Oval Definition:oval:com.redhat.rhsa:def:20070534
Revision Date:2008-03-20Version:637
Title:RHSA-2007:0534: httpd security update (Moderate)
Description:The Apache HTTP Server is a popular Web server.

  • A flaw was found in the Apache HTTP Server mod_status module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. On Red Hat Enterprise Linux the server-status page is not enabled by default and it is best practice to not make this publicly available. (CVE-2006-5752)

  • A bug was found in the Apache HTTP Server mod_cache module. On sites where caching is enabled, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-1863)

    Users of httpd should upgrade to these updated packages, which contain backported patches to correct these issues. Users should restart Apache after installing this update.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2006-5752
    CVE-2007-1863
    RHSA-2007:0534
    RHSA-2007:0534-02
    RHSA-2007:0534-02
    Platform(s):Red Hat Enterprise Linux 4
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • httpd is earlier than 0:2.0.52-32.2.ent
  • AND httpd is signed with Red Hat redhatrelease2 key
  • httpd-devel is earlier than 0:2.0.52-32.2.ent
  • AND httpd-devel is signed with Red Hat redhatrelease2 key
  • httpd-manual is earlier than 0:2.0.52-32.2.ent
  • AND httpd-manual is signed with Red Hat redhatrelease2 key
  • httpd-suexec is earlier than 0:2.0.52-32.2.ent
  • AND httpd-suexec is signed with Red Hat redhatrelease2 key
  • mod_ssl is earlier than 1:2.0.52-32.2.ent
  • AND mod_ssl is signed with Red Hat redhatrelease2 key
    • BACK