25 November 2011, 12:03
Apache patch patches poorly
According to a report from security specialist Prutha Parikh, a security vulnerability in the Apache web server that was patched in early October can still be exploited by remote attackers to access internal servers. The vulnerability is in the mod_proxy and mod_rewrite modules and arises when parsing rewrite rules.
Parikh discovered a scenario which is not dealt with by the patch and reported the problem to the Apache Foundation under a new CVE number (CVE-2011-3368). A patch is already being discussed on the Apache mailing list. Parikh describes an effective workaround in a post on the Qualys Security Labs blog.
(crve)
Print Version | Send by email
| Permalink: http://h-online.com/-1385107
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
