rhsa-2012_0323
Vulnerability from csaf_redhat
Published
2012-02-21 21:49
Modified
2024-11-22 05:04
Summary
Red Hat Security Advisory: httpd security update
Notes
Topic
Updated httpd packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
The Apache HTTP Server is a popular web server.
It was discovered that the fix for CVE-2011-3368 (released via
RHSA-2011:1392) did not completely address the problem. An attacker could
bypass the fix and make a reverse proxy connect to an arbitrary server not
directly accessible to the attacker by sending an HTTP version 0.9 request.
(CVE-2011-3639)
The httpd server included the full HTTP header line in the default error
page generated when receiving an excessively long or malformed header.
Malicious JavaScript running in the server's domain context could use this
flaw to gain access to httpOnly cookies. (CVE-2012-0053)
An integer overflow flaw, leading to a heap-based buffer overflow, was
found in the way httpd performed substitutions in regular expressions. An
attacker able to set certain httpd settings, such as a user permitted to
override the httpd configuration for a specific directory using a
".htaccess" file, could use this flaw to crash the httpd child process or,
possibly, execute arbitrary code with the privileges of the "apache" user.
(CVE-2011-3607)
A flaw was found in the way httpd handled child process status information.
A malicious program running with httpd child process privileges (such as a
PHP or CGI script) could use this flaw to cause the parent httpd process to
crash during httpd service shutdown. (CVE-2012-0031)
All httpd users should upgrade to these updated packages, which contain
backported patches to correct these issues. After installing the updated
packages, the httpd daemon will be restarted automatically.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated httpd packages that fix multiple security issues are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "The Apache HTTP Server is a popular web server.\n\nIt was discovered that the fix for CVE-2011-3368 (released via\nRHSA-2011:1392) did not completely address the problem. An attacker could\nbypass the fix and make a reverse proxy connect to an arbitrary server not\ndirectly accessible to the attacker by sending an HTTP version 0.9 request.\n(CVE-2011-3639)\n\nThe httpd server included the full HTTP header line in the default error\npage generated when receiving an excessively long or malformed header.\nMalicious JavaScript running in the server\u0027s domain context could use this\nflaw to gain access to httpOnly cookies. (CVE-2012-0053)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way httpd performed substitutions in regular expressions. An\nattacker able to set certain httpd settings, such as a user permitted to\noverride the httpd configuration for a specific directory using a\n\".htaccess\" file, could use this flaw to crash the httpd child process or,\npossibly, execute arbitrary code with the privileges of the \"apache\" user.\n(CVE-2011-3607)\n\nA flaw was found in the way httpd handled child process status information.\nA malicious program running with httpd child process privileges (such as a\nPHP or CGI script) could use this flaw to cause the parent httpd process to\ncrash during httpd service shutdown. (CVE-2012-0031)\n\nAll httpd users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, the httpd daemon will be restarted automatically.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2012:0323", "url": "https://access.redhat.com/errata/RHSA-2012:0323" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://rhn.redhat.com/errata/RHSA-2011-1392.html", "url": "https://rhn.redhat.com/errata/RHSA-2011-1392.html" }, { "category": "external", "summary": "752080", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=752080" }, { "category": "external", "summary": "769844", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=769844" }, { "category": "external", "summary": "773744", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=773744" }, { "category": "external", "summary": "785069", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=785069" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_0323.json" } ], "title": "Red Hat Security Advisory: httpd security update", "tracking": { "current_release_date": "2024-11-22T05:04:22+00:00", "generator": { "date": "2024-11-22T05:04:22+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2012:0323", "initial_release_date": "2012-02-21T21:49:00+00:00", "revision_history": [ { "date": "2012-02-21T21:49:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2012-02-21T21:57:25+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T05:04:22+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop (v. 5 client)", "product": { "name": "Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:5::client" } } }, { "category": "product_name", "name": "RHEL Desktop Workstation (v. 5 client)", "product": { "name": "RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:5::client_workstation" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux (v. 5 server)", "product": { "name": "Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:5::server" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "mod_ssl-1:2.2.3-63.el5_8.1.i386", "product": { "name": "mod_ssl-1:2.2.3-63.el5_8.1.i386", "product_id": "mod_ssl-1:2.2.3-63.el5_8.1.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.2.3-63.el5_8.1?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-0:2.2.3-63.el5_8.1.i386", "product": { "name": "httpd-0:2.2.3-63.el5_8.1.i386", "product_id": "httpd-0:2.2.3-63.el5_8.1.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.3-63.el5_8.1?arch=i386" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "product": { "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "product_id": "httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.3-63.el5_8.1?arch=i386" } } }, { "category": "product_version", "name": "httpd-manual-0:2.2.3-63.el5_8.1.i386", "product": { "name": "httpd-manual-0:2.2.3-63.el5_8.1.i386", "product_id": "httpd-manual-0:2.2.3-63.el5_8.1.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-manual@2.2.3-63.el5_8.1?arch=i386" } } }, { "category": "product_version", "name": "httpd-devel-0:2.2.3-63.el5_8.1.i386", "product": { "name": "httpd-devel-0:2.2.3-63.el5_8.1.i386", "product_id": "httpd-devel-0:2.2.3-63.el5_8.1.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.3-63.el5_8.1?arch=i386" } } } ], "category": "architecture", "name": "i386" }, { "branches": [ { "category": "product_version", "name": "mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "product": { "name": "mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "product_id": "mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.2.3-63.el5_8.1?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-0:2.2.3-63.el5_8.1.x86_64", "product": { "name": "httpd-0:2.2.3-63.el5_8.1.x86_64", "product_id": "httpd-0:2.2.3-63.el5_8.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.3-63.el5_8.1?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "product": { "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "product_id": "httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.3-63.el5_8.1?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "product": { "name": "httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "product_id": "httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-manual@2.2.3-63.el5_8.1?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "product": { "name": "httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "product_id": "httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.3-63.el5_8.1?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "httpd-0:2.2.3-63.el5_8.1.src", "product": { "name": "httpd-0:2.2.3-63.el5_8.1.src", "product_id": "httpd-0:2.2.3-63.el5_8.1.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.3-63.el5_8.1?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "mod_ssl-1:2.2.3-63.el5_8.1.ia64", "product": { "name": "mod_ssl-1:2.2.3-63.el5_8.1.ia64", "product_id": "mod_ssl-1:2.2.3-63.el5_8.1.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.2.3-63.el5_8.1?arch=ia64\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-manual-0:2.2.3-63.el5_8.1.ia64", "product": { "name": "httpd-manual-0:2.2.3-63.el5_8.1.ia64", "product_id": "httpd-manual-0:2.2.3-63.el5_8.1.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-manual@2.2.3-63.el5_8.1?arch=ia64" } } }, { "category": "product_version", "name": "httpd-devel-0:2.2.3-63.el5_8.1.ia64", "product": { "name": "httpd-devel-0:2.2.3-63.el5_8.1.ia64", "product_id": "httpd-devel-0:2.2.3-63.el5_8.1.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.3-63.el5_8.1?arch=ia64" } } }, { "category": "product_version", "name": "httpd-0:2.2.3-63.el5_8.1.ia64", "product": { "name": "httpd-0:2.2.3-63.el5_8.1.ia64", "product_id": "httpd-0:2.2.3-63.el5_8.1.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.3-63.el5_8.1?arch=ia64" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "product": { "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "product_id": "httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.3-63.el5_8.1?arch=ia64" } } } ], "category": "architecture", "name": "ia64" }, { "branches": [ { "category": "product_version", "name": "mod_ssl-1:2.2.3-63.el5_8.1.ppc", "product": { "name": "mod_ssl-1:2.2.3-63.el5_8.1.ppc", "product_id": "mod_ssl-1:2.2.3-63.el5_8.1.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.2.3-63.el5_8.1?arch=ppc\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-manual-0:2.2.3-63.el5_8.1.ppc", "product": { "name": "httpd-manual-0:2.2.3-63.el5_8.1.ppc", "product_id": "httpd-manual-0:2.2.3-63.el5_8.1.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-manual@2.2.3-63.el5_8.1?arch=ppc" } } }, { "category": "product_version", "name": "httpd-devel-0:2.2.3-63.el5_8.1.ppc", "product": { "name": "httpd-devel-0:2.2.3-63.el5_8.1.ppc", "product_id": "httpd-devel-0:2.2.3-63.el5_8.1.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.3-63.el5_8.1?arch=ppc" } } }, { "category": "product_version", "name": "httpd-0:2.2.3-63.el5_8.1.ppc", "product": { "name": "httpd-0:2.2.3-63.el5_8.1.ppc", "product_id": "httpd-0:2.2.3-63.el5_8.1.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.3-63.el5_8.1?arch=ppc" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "product": { "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "product_id": "httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.3-63.el5_8.1?arch=ppc" } } } ], "category": "architecture", "name": "ppc" }, { "branches": [ { "category": "product_version", "name": "httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "product": { "name": "httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "product_id": "httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.3-63.el5_8.1?arch=ppc64" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "product": { "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "product_id": "httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.3-63.el5_8.1?arch=ppc64" } } } ], "category": "architecture", "name": "ppc64" }, { "branches": [ { "category": "product_version", "name": "mod_ssl-1:2.2.3-63.el5_8.1.s390x", "product": { "name": "mod_ssl-1:2.2.3-63.el5_8.1.s390x", "product_id": "mod_ssl-1:2.2.3-63.el5_8.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.2.3-63.el5_8.1?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-manual-0:2.2.3-63.el5_8.1.s390x", "product": { "name": "httpd-manual-0:2.2.3-63.el5_8.1.s390x", "product_id": "httpd-manual-0:2.2.3-63.el5_8.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-manual@2.2.3-63.el5_8.1?arch=s390x" } } }, { "category": "product_version", "name": "httpd-devel-0:2.2.3-63.el5_8.1.s390x", "product": { "name": "httpd-devel-0:2.2.3-63.el5_8.1.s390x", "product_id": "httpd-devel-0:2.2.3-63.el5_8.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.3-63.el5_8.1?arch=s390x" } } }, { "category": "product_version", "name": "httpd-0:2.2.3-63.el5_8.1.s390x", "product": { "name": "httpd-0:2.2.3-63.el5_8.1.s390x", "product_id": "httpd-0:2.2.3-63.el5_8.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.3-63.el5_8.1?arch=s390x" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "product": { "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "product_id": "httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.3-63.el5_8.1?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "httpd-devel-0:2.2.3-63.el5_8.1.s390", "product": { "name": "httpd-devel-0:2.2.3-63.el5_8.1.s390", "product_id": "httpd-devel-0:2.2.3-63.el5_8.1.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.3-63.el5_8.1?arch=s390" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "product": { "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "product_id": "httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.3-63.el5_8.1?arch=s390" } } } ], "category": "architecture", "name": "s390" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.3-63.el5_8.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386" }, "product_reference": "httpd-0:2.2.3-63.el5_8.1.i386", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.3-63.el5_8.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64" }, "product_reference": "httpd-0:2.2.3-63.el5_8.1.ia64", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.3-63.el5_8.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc" }, "product_reference": "httpd-0:2.2.3-63.el5_8.1.ppc", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.3-63.el5_8.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x" }, "product_reference": "httpd-0:2.2.3-63.el5_8.1.s390x", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.3-63.el5_8.1.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src" }, "product_reference": "httpd-0:2.2.3-63.el5_8.1.src", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.3-63.el5_8.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64" }, "product_reference": "httpd-0:2.2.3-63.el5_8.1.x86_64", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386" }, "product_reference": "httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64" }, "product_reference": "httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc" }, "product_reference": "httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64" }, "product_reference": "httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.s390 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390" }, "product_reference": "httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x" }, "product_reference": "httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64" }, "product_reference": "httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-63.el5_8.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386" }, "product_reference": "httpd-devel-0:2.2.3-63.el5_8.1.i386", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-63.el5_8.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64" }, "product_reference": "httpd-devel-0:2.2.3-63.el5_8.1.ia64", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-63.el5_8.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc" }, "product_reference": "httpd-devel-0:2.2.3-63.el5_8.1.ppc", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-63.el5_8.1.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64" }, "product_reference": "httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-63.el5_8.1.s390 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390" }, "product_reference": "httpd-devel-0:2.2.3-63.el5_8.1.s390", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-63.el5_8.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x" }, "product_reference": "httpd-devel-0:2.2.3-63.el5_8.1.s390x", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-63.el5_8.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64" }, "product_reference": "httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.3-63.el5_8.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386" }, "product_reference": "httpd-manual-0:2.2.3-63.el5_8.1.i386", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.3-63.el5_8.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64" }, "product_reference": "httpd-manual-0:2.2.3-63.el5_8.1.ia64", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.3-63.el5_8.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc" }, "product_reference": "httpd-manual-0:2.2.3-63.el5_8.1.ppc", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.3-63.el5_8.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x" }, "product_reference": "httpd-manual-0:2.2.3-63.el5_8.1.s390x", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.3-63.el5_8.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64" }, "product_reference": "httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.3-63.el5_8.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386" }, "product_reference": "mod_ssl-1:2.2.3-63.el5_8.1.i386", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.3-63.el5_8.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64" }, "product_reference": "mod_ssl-1:2.2.3-63.el5_8.1.ia64", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.3-63.el5_8.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc" }, "product_reference": "mod_ssl-1:2.2.3-63.el5_8.1.ppc", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.3-63.el5_8.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x" }, "product_reference": "mod_ssl-1:2.2.3-63.el5_8.1.s390x", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.3-63.el5_8.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64" }, "product_reference": "mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.3-63.el5_8.1.i386 as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386" }, "product_reference": "httpd-0:2.2.3-63.el5_8.1.i386", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.3-63.el5_8.1.ia64 as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64" }, "product_reference": "httpd-0:2.2.3-63.el5_8.1.ia64", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.3-63.el5_8.1.ppc as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc" }, "product_reference": "httpd-0:2.2.3-63.el5_8.1.ppc", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.3-63.el5_8.1.s390x as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x" }, "product_reference": "httpd-0:2.2.3-63.el5_8.1.s390x", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.3-63.el5_8.1.src as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src" }, "product_reference": "httpd-0:2.2.3-63.el5_8.1.src", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.3-63.el5_8.1.x86_64 as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64" }, "product_reference": "httpd-0:2.2.3-63.el5_8.1.x86_64", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.i386 as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386" }, "product_reference": "httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64 as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64" }, "product_reference": "httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc" }, "product_reference": "httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64 as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64" }, "product_reference": "httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.s390 as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390" }, "product_reference": "httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x" }, "product_reference": "httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64 as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64" }, "product_reference": "httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-63.el5_8.1.i386 as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386" }, "product_reference": "httpd-devel-0:2.2.3-63.el5_8.1.i386", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-63.el5_8.1.ia64 as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64" }, "product_reference": "httpd-devel-0:2.2.3-63.el5_8.1.ia64", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-63.el5_8.1.ppc as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc" }, "product_reference": "httpd-devel-0:2.2.3-63.el5_8.1.ppc", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-63.el5_8.1.ppc64 as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64" }, "product_reference": "httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-63.el5_8.1.s390 as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390" }, "product_reference": "httpd-devel-0:2.2.3-63.el5_8.1.s390", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-63.el5_8.1.s390x as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x" }, "product_reference": "httpd-devel-0:2.2.3-63.el5_8.1.s390x", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-63.el5_8.1.x86_64 as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64" }, "product_reference": "httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.3-63.el5_8.1.i386 as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386" }, "product_reference": "httpd-manual-0:2.2.3-63.el5_8.1.i386", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.3-63.el5_8.1.ia64 as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64" }, "product_reference": "httpd-manual-0:2.2.3-63.el5_8.1.ia64", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.3-63.el5_8.1.ppc as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc" }, "product_reference": "httpd-manual-0:2.2.3-63.el5_8.1.ppc", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.3-63.el5_8.1.s390x as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x" }, "product_reference": "httpd-manual-0:2.2.3-63.el5_8.1.s390x", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.3-63.el5_8.1.x86_64 as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64" }, "product_reference": "httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.3-63.el5_8.1.i386 as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386" }, "product_reference": "mod_ssl-1:2.2.3-63.el5_8.1.i386", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.3-63.el5_8.1.ia64 as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64" }, "product_reference": "mod_ssl-1:2.2.3-63.el5_8.1.ia64", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.3-63.el5_8.1.ppc as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc" }, "product_reference": "mod_ssl-1:2.2.3-63.el5_8.1.ppc", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.3-63.el5_8.1.s390x as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x" }, "product_reference": "mod_ssl-1:2.2.3-63.el5_8.1.s390x", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.3-63.el5_8.1.x86_64 as a component of RHEL Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64" }, "product_reference": "mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "relates_to_product_reference": "5Client-Workstation-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.3-63.el5_8.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386" }, "product_reference": "httpd-0:2.2.3-63.el5_8.1.i386", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.3-63.el5_8.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64" }, "product_reference": "httpd-0:2.2.3-63.el5_8.1.ia64", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.3-63.el5_8.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc" }, "product_reference": "httpd-0:2.2.3-63.el5_8.1.ppc", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.3-63.el5_8.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x" }, "product_reference": "httpd-0:2.2.3-63.el5_8.1.s390x", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.3-63.el5_8.1.src as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src" }, "product_reference": "httpd-0:2.2.3-63.el5_8.1.src", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.3-63.el5_8.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64" }, "product_reference": "httpd-0:2.2.3-63.el5_8.1.x86_64", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386" }, "product_reference": "httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64" }, "product_reference": "httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc" }, "product_reference": "httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64" }, "product_reference": "httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.s390 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390" }, "product_reference": "httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x" }, "product_reference": "httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64" }, "product_reference": "httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-63.el5_8.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386" }, "product_reference": "httpd-devel-0:2.2.3-63.el5_8.1.i386", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-63.el5_8.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64" }, "product_reference": "httpd-devel-0:2.2.3-63.el5_8.1.ia64", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-63.el5_8.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc" }, "product_reference": "httpd-devel-0:2.2.3-63.el5_8.1.ppc", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-63.el5_8.1.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64" }, "product_reference": "httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-63.el5_8.1.s390 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390" }, "product_reference": "httpd-devel-0:2.2.3-63.el5_8.1.s390", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-63.el5_8.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x" }, "product_reference": "httpd-devel-0:2.2.3-63.el5_8.1.s390x", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-63.el5_8.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64" }, "product_reference": "httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.3-63.el5_8.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386" }, "product_reference": "httpd-manual-0:2.2.3-63.el5_8.1.i386", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.3-63.el5_8.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64" }, "product_reference": "httpd-manual-0:2.2.3-63.el5_8.1.ia64", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.3-63.el5_8.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc" }, "product_reference": "httpd-manual-0:2.2.3-63.el5_8.1.ppc", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.3-63.el5_8.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x" }, "product_reference": "httpd-manual-0:2.2.3-63.el5_8.1.s390x", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.3-63.el5_8.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64" }, "product_reference": "httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.3-63.el5_8.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386" }, "product_reference": "mod_ssl-1:2.2.3-63.el5_8.1.i386", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.3-63.el5_8.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64" }, "product_reference": "mod_ssl-1:2.2.3-63.el5_8.1.ia64", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.3-63.el5_8.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc" }, "product_reference": "mod_ssl-1:2.2.3-63.el5_8.1.ppc", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.3-63.el5_8.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x" }, "product_reference": "mod_ssl-1:2.2.3-63.el5_8.1.s390x", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.3-63.el5_8.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64" }, "product_reference": "mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "relates_to_product_reference": "5Server-5.8.Z" } ] }, "vulnerabilities": [ { "cve": "CVE-2011-3607", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2011-11-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "769844" } ], "notes": [ { "category": "description", "text": "Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: ap_pregsub Integer overflow to buffer overflow", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-3607" }, { "category": "external", "summary": "RHBZ#769844", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=769844" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-3607", "url": "https://www.cve.org/CVERecord?id=CVE-2011-3607" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-3607", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3607" } ], "release_date": "2011-11-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-02-21T21:49:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0323" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "httpd: ap_pregsub Integer overflow to buffer overflow" }, { "cve": "CVE-2011-3639", "discovery_date": "2011-10-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "752080" } ], "notes": [ { "category": "description", "text": "The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: http 0.9 request bypass of the reverse proxy vulnerability CVE-2011-3368 fix", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-3639" }, { "category": "external", "summary": "RHBZ#752080", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=752080" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-3639", "url": "https://www.cve.org/CVERecord?id=CVE-2011-3639" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-3639", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3639" } ], "release_date": "2011-10-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-02-21T21:49:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0323" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: http 0.9 request bypass of the reverse proxy vulnerability CVE-2011-3368 fix" }, { "cve": "CVE-2012-0031", "discovery_date": "2012-01-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "773744" } ], "notes": [ { "category": "description", "text": "scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: possible crash on shutdown due to flaw in scoreboard handling", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-0031" }, { "category": "external", "summary": "RHBZ#773744", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=773744" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-0031", "url": "https://www.cve.org/CVERecord?id=CVE-2012-0031" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-0031", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0031" } ], "release_date": "2012-01-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-02-21T21:49:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0323" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "httpd: possible crash on shutdown due to flaw in scoreboard handling" }, { "cve": "CVE-2012-0053", "discovery_date": "2012-01-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "785069" } ], "notes": [ { "category": "description", "text": "protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: cookie exposure due to error responses", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects httpd packages as shipped with Red Hat Enterprise Linux 3 and 4, which are now in the Extended Life Phase of their life cycle. Therefore this issue is not planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-0053" }, { "category": "external", "summary": "RHBZ#785069", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=785069" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-0053", "url": "https://www.cve.org/CVERecord?id=CVE-2012-0053" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-0053", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0053" } ], "release_date": "2012-01-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-02-21T21:49:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0323" }, { "category": "workaround", "details": "As noted in the original reporter\u0027s advisory (see comment #5), this issue can be mitigated by using a custom ErrorDocument setting, such as:\n\n ErrorDocument 400 \"Bad Request\"\n\n http://httpd.apache.org/docs/2.2/mod/core.html#errordocument\n\nIt should be noted that ErrorDocument setting using path or external URL does not mitigate this issue.\n\n\nIt should also be noted that this is not an issue by itself. This can only be exploited via some other cross-site scripting (XSS) flaw found in a web application running on the server and may allow injected JavaScript to gain access to HttpOnly cookies, if the application uses this protection for its cookies.", "product_ids": [ "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Client-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Client-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Client-Workstation-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Client-Workstation-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.src", "5Server-5.8.Z:httpd-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.ppc64", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-debuginfo-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.ppc64", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-devel-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:httpd-manual-0:2.2.3-63.el5_8.1.x86_64", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.i386", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ia64", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.ppc", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.s390x", "5Server-5.8.Z:mod_ssl-1:2.2.3-63.el5_8.1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: cookie exposure due to error responses" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.