Oval Definition:	oval:org.mitre.oval:tst:31650
Comment: httpd is earlier than 0:2.0.46-46.2.ent Type: rpminfo_test Namespace: linux Check_Existence: at_least_one_exists Check: at least one State Operator: AND References Object: oval:org.mitre.oval:obj:14173 State: oval:org.mitre.oval:ste:9599 Referencing Definitions Definition ID Class Title Last Modified oval:org.mitre.oval:def:9589 V Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte. 2013-04-29 oval:org.mitre.oval:def:11452 V The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." 2013-04-29
BACK