apache 보안 업데이트
Web Browser 로는 FTP 접속이 불가능 합니다.
문서번호 : 1373055912
업데이트 : 2013.07.06
상세내용
- apache 1.3.42-1 update
- 보안버그 수정 사항
. CVE-2011-3368
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x
through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with
use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for
configuration of a reverse proxy, which allows remote attackers to send
requests to intranet servers via a malformed URI containing an initial @
(at sign) character.
. CVE-2011-4317
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x
through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch
is in place, does not properly interact with use of (1) RewriteRule and (2)
ProxyPassMatch pattern matches for configuration of a reverse proxy, which
allows remote attackers to send requests to intranet servers via a malformed
URI containing an @ (at sign) character and a : (colon) character in invalid
positions. NOTE: this vulnerability exists because of an incomplete fix for
CVE-2011-3368.
Autoupdates 지원 : Packages System
pkgadd -F "apache*"
update 패키지
RPMS :
. apache-1.3.42-1.i686.rpm
. apache-devel-1.3.42-1.i686.rpm
SRPMS :
. apache-1.3.42-1.src.rpm
참고 :
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317
|