Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2009-1191 CVE-2009-1191

Source

Synopsis

Important: httpd security update

Type/Severity

Security Advisory: Important

Topic

Updated httpd packages that fix a security issue in mod_proxy_ajp are now
available for JBoss Enterprise Web Server 1.0.0.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Description

The Apache HTTP Server is a popular Web server. The Apache mod_proxy_ajp
module provides Apache JServ Protocol (AJP) support to the Apache mod_proxy
module.

An information disclosure flaw was found in mod_proxy_ajp. In certain
situations, if a user sent a carefully crafted HTTP request, the httpd
server could return a response intended for another user. (CVE-2009-1191)

Users are advised to upgrade to these updated packages, which resolve this
issue. Users must restart httpd for this update to take effect.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

JBoss Enterprise Web Server 1 for RHEL 5 x86_64
JBoss Enterprise Web Server 1 for RHEL 5 i386

Fixes

BZ - 496801 - CVE-2009-1191 httpd mod_proxy_ajp information disclosure

CVEs

CVE-2009-1191

References

http://www.redhat.com/security/updates/classification/#important

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook