| Description: | Updated httpd packages that fix multiple security issues are now availablefor Red Hat Enterprise Linux 3 and 5.This update has been rated as having moderate security impact by the RedHat Security Response Team.The Apache HTTP Server is a popular Web server.A flaw was found in the way the TLS/SSL (Transport Layer Security/SecureSockets Layer) protocols handle session renegotiation. A man-in-the-middleattacker could use this flaw to prefix arbitrary plain text to a client'ssession (for example, an HTTPS connection to a website). This could forcethe server to process an attacker's request as if authenticated using thevictim's credentials. This update partially mitigates this flaw for SSLsessions to HTTP servers using mod_ssl by rejecting client-requestedrenegotiation. (CVE-2009-3555) |