Important: httpd security update
Security Advisory: Important
Updated httpd packages that fix a security issue in mod_proxy_ajp are now
available for JBoss Enterprise Web Server 1.0.0.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
The Apache HTTP Server is a popular Web server. The Apache mod_proxy_ajp
module provides Apache JServ Protocol (AJP) support to the Apache mod_proxy
module.
An information disclosure flaw was found in mod_proxy_ajp. In certain
situations, if a user sent a carefully crafted HTTP request, the httpd
server could return a response intended for another user. (CVE-2009-1191)
Users are advised to upgrade to these updated packages, which resolve this
issue. Users must restart httpd for this update to take effect.
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259