certain Range HTTP header\nvalues. This update corrects this regression. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise Web Server installation (including all\napplications and configuration files). \n\nRelease Date: 2012-04-18\nLast Updated: 2012-04-18\n\nPotential Security Impact: Remote Denial of Service (DoS), local increase of privilege\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP-UX Running Apache. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to gain a local increase of privilege. \n\nReferences: CVE-2011-3607, CVE-2012-0021, CVE-2012-0031, CVE-2012-0053\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.23, B.11.31 running HP-UX Apache Web Server Suite v3.22 or earlier\nHP-UX B.11.11 running HP-UX Apache Web Server Suite v2.34 or earlier\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2011-3607 (AV:L/AC:M/Au:N/C:P/I:P/A:P) 4.4\nCVE-2012-0021 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6\nCVE-2012-0031 (AV:L/AC:L/Au:N/C:P/I:P/A:P) 4.6\nCVE-2012-0053 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following software updates to resolve the vulnerability. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.23\nHP-UX B.11.31\n==================\nhpuxws22APCH32.APACHE\nhpuxws22APCH32.APACHE2\nhpuxws22APCH32.AUTH_LDAP\nhpuxws22APCH32.AUTH_LDAP2\nhpuxws22APCH32.MOD_JK\nhpuxws22APCH32.MOD_JK2\nhpuxws22APCH32.MOD_PERL\nhpuxws22APCH32.MOD_PERL2\nhpuxws22APCH32.PHP\nhpuxws22APCH32.PHP2\nhpuxws22APCH32.WEBPROXY\nhpuxws22APCH32.WEBPROXY2\naction: install revision B.2.2.15.12 or subsequent\n\nHP-UX B.11.11\n==================\nhpuxwsAPACHE.APACHE\nhpuxwsAPACHE.APACHE2\nhpuxwsAPACHE.AUTH_LDAP\nhpuxwsAPACHE.AUTH_LDAP2\nhpuxwsAPACHE.MOD_JK\nhpuxwsAPACHE.MOD_JK2\nhpuxwsAPACHE.MOD_PERL\nhpuxwsAPACHE.MOD_PERL2\nhpuxwsAPACHE.PHP\nhpuxwsAPACHE.PHP2\nhpuxwsAPACHE.WEBPROXY\naction: install revision B.2.0.64.03 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 18 April 2012 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in the title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2012 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \nFind out why this is not just another Patch Management solution: http://secunia.com/blog/325/\n\n----------------------------------------------------------------------\n\nTITLE:\nHitachi Multiple Products Apache HTTP Server \"httpOnly\" Cookie\nDisclosure Vulnerability\n\nSECUNIA ADVISORY ID:\nSA51626\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/51626/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51626\n\nRELEASE DATE:\n2012-12-26\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/51626/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/51626/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51626\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nHitachi has acknowledged a vulnerability in multiple products, which\ncan be exploited by malicious people to disclose potentially\nsensitive information. \n\nFor more information see vulnerability #1 in:\nSA47779\n\nPlease see the vendor\u0027s advisory for a list of affected products. \n\nORIGINAL ADVISORY:\nHitachi (HS12-033):\nhttp://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-033/index.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory MDVSA-2012:012\n http://www.mandriva.com/security/\n _______________________________________________________________________\n\n Package : apache\n Date : February 2, 2012\n Affected: 2010.1, 2011., Enterprise Server 5.0\n _______________________________________________________________________\n\n Problem Description:\n\n Multiple vulnerabilities has been found and corrected in apache\n (ASF HTTPD):\n \n The log_cookie function in mod_log_config.c in the mod_log_config\n module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded\n MPM is used, does not properly handle a \\%{}C format string, which\n allows remote attackers to cause a denial of service (daemon crash)\n via a cookie that lacks both a name and a value (CVE-2012-0021). \n \n scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might\n allow local users to cause a denial of service (daemon crash during\n shutdown) or possibly have unspecified other impact by modifying\n a certain type field within a scoreboard shared memory segment,\n leading to an invalid call to the free function (CVE-2012-0031). \n \n The updated packages have been upgraded to the latest 2.2.22 version\n which is not vulnerable to this issue. \n \n Additionally APR and APR-UTIL has been upgraded to the latest versions\n 1.4.5 and 1.4.1 respectively which holds many improvments over the\n previous versions. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niD8DBQFPKoIMmqjQ0CJFipgRApUPAKDybXSBuVY2HxRpnqQnFpCmVw9TjACgjD7S\nqoOiBUIAc3k8YDXisM5t9Gc=\n=3aR8\n-----END PGP SIGNATURE-----\n", "sources": [ { "db": "NVD", "id": "CVE-2012-0053" }, { "db": "JVNDB", "id": "JVNDB-2012-001258" }, { "db": "BID", "id": "51706" }, { "db": "VULMON", "id": "CVE-2012-0053" }, { "db": "PACKETSTORM", "id": "109731" }, { "db": "PACKETSTORM", "id": "114141" }, { "db": "PACKETSTORM", "id": "121573" }, { "db": "PACKETSTORM", "id": "112503" }, { "db": "PACKETSTORM", "id": "112059" }, { "db": "PACKETSTORM", "id": "119095" }, { "db": "PACKETSTORM", "id": "109387" } ], "trust": 2.61 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=18442", "trust": 0.1, "type": "exploit" } ], "sources": [ { "db": "VULMON", "id": "CVE-2012-0053" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2012-0053", "trust": 3.4 }, { "db": "JUNIPER", "id": "JSA10585", "trust": 1.9 }, { "db": "BID", "id": "51706", "trust": 1.9 }, { "db": "SECUNIA", "id": "48551", "trust": 1.6 }, { "db": "JVNDB", "id": "JVNDB-2012-001258", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201201-403", "trust": 0.6 }, { "db": "HITACHI", "id": "HS12-033", "trust": 0.4 }, { "db": "JUNIPER", "id": "JSA10642", "trust": 0.3 }, { "db": "SECUNIA", "id": "51626", "trust": 0.2 }, { "db": "VULMON", "id": "CVE-2012-0053", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "109731", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "114141", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "121573", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "112503", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "112059", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "119095", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "109387", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2012-0053" }, { "db": "BID", "id": "51706" }, { "db": "JVNDB", "id": "JVNDB-2012-001258" }, { "db": "PACKETSTORM", "id": "109731" }, { "db": "PACKETSTORM", "id": "114141" }, { "db": "PACKETSTORM", "id": "121573" }, { "db": "PACKETSTORM", "id": "112503" }, { "db": "PACKETSTORM", "id": "112059" }, { "db": "PACKETSTORM", "id": "119095" }, { "db": "PACKETSTORM", "id": "109387" }, { "db": "CNNVD", "id": "CNNVD-201201-403" }, { "db": "NVD", "id": "CVE-2012-0053" } ] }, "id": "VAR-201201-0038", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.33942824 }, "last_update_date": "2024-11-29T19:25:15.333000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Fixed in Apache httpd 2.2.22-dev", "trust": 0.8, "url": "http://httpd.apache.org/security/vulnerabilities_22.html" }, { "title": "1235454", "trust": 0.8, "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1235454" }, { "title": "APPLE-SA-2012-09-19-2", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html" }, { "title": "HT5501", "trust": 0.8, "url": "http://support.apple.com/kb/HT5501" }, { "title": "HT5501", "trust": 0.8, "url": "http://support.apple.com/kb/HT5501?viewlocale=ja_JP" }, { "title": "HS12-033", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-033/index.html" }, { "title": "HS13-001", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-001/index.html" }, { "title": "HPSBST02848 SSRT101112", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03691745" }, { "title": "HPSBMU02786 SSRT100877", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" }, { "title": "openSUSE-SU-2012:0314", "trust": 0.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00026.html" }, { "title": "Oracle Critical Patch Update Advisory - January 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "title": "Text Form of Oracle Critical Patch Update - January 2015 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015verbose-1972976.html" }, { "title": "Oracle Critical Patch Update Advisory - July 2012", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" }, { "title": "Bug 785069", "trust": 0.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=785069" }, { "title": "RHSA-2012:0128", "trust": 0.8, "url": "http://rhn.redhat.com/errata/RHSA-2012-0128.html" }, { "title": "CVE-2012-0053 Information Disclosure vulnerability in Apache HTTP Server ", "trust": 0.8, "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_0053_information_disclosure" }, { "title": "January 2015 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/january_2015_critical_patch_update" }, { "title": "Multiple vulnerabilities in Apache HTTP Server 1.3", "trust": 0.8, "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_apache_http1" }, { "title": "JSA10585", "trust": 0.8, "url": "http://kb.juniper.net/JSA10585" }, { "title": "HS12-033", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-033/index.html" }, { "title": "HS13-001", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS13-001/index.html" }, { "title": "Interstage HTTP Server: \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8106\u5f31\u6027(CVE-2012-0053)", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_201203.html" }, { "title": "httpd-2.4.3", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=44298" }, { "title": "httpd_2.4.3-netware-bin", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=44300" }, { "title": "httpd-2.4.3", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=44299" }, { "title": "httpd-2.2.22-win32-src", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42509" }, { "title": "httpd-2.2.22", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42508" }, { "title": "httpd_2.2.22-netware", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42512" }, { "title": "httpd-2.2.22", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42507" }, { "title": "httpd-2.2.22-win32-x86-openssl-0.9.8t", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42511" }, { "title": "httpd-2.2.22-win32-x86-no_ssl", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42510" }, { "title": "Red Hat: Moderate: httpd security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120323 - Security Advisory" }, { "title": "Red Hat: Moderate: httpd security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120128 - Security Advisory" }, { "title": "Red Hat: Moderate: httpd security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120542 - Security Advisory" }, { "title": "Amazon Linux AMI: ALAS-2012-046", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2012-046" }, { "title": "Ubuntu Security Notice: apache2 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1368-1" }, { "title": "xss_payloads", "trust": 0.1, "url": "https://github.com/nettitude/xss_payloads " }, { "title": "CVE20120053Demo", "trust": 0.1, "url": "https://github.com/jonathansp/CVE20120053Demo " }, { "title": "Apache-Vulns", "trust": 0.1, "url": "https://github.com/styx00/Apache-Vulns " }, { "title": "https://github.com/goddemondemongod/Sec-Interview", "trust": 0.1, "url": "https://github.com/goddemondemongod/Sec-Interview " } ], "sources": [ { "db": "VULMON", "id": "CVE-2012-0053" }, { "db": "JVNDB", "id": "JVNDB-2012-001258" }, { "db": "CNNVD", "id": "CNNVD-201201-403" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-264", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-001258" }, { "db": "NVD", "id": "CVE-2012-0053" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.9, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03360041" }, { "trust": 1.7, "url": "http://rhn.redhat.com/errata/rhsa-2012-0128.html" }, { "trust": 1.7, "url": "http://rhn.redhat.com/errata/rhsa-2012-0543.html" }, { "trust": 1.6, "url": "http://lists.apple.com/archives/security-announce/2012/sep/msg00004.html" }, { "trust": 1.6, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=785069" }, { "trust": 1.6, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=133494237717847\u0026w=2" }, { "trust": 1.6, "url": "http://support.apple.com/kb/ht5501" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=133294460209056\u0026w=2" }, { "trust": 1.6, "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1235454" }, { "trust": 1.6, "url": "http://secunia.com/advisories/48551" }, { "trust": 1.6, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2012:012" }, { "trust": 1.6, "url": "http://rhn.redhat.com/errata/rhsa-2012-0542.html" }, { "trust": 1.6, "url": "http://www.securityfocus.com/bid/51706" }, { "trust": 1.6, "url": "http://www.debian.org/security/2012/dsa-2405" }, { "trust": 1.6, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "trust": 1.6, "url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00026.html" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=136441204617335\u0026w=2" }, { "trust": 1.6, "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00002.html" }, { "trust": 1.6, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2013:150" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "trust": 1.6, "url": "http://kb.juniper.net/jsa10585" }, { "trust": 1.4, "url": "http://httpd.apache.org/security/vulnerabilities_22.html" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs.httpd.apache.org%3e" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0053" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu381963/index.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0053" }, { "trust": 0.6, "url": "http://support.avaya.com/css/p8/documents/100158872" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0031" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0053" }, { "trust": 0.6, "url": "httpd.apache.org%3e" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3ccvs." }, { "trust": 0.6, "url": "httpd.apache.org/security/vulnerabilities_22.html" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729@%3ccvs." }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3607" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0021" }, { "trust": 0.4, "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs12-033/index.html" }, { "trust": 0.3, "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c03691745" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10642\u0026cat=sirt_1\u0026actp=list" }, { "trust": 0.3, "url": "http://httpd.apache.org/" }, { "trust": 0.3, "url": "http://mail-archives.apache.org/mod_mbox/httpd-announce/201307.mbox/%3c20130710124920.2b8793ed.wrowe%40rowe-clan.net%3e" }, { "trust": 0.3, "url": "http://httpd.apache.org/security/vulnerabilities_20.html" }, { "trust": 0.3, "url": "https://h20565.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01\u0026javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigational" }, { "trust": 0.3, "url": "http://www.sophos.com/en-us/support/knowledgebase/119773.aspx" }, { "trust": 0.3, "url": "http://www.xerox.com/download/security/security-bulletin/16aeb-4cd3628b94080/cert_xrx12-009_v1.1.pdf" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10585" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100157326" }, { "trust": 0.3, "url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03231301\u0026ac.admitted=1332965374461.876444892.492883150" }, { "trust": 0.3, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03315912" }, { "trust": 0.3, "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-201203e.html" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004302" }, { "trust": 0.3, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15273.html" }, { "trust": 0.3, "url": "http://www.coresecurity.com/advisories/sophos-web-protection-appliance-multiple-vulnerabilities" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4317" }, { "trust": 0.2, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3607.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2012-0053.html" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.2, "url": "http://bugzilla.redhat.com/):" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2012-0031.html" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3368" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3348" }, { "trust": 0.2, "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.2, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-4317.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3639" }, { "trust": 0.1, "url": "https://access.redhat.com/kb/docs/doc-11259" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/#package" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3639.html" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2011-1391.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0434" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2791" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3368" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0031" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3192" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0408" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0408" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1452" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1452" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0053" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0883" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3348" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4317" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0021" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3607" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201206-25.xml" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3192" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0883" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0434" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2791" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0036" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2016" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0057" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4078" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1165" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4885" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2834" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1944" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2014" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0830" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4108" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4153" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1823" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2013" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4415" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4577" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4619" }, { "trust": 0.1, "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-ac3d1f80b8dd48b792bfc01a08" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0027" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2012" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2015" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3379" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4576" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2821" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3368.html" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2011-1330.html" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver\u0026downloadtype=securitypatches\u0026version=1.0.2" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3348.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0021.html" }, { "trust": 0.1, "url": "https://h20392.www2.hp.com/portal/swdepot/try.do?productnumber=hpuxwsatw235" }, { "trust": 0.1, "url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber=hpuxwsatw323" }, { "trust": 0.1, "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430" }, { "trust": 0.1, "url": "https://www.hp.com/go/swa" }, { "trust": 0.1, "url": "http://secunia.com/advisories/51626/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51626" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/blog/325/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/51626/#comments" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0021" }, { "trust": 0.1, "url": "http://www.apache.org/dist/apr/changes-apr-util-1.4" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0031" }, { "trust": 0.1, "url": "http://www.apache.org/dist/httpd/changes_2.2.22" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/advisories" }, { "trust": 0.1, "url": "http://www.apache.org/dist/apr/changes-apr-1.4" } ], "sources": [ { "db": "BID", "id": "51706" }, { "db": "JVNDB", "id": "JVNDB-2012-001258" }, { "db": "PACKETSTORM", "id": "109731" }, { "db": "PACKETSTORM", "id": "114141" }, { "db": "PACKETSTORM", "id": "121573" }, { "db": "PACKETSTORM", "id": "112503" }, { "db": "PACKETSTORM", "id": "112059" }, { "db": "PACKETSTORM", "id": "119095" }, { "db": "PACKETSTORM", "id": "109387" }, { "db": "CNNVD", "id": "CNNVD-201201-403" }, { "db": "NVD", "id": "CVE-2012-0053" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2012-0053" }, { "db": "BID", "id": "51706" }, { "db": "JVNDB", "id": "JVNDB-2012-001258" }, { "db": "PACKETSTORM", "id": "109731" }, { "db": "PACKETSTORM", "id": "114141" }, { "db": "PACKETSTORM", "id": "121573" }, { "db": "PACKETSTORM", "id": "112503" }, { "db": "PACKETSTORM", "id": "112059" }, { "db": "PACKETSTORM", "id": "119095" }, { "db": "PACKETSTORM", "id": "109387" }, { "db": "CNNVD", "id": "CNNVD-201201-403" }, { "db": "NVD", "id": "CVE-2012-0053" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-01-28T00:00:00", "db": "VULMON", "id": "CVE-2012-0053" }, { "date": "2012-01-23T00:00:00", "db": "BID", "id": "51706" }, { "date": "2012-02-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-001258" }, { "date": "2012-02-13T22:08:05", "db": "PACKETSTORM", "id": "109731" }, { "date": "2012-06-24T23:54:52", "db": "PACKETSTORM", "id": "114141" }, { "date": "2013-05-09T14:44:00", "db": "PACKETSTORM", "id": "121573" }, { "date": "2012-05-07T20:02:40", "db": "PACKETSTORM", "id": "112503" }, { "date": "2012-04-21T00:19:01", "db": "PACKETSTORM", "id": "112059" }, { "date": "2012-12-27T07:16:59", "db": "PACKETSTORM", "id": "119095" }, { "date": "2012-02-03T02:14:27", "db": "PACKETSTORM", "id": "109387" }, { "date": "2012-01-28T00:00:00", "db": "CNNVD", "id": "CNNVD-201201-403" }, { "date": "2012-01-28T04:05:00.797000", "db": "NVD", "id": "CVE-2012-0053" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2012-0053" }, { "date": "2015-04-13T21:30:00", "db": "BID", "id": "51706" }, { "date": "2015-01-30T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-001258" }, { "date": "2022-09-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201201-403" }, { "date": "2024-11-21T01:34:17.753000", "db": "NVD", "id": "CVE-2012-0053" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "112503" }, { "db": "CNNVD", "id": "CNNVD-201201-403" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache HTTP Server of protocol.c In HTTPOnly Cookie Vulnerability that gets the value of", "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-001258" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "permissions and access control issues", "sources": [ { "db": "CNNVD", "id": "CNNVD-201201-403" } ], "trust": 0.6 } }
ghsa-x2wg-fp56-xx79
Vulnerability from github
protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
{ "affected": [], "aliases": [ "CVE-2012-0053" ], "database_specific": { "cwe_ids": [], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2012-01-28T04:05:00Z", "severity": "MODERATE" }, "details": "protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.", "id": "GHSA-x2wg-fp56-xx79", "modified": "2022-05-04T00:27:49Z", "published": "2022-05-04T00:27:49Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0053" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=785069" }, { "type": "WEB", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" }, { "type": "WEB", "url": "http://httpd.apache.org/security/vulnerabilities_22.html" }, { "type": "WEB", "url": "http://kb.juniper.net/JSA10585" }, { "type": "WEB", "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00026.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00002.html" }, { "type": "WEB", "url": "http://marc.info/?l=bugtraq\u0026m=133294460209056\u0026w=2" }, { "type": "WEB", "url": "http://marc.info/?l=bugtraq\u0026m=133494237717847\u0026w=2" }, { "type": "WEB", "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "type": "WEB", "url": "http://marc.info/?l=bugtraq\u0026m=136441204617335\u0026w=2" }, { "type": "WEB", "url": "http://rhn.redhat.com/errata/RHSA-2012-0128.html" }, { "type": "WEB", "url": "http://rhn.redhat.com/errata/RHSA-2012-0542.html" }, { "type": "WEB", "url": "http://rhn.redhat.com/errata/RHSA-2012-0543.html" }, { "type": "WEB", "url": "http://secunia.com/advisories/48551" }, { "type": "WEB", "url": "http://support.apple.com/kb/HT5501" }, { "type": "WEB", "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1235454" }, { "type": "WEB", "url": "http://www.debian.org/security/2012/dsa-2405" }, { "type": "WEB", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:012" }, { "type": "WEB", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" }, { "type": "WEB", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "type": "WEB", "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/51706" } ], "schema_version": "1.4.0", "severity": [] }
gsd-2012-0053
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2012-0053", "description": "protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.", "id": "GSD-2012-0053", "references": [ "https://www.suse.com/security/cve/CVE-2012-0053.html", "https://www.debian.org/security/2012/dsa-2405", "https://access.redhat.com/errata/RHSA-2012:0543", "https://access.redhat.com/errata/RHSA-2012:0542", "https://access.redhat.com/errata/RHSA-2012:0323", "https://access.redhat.com/errata/RHSA-2012:0128", "https://alas.aws.amazon.com/cve/html/CVE-2012-0053.html", "https://linux.oracle.com/cve/CVE-2012-0053.html", "https://packetstormsecurity.com/files/cve/CVE-2012-0053" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2012-0053" ], "details": "protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.", "id": "GSD-2012-0053", "modified": "2023-12-13T01:20:14.304806Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-0053", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "HPSBMU02786", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" }, { "name": "MDVSA-2012:012", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:012" }, { "name": "51706", "refsource": "BID", "url": "http://www.securityfocus.com/bid/51706" }, { "name": "SSRT101112", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=136441204617335\u0026w=2" }, { "name": "RHSA-2012:0543", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-0543.html" }, { "name": "SSRT100772", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=133294460209056\u0026w=2" }, { "name": "RHSA-2012:0128", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-0128.html" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "name": "HPSBST02848", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=136441204617335\u0026w=2" }, { "name": "HPSBMU02748", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=133294460209056\u0026w=2" }, { "name": "RHSA-2012:0542", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-0542.html" }, { "name": "http://httpd.apache.org/security/vulnerabilities_22.html", "refsource": "CONFIRM", "url": "http://httpd.apache.org/security/vulnerabilities_22.html" }, { "name": "APPLE-SA-2012-09-19-2", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html" }, { "name": "http://support.apple.com/kb/HT5501", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT5501" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=785069", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=785069" }, { "name": "SSRT100852", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "name": "SSRT100877", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" }, { "name": "HPSBMU02776", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "name": "HPSBUX02761", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=133494237717847\u0026w=2" }, { "name": "openSUSE-SU-2012:0314", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00026.html" }, { "name": "MDVSA-2013:150", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" }, { "name": "48551", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48551" }, { "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1235454", "refsource": "CONFIRM", "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1235454" }, { "name": "DSA-2405", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2012/dsa-2405" }, { "name": "SSRT100823", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=133494237717847\u0026w=2" }, { "name": "http://kb.juniper.net/JSA10585", "refsource": "CONFIRM", "url": "http://kb.juniper.net/JSA10585" }, { "name": "SUSE-SU-2012:0323", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00002.html" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [8/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1888194 [8/13] - /httpd/site/trunk/content/security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [8/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.0.65", "versionStartIncluding": "2.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.2.22", "versionStartIncluding": "2.2.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:storage:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_web_server:1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-0053" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ] } ] }, "references": { "reference_data": [ { "name": "http://httpd.apache.org/security/vulnerabilities_22.html", "refsource": "CONFIRM", "tags": [ "Vendor Advisory" ], "url": "http://httpd.apache.org/security/vulnerabilities_22.html" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=785069", "refsource": "CONFIRM", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=785069" }, { "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1235454", "refsource": "CONFIRM", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1235454" }, { "name": "51706", "refsource": "BID", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/51706" }, { "name": "RHSA-2012:0128", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0128.html" }, { "name": "openSUSE-SU-2012:0314", "refsource": "SUSE", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00026.html" }, { "name": "HPSBMU02786", "refsource": "HP", "tags": [ "Broken Link" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" }, { "name": "48551", "refsource": "SECUNIA", "tags": [ "Not Applicable" ], "url": "http://secunia.com/advisories/48551" }, { "name": "APPLE-SA-2012-09-19-2", "refsource": "APPLE", "tags": [ "Broken Link", "Mailing List" ], "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html" }, { "name": "http://support.apple.com/kb/HT5501", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "http://support.apple.com/kb/HT5501" }, { "name": "SSRT101112", "refsource": "HP", "tags": [ "Issue Tracking", "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=136441204617335\u0026w=2" }, { "name": "http://kb.juniper.net/JSA10585", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "http://kb.juniper.net/JSA10585" }, { "name": "MDVSA-2013:150", "refsource": "MANDRIVA", "tags": [ "Broken Link" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "name": "HPSBUX02761", "refsource": "HP", "tags": [ "Issue Tracking", "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=133494237717847\u0026w=2" }, { "name": "SSRT100852", "refsource": "HP", "tags": [ "Issue Tracking", "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "name": "DSA-2405", "refsource": "DEBIAN", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2012/dsa-2405" }, { "name": "RHSA-2012:0543", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0543.html" }, { "name": "RHSA-2012:0542", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0542.html" }, { "name": "SSRT100772", "refsource": "HP", "tags": [ "Issue Tracking", "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=133294460209056\u0026w=2" }, { "name": "SUSE-SU-2012:0323", "refsource": "SUSE", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00002.html" }, { "name": "MDVSA-2012:012", "refsource": "MANDRIVA", "tags": [ "Broken Link" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:012" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "tags": [ "Mailing List", "Vendor Advisory" ], "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "tags": [ "Mailing List", "Vendor Advisory" ], "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "tags": [ "Mailing List", "Vendor Advisory" ], "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "tags": [ "Mailing List", "Vendor Advisory" ], "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "tags": [ "Mailing List", "Vendor Advisory" ], "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "tags": [ "Mailing List", "Vendor Advisory" ], "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "tags": [ "Mailing List", "Vendor Advisory" ], "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "tags": [ "Mailing List", "Vendor Advisory" ], "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [8/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource": "MLIST", "tags": [ "Mailing List", "Vendor Advisory" ], "url": "https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "tags": [ "Mailing List", "Vendor Advisory" ], "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource": "MLIST", "tags": [ "Mailing List", "Vendor Advisory" ], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "tags": [ "Mailing List", "Vendor Advisory" ], "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1888194 [8/13] - /httpd/site/trunk/content/security/json/", "refsource": "MLIST", "tags": [ "Mailing List", "Vendor Advisory" ], "url": "https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource": "MLIST", "tags": [ "Mailing List", "Vendor Advisory" ], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "tags": [ "Mailing List", "Vendor Advisory" ], "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "tags": [ "Mailing List", "Vendor Advisory" ], "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "tags": [ "Mailing List", "Vendor Advisory" ], "url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [8/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource": "MLIST", "tags": [ "Mailing List", "Vendor Advisory" ], "url": "https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/", "refsource": "MLIST", "tags": [ "Mailing List", "Vendor Advisory" ], "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "tags": [ "Mailing List", "Vendor Advisory" ], "url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "tags": [ "Mailing List", "Vendor Advisory" ], "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "tags": [ "Mailing List", "Vendor Advisory" ], "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E" } ] } }, "impact": { "baseMetricV2": { "cvssV2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false } }, "lastModifiedDate": "2022-09-14T19:51Z", "publishedDate": "2012-01-28T04:05Z" } } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.