The Apache HTTP server is a powerful, full-featured, efficient, and
freely-available Web server.
An issue has been discovered in the mod_ssl module when configured to use
the “SSLCipherSuite” directive in directory or location context. If a
particular location context has been configured to require a specific set
of cipher suites, then a client will be able to access that location using
any cipher suite allowed by the virtual host configuration. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0885 to this issue.
An issue has been discovered in the handling of white space in request
header lines using MIME folding. A malicious client could send a carefully
crafted request, forcing the server to consume large amounts of memory,
leading to a denial of service. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2004-0942 to this issue.
Several minor bugs were also discovered, including:
In the mod_cgi module, problems that arise when CGI scripts are
invoked from SSI pages by mod_include using the “#include virtual”
syntax have been fixed.
In the mod_dav_fs module, problems with the handling of indirect locks
on the S/390x platform have been fixed.
Users of the Apache HTTP server who are affected by these issues should
upgrade to these updated packages, which contain backported patches.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | ia64 | httpd-devel | < 2.0.46-44.ent | httpd-devel-2.0.46-44.ent.ia64.rpm |
RedHat | any | ia64 | httpd | < 2.0.46-44.ent | httpd-2.0.46-44.ent.ia64.rpm |
RedHat | any | ia64 | mod_ssl | < 2.0.46-44.ent | mod_ssl-2.0.46-44.ent.ia64.rpm |