Red Hat Security Advisory 2012-0323-01 - The Apache HTTP Server is a popular web server. It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request. The httpd server included the full HTTP header line in the default error page generated when receiving an excessively long or malformed header. Malicious JavaScript running in the server's domain context could use this flaw to gain access to httpOnly cookies.
4e6fc0a992e66dc0e093b5bbb0e471ca71ba9957c66f52c0991686dc70659ccdRed Hat Security Advisory 2012-0128-01 - The Apache HTTP Server is a popular web server. It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request, or by using a specially-crafted URI. The httpd server included the full HTTP header line in the default error page generated when receiving an excessively long or malformed header. Malicious JavaScript running in the server's domain context could use this flaw to gain access to httpOnly cookies.
47e04bdea922f45dbb611a67d0f33763ce878e42f56c0cde78a5dc761c2218f2Debian Linux Security Advisory 2405-1 - Several vulnerabilities have been found in the Apache HTTPD Server.
b0c6203ca4497541242454515790d9cfda365dfb81c65448ab664a3e143985e1
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed