Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Scientific Linux: CVE-2012-2687 Low Severity Httpd Security Advisory

Scientific Large Esm H446
Low: httpd security, bug fix, and enhancement update
Date: Thu, 28 Feb 2013 16:16:58 -0600
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Organization: Fermilab
Subject: Security ERRATA Low: httpd on SL6.x i386/x86_64
MIME-Version: 1.0

Synopsis: Low: httpd security, bug fix, and enhancement update
Issue Date: 2013-02-21
CVE Numbers: CVE-2012-2687
 CVE-2008-0455
 CVE-2012-4557
--

An input sanitization flaw was found in the mod_negotiation Apache HTTP
Server module. A remote attacker able to upload or create files with arbitrary
names in a directory that has the MultiViews options enabled, could use this
flaw to conduct cross-site scripting attacks against users visiting the site.
(CVE-2008-0455, CVE-2012-2687)

It was discovered that mod_proxy_ajp, when used in configurations with
mod_proxy in load balancer mode, would mark a back-end server as failed when
request processing timed out, even when a previous AJP (Apache JServ
Protocol) CPing request was responded to by the back-end. A remote attacker able
to make a back-end use an excessive amount of time to process a request could cause
mod_proxy to not send requests to back-end AJP servers for the retry timeout
period or until all back-end servers were marked as failed. (CVE-2012-4557)

After installing the updated packages, the httpd daemon will be restarted
automatically.
--

SL6
 x86_64
 httpd-2.2.15-26.el6.x86_64.rpm
 httpd-debuginfo-2.2.15-26.el6.x86_64.rpm
 httpd-tools-2.2.15-26.el6.x86_64.rpm
 httpd-debuginfo-2.2.15-26.el6.i686.rpm
 httpd-devel-2.2.15-26.el6.i686.rpm
 httpd-devel-2.2.15-26.el6.x86_64.rpm
 mod_ssl-2.2.15-26.el6.x86_64.rpm
 i386
 httpd-2.2.15-26.el6.i686.rpm
 httpd-debuginfo-2.2.15-26.el6.i686.rpm
 httpd-tools-2.2.15-26.el6.i686.rpm
 httpd-devel-2.2.15-26.el6.i686.rpm
 mod_ssl-2.2.15-26.el6.i686.rpm
 noarch
 httpd-manual-2.2.15-26.el6.noarch.rpm

- Scientific Linux Development Team
Your message here