RHSA-2012:0543: Moderate: httpd security and bug fix update

First published: Mon May 07 2012(Updated: )

The Apache HTTP Server ("httpd") is the namesake project of The Apache<br>Software Foundation.<br>It was discovered that the Apache HTTP Server did not properly validate the<br>request URI for proxied requests. In certain configurations, if a reverse<br>proxy used the ProxyPassMatch directive, or if it used the RewriteRule<br>directive with the proxy flag, a remote attacker could make the proxy<br>connect to an arbitrary server, possibly disclosing sensitive information<br>from internal web servers not directly accessible to the attacker.<br>(CVE-2011-3368)<br>It was discovered that mod_proxy_ajp incorrectly returned an "Internal<br>Server Error" response when processing certain malformed HTTP requests,<br>which caused the back-end server to be marked as failed in configurations<br>where mod_proxy was used in load balancer mode. A remote attacker could<br>cause mod_proxy to not send requests to back-end AJP (Apache JServ<br>Protocol) servers for the retry timeout period or until all back-end<br>servers were marked as failed. (CVE-2011-3348)<br>The httpd server included the full HTTP header line in the default error<br>page generated when receiving an excessively long or malformed header.<br>Malicious JavaScript running in the server's domain context could use this<br>flaw to gain access to httpOnly cookies. (CVE-2012-0053)<br>An integer overflow flaw, leading to a heap-based buffer overflow, was<br>found in the way httpd performed substitutions in regular expressions. An<br>attacker able to set certain httpd settings, such as a user permitted to<br>override the httpd configuration for a specific directory using a<br>".htaccess" file, could use this flaw to crash the httpd child process or,<br>possibly, execute arbitrary code with the privileges of the "apache" user.<br>(CVE-2011-3607)<br>A NULL pointer dereference flaw was found in the httpd mod_log_config<br>module. In configurations where cookie logging is enabled, a remote<br>attacker could use this flaw to crash the httpd child process via an HTTP<br>request with a malformed Cookie header. (CVE-2012-0021)<br>A flaw was found in the way httpd handled child process status information.<br>A malicious program running with httpd child process privileges (such as a<br>PHP or CGI script) could use this flaw to cause the parent httpd process to<br>crash during httpd service shutdown. (CVE-2012-0031)<br>Red Hat would like to thank Context Information Security for reporting the<br>CVE-2011-3368 issue.<br>This update also fixes the following bug:<br><li> The fix for CVE-2011-3192 provided by the RHSA-2011:1330 update</li> introduced a regression in the way httpd handled certain Range HTTP header<br>values. This update corrects this regression. (BZ#749071)<br>All users of JBoss Enterprise Web Server 1.0.2 as provided from the Red Hat<br>Customer Portal are advised to apply this update.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/redhat-errata
• anchor-id/RHSA-2012:0543
• agent/references
• agent/severity
• agent/type
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/title
• agent/weakness
• agent/remedy
• agent/description
• agent/softwarecombine
• agent/tags
• agent/guess-ai
• agent/software-canonical-lookup
• agent/software-canonical-lookup-request
• vendor/apache
• canonical/apache http server
• vendor/red hat
• canonical/red hat jboss web server