Skip to main content

Apache Server 2.4.3 fixes over fifty bugs and two security holes

posted onAugust 21, 2012
by l33tdawg

The Apache Software Foundation has released version 2.4.3 of the Apache HTTP Server, fixing over fifty bugs and closing two security holes. The two vulnerabilities are present in the mod_proxy_aip, mod_proxy_http and mod_negotiation modules.

The two gaps have been listed as CVE-2012-3502 and CVE-2012-2687, but there is little information available on the actual problems. The first bug happens with mod_proxy_sjp and mod_proxy_http in the backend when a connection is closing which "could lead to privacy issues due to a response mixup". The second problem, in mod_negotiation, concerns a possible XSS (cross-site scripting) where untrusted users are uploading files; it is fixed by escaping file names.

Source

Tags

Apache Security Linux

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th