Jump to content
Sign in to follow this  

Advisories MDVSA-2010:153: apache

Recommended Posts

Multiple vulnerabilities has been found and corrected in apache:


The mod_cache and mod_dav modules in the Apache HTTP Server 2.2.x

before 2.2.16 allow remote attackers to cause a denial of service

(process crash) via a request that lacks a path (CVE-2010-1452).


mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix,

does not close the backend connection if a timeout occurs when reading

a response from a persistent connection, which allows remote attackers

to obtain a potentially sensitive response intended for a different

client in opportunistic circumstances via a normal HTTP request.

NOTE: this is the same issue as CVE-2010-2068, but for a different

OS and set of affected versions (CVE-2010-2791).


Packages for 2009.0 are provided as of the Extended Maintenance

Program. Please visit this link to learn more:



The updated packages have been patched to correct these issues.

Share this post

Link to post
Share on other sites
This topic is now closed to further replies.
Sign in to follow this  

  • Create New...