[Full-disclosure] rPSA-2009-0142-1 httpd mod_ssl
- From: rPath Update Announcements <announce-noreply@xxxxxxxxx>
- Date: Thu, 12 Nov 2009 17:49:51 -0500
rPath Security Advisory: 2009-0142-1
rPath Appliance Platform Linux Service 2
rPath Linux 2
Exposure Level Classification:
Local System User Deterministic Privilege Escalation
rPath Issue Tracking System:
Previous versions of httpd do not properly handle Options=IncludesNOEXEC
in the AllowOverride directive, which allows local users to gain
privileges via a specially crafted .htaccess file combined with an exec
element in a .shtml file.
Additionally, when a reverse proxy is configured, a vulnerability in
mod_proxy could allow a remote attacker to cause a denial of service
(CPU consumption) via crafted requests.
Both of these issues have been addressed in this release.
Copyright 2009 rPath, Inc.
This file is distributed under the terms of the MIT License.
A copy is available at http://www.rpath.com/permanent/mit-license.html
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- Prev by Date: [Full-disclosure] JTTF/FBI informant "snitching" on security professionals in Bay Area
- Next by Date: [Full-disclosure] rPSA-2009-0143-1 util-linux util-linux-extras
- Previous by thread: [Full-disclosure] JTTF/FBI informant "snitching" on security professionals in Bay Area
- Next by thread: [Full-disclosure] rPSA-2009-0143-1 util-linux util-linux-extras