Update on mod_setenvif exploit CVE-2011-3607 and CVE-2011-4415

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: users@xxxxxxxxxxxxxxxx
Subject: Update on mod_setenvif exploit CVE-2011-3607 and CVE-2011-4415
From: "Kevin A. McGrail" <KMcGrail@xxxxxxxx>
Date: Wed, 21 Dec 2011 12:42:02 -0500
Reply-to: users@xxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20111105 Thunderbird/8.0

Good Morning,

I was wondering if there was any update on CVE-2011-3607 and CVE-2011-4415 which are bugs in mod_setenvif?

Our server is being flagged for PCI non-compliance because of these CVE's but there doesn't appear to be a fix, a workaround or any information I can find.

I checked bugzilla and the announce archives but these CVE's aren't listed at http://httpd.apache.org/security/vulnerabilities_22.html either.

However, some websearch issues that get pretty technical seem unclear if the issue is considered a security issue by apache. Any assistance appreciated.

Regards,
KAM

Follow-Ups:
- Re: Update on mod_setenvif exploit CVE-2011-3607 and CVE-2011-4415
  - From: Pete Houston

Prev by Date: AUTO: Todd W Stephens is out of the office
Next by Date: Re: Redirecting suspicious search probes
Previous by thread: AUTO: Todd W Stephens is out of the office
Next by thread: Re: Update on mod_setenvif exploit CVE-2011-3607 and CVE-2011-4415
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]