Executive Summary
Summary | |
---|---|
Title | httpd security and enhancement update |
Informations | |||
---|---|---|---|
Name | RHSA-2010:0168 | First vendor Publication | 2010-03-25 |
Vendor | RedHat | Last vendor Modification | 2010-03-25 |
Severity (Vendor) | Moderate | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated httpd packages that fix two security issues and add an enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The Apache HTTP Server is a popular web server. It was discovered that mod_proxy_ajp incorrectly returned an "Internal Server Error" response when processing certain malformed requests, which caused the back-end server to be marked as failed in configurations where mod_proxy is used in load balancer mode. A remote attacker could cause mod_proxy to not send requests to back-end AJP (Apache JServ Protocol) servers for the retry timeout period (60 seconds by default) by sending specially-crafted requests. (CVE-2010-0408) A use-after-free flaw was discovered in the way the Apache HTTP Server handled request headers in subrequests. In configurations where subrequests are used, a multithreaded MPM (Multi-Processing Module) could possibly leak information from other requests in request replies. (CVE-2010-0434) This update also adds the following enhancement: * with the updated openssl packages from RHSA-2010:0162 installed, mod_ssl will refuse to renegotiate a TLS/SSL connection with an unpatched client that does not support RFC 574 |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2010-0168.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-200 | Information Exposure |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10358 | |||
Oval ID: | oval:org.mitre.oval:def:10358 | ||
Title: | The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request. | ||
Description: | The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-0434 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13227 | |||
Oval ID: | oval:org.mitre.oval:def:13227 | ||
Title: | DSA-2035-1 apache2 -- multiple issues | ||
Description: | Two issues have been found in the Apache HTTPD web server: CVE-2010-0408 mod_proxy_ajp would return the wrong status code if it encountered an error, causing a backend server to be put into an error state until the retry timeout expired. A remote attacker could send malicious requests to trigger this issue, resulting in denial of service. CVE-2010-0434 A flaw in the core subrequest process code was found, which could lead to a daemon crash or disclosure of sensitive information if the headers of a subrequest were modified by modules such as mod_headers. For the stable distribution, these problems have been fixed in version 2.2.9-10+lenny7. For the testing distribution and the unstable distribution, these problems have been fixed in version 2.2.15-1. This advisory also provides updated apache2-mpm-itk packages which have been recompiled against the new apache2 packages. We recommend that you upgrade your apache2 and apache2-mpm-itk packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2035-1 CVE-2010-0408 CVE-2010-0434 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | apache2 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21223 | |||
Oval ID: | oval:org.mitre.oval:def:21223 | ||
Title: | RHSA-2010:0168: httpd security and enhancement update (Moderate) | ||
Description: | The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0168-01 CESA-2010:0168 CVE-2010-0408 CVE-2010-0434 | Version: | 29 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | httpd |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22685 | |||
Oval ID: | oval:org.mitre.oval:def:22685 | ||
Title: | ELSA-2010:0168: httpd security and enhancement update (Moderate) | ||
Description: | The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0168-01 CVE-2010-0408 CVE-2010-0434 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | httpd |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:27438 | |||
Oval ID: | oval:org.mitre.oval:def:27438 | ||
Title: | DEPRECATED: ELSA-2010-0168 -- httpd security and enhancement update (moderate) | ||
Description: | [2.2.3-31.0.1.el5_4.4] - Replace index.html with Oracle's index page oracle_index.html - Update vstring and distro in specfile [2.2.3-31.4] - require and BR a version of OpenSSL with the secure reneg API (#567980) [2.2.3-31.3] - mod_ssl: add SSLInsecureRenegotiation (#567980) - add security fixes for CVE-2010-0408, CVE-2010-0434 (#570440) | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010-0168 CVE-2010-0408 CVE-2010-0434 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | httpd |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8619 | |||
Oval ID: | oval:org.mitre.oval:def:8619 | ||
Title: | Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability | ||
Description: | The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-0408 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Apache |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8695 | |||
Oval ID: | oval:org.mitre.oval:def:8695 | ||
Title: | Apache HTTP Server request header information disclosure | ||
Description: | The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-0434 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Apache |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:9935 | |||
Oval ID: | oval:org.mitre.oval:def:9935 | ||
Title: | The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code. | ||
Description: | The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-0408 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-08-10 | Name : Gentoo Security Advisory GLSA 201206-25 (apache) File : nvt/glsa_201206_25.nasl |
2011-09-07 | Name : Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007) File : nvt/gb_macosx_su10-007.nasl |
2011-08-09 | Name : CentOS Update for httpd CESA-2010:0168 centos5 i386 File : nvt/gb_CESA-2010_0168_httpd_centos5_i386.nasl |
2010-06-07 | Name : Fedora Update for httpd FEDORA-2010-6055 File : nvt/gb_fedora_2010_6055_httpd_fc12.nasl |
2010-06-07 | Name : HP-UX Update for Apache-based Web Server HPSBUX02531 File : nvt/gb_hp_ux_HPSBUX02531.nasl |
2010-05-07 | Name : Fedora Update for httpd FEDORA-2010-6131 File : nvt/gb_fedora_2010_6131_httpd_fc11.nasl |
2010-03-31 | Name : CentOS Update for httpd CESA-2010:0175 centos4 i386 File : nvt/gb_CESA-2010_0175_httpd_centos4_i386.nasl |
2010-03-31 | Name : RedHat Update for httpd RHSA-2010:0168-01 File : nvt/gb_RHSA-2010_0168-01_httpd.nasl |
2010-03-31 | Name : RedHat Update for httpd RHSA-2010:0175-01 File : nvt/gb_RHSA-2010_0175-01_httpd.nasl |
2010-03-12 | Name : Mandriva Update for apache MDVSA-2010:053 (apache) File : nvt/gb_mandriva_MDVSA_2010_053.nasl |
2010-03-12 | Name : Mandriva Update for apache MDVSA-2010:057 (apache) File : nvt/gb_mandriva_MDVSA_2010_057.nasl |
2010-03-12 | Name : Ubuntu Update for apache2 vulnerabilities USN-908-1 File : nvt/gb_ubuntu_USN_908_1.nasl |
2010-03-04 | Name : Apache Multiple Security Vulnerabilities File : nvt/gb_apache_38494.nasl |
2010-02-15 | Name : Mandriva Update for mmc-wizard MDVA-2010:053 (mmc-wizard) File : nvt/gb_mandriva_MDVA_2010_053.nasl |
2010-02-15 | Name : Mandriva Update for nuface MDVA-2010:057 (nuface) File : nvt/gb_mandriva_MDVA_2010_057.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2010-067-01 httpd File : nvt/esoft_slk_ssa_2010_067_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
62676 | Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS |
62675 | Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling C... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-08-11 | Name : The remote web server may be affected by multiple vulnerabilities. File : oracle_http_server_cpu_jul_2013.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0175.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0168.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100325_httpd_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100325_httpd_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-06-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201206-25.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_apache2-100413.nasl - Type : ACT_GATHER_INFO |
2010-11-10 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_6_5.nasl - Type : ACT_GATHER_INFO |
2010-10-20 | Name : The remote web server is affected by multiple vulnerabilities. File : apache_2_0_64.nasl - Type : ACT_GATHER_INFO |
2010-10-20 | Name : The remote web server is affected by multiple vulnerabilities File : apache_2_2_15.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-6987.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-6055.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-5942.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-6131.nasl - Type : ACT_GATHER_INFO |
2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0168.nasl - Type : ACT_GATHER_INFO |
2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0175.nasl - Type : ACT_GATHER_INFO |
2010-04-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-6984.nasl - Type : ACT_GATHER_INFO |
2010-04-27 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_apache2-100413.nasl - Type : ACT_GATHER_INFO |
2010-04-27 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_apache2-100413.nasl - Type : ACT_GATHER_INFO |
2010-04-27 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_apache2-100413.nasl - Type : ACT_GATHER_INFO |
2010-04-19 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2035.nasl - Type : ACT_GATHER_INFO |
2010-03-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0168.nasl - Type : ACT_GATHER_INFO |
2010-03-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0175.nasl - Type : ACT_GATHER_INFO |
2010-03-11 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-908-1.nasl - Type : ACT_GATHER_INFO |
2010-03-09 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2010-067-01.nasl - Type : ACT_GATHER_INFO |
2010-03-08 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-057.nasl - Type : ACT_GATHER_INFO |
2010-03-03 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-053.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:53:22 |
|
2013-04-18 13:20:43 |
|