Re: Need confirmation of Issue Fix in Apache HTTP server 2.2.29

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello Kesavan,

Errors 1 and 4 were reported fixed in Apache httpd 2.2.28:
- http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?revision=1619851&view=markup

Error 1 (CVE-2014-0231) was fixed for 2.2.28 in SVN revision 1611185:
- http://svn.apache.org/viewvc?view=revision&revision=1611185

Error 4 (CVE-2014-0118) was fixed for 2.2.28 in SVN revision 1611426:
- http://svn.apache.org/viewvc?view=revision&revision=1611426

Errors 2 and 3 were reported fixed in Apache httpd 2.4.10:
- http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?revision=1646179&view=markup
Both of these vulnerabilities were only relevant to Apache httpd 2.4.x.

Error 2 (CVE-2014-3523) was fixed for 2.4.10 in SVN revisions 1610653 and 1610661:
- http://svn.apache.org/viewvc?view=revision&revision=1610653
- http://svn.apache.org/viewvc?view=revision&revision=1610661

Error 3 (CVE-2014-0117) was fixed for 2.4.10 in SVN revision 1610737:
- http://svn.apache.org/viewvc?view=revision&revision=1610737

Thanks,

Mike Rumph

On 12/26/2014 12:01 AM, Sengodan, Kesavan wrote:

Hi

 

I would like to confirm whether the following issues are fixed in Apache HTTP server 2.2.29 or not?

======================

Description of vulnerabilities
Multiple vulnerabilities have been reported in Apache HTTP Server, which can be exploited by malicious people to cause a DoS (Denial of Service).

1) An error within the mod_cgid module when handling certain input can be exploited to cause a hang of a child process.
2) An error within WinNT MPM can be exploited to trigger a memory leak by sending specially crafted requests. Successful exploitation requires the server is configured using the default AcceptFilter setting. Note: This vulnerability only affects Apache HTTP Server running on Windows NT operating systems.
3) An error when handling HTTP headers within the mod_proxy module can be exploited to cause a crash of the worker by sending a specially crafted request. Successful exploitation requires the server to be configured as a reverse proxy.
4) An error when within mod_deflate module can be exploited to consume memory and CPU resources. Successful exploitation requires the server to be configured to use request body decompression.

The vulnerabilities are reported in 2.4.x versions prior to 2.4.9 and 2.2.x versions prior to 2.2.27 and 2.x versions prior to 2.0.65

======================

 

Pl. confirm me ASAP.

 

Thanks

Kesavan Sengodan



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux