Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2005:608 - Security Advisory
Issued:
2005-09-06
Updated:
2005-09-06

RHSA-2005:608 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

httpd security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated Apache httpd packages that correct two security issues are now
available for Red Hat Enterprise Linux 3 and 4.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Description

The Apache HTTP Server is a popular and freely-available Web server.

A flaw was discovered in mod_ssl's handling of the "SSLVerifyClient"
directive. This flaw occurs if a virtual host is configured
using "SSLVerifyClient optional" and a directive "SSLVerifyClient
required" is set for a specific location. For servers configured in this
fashion, an attacker may be able to access resources that should otherwise
be protected, by not supplying a client certificate when connecting. The
Common Vulnerabilities and Exposures project assigned the name
CAN-2005-2700 to this issue.

A flaw was discovered in Apache httpd where the byterange filter would
buffer certain responses into memory. If a server has a dynamic
resource such as a CGI script or PHP script that generates a large amount
of data, an attacker could send carefully crafted requests in order to
consume resources, potentially leading to a Denial of Service. (CAN-2005-2728)

Users of Apache httpd should update to these errata packages that contain
backported patches to correct these issues.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Affected Products

  • Red Hat Enterprise Linux Server 4 x86_64
  • Red Hat Enterprise Linux Server 4 ia64
  • Red Hat Enterprise Linux Server 4 i386
  • Red Hat Enterprise Linux Server 3 x86_64
  • Red Hat Enterprise Linux Server 3 ia64
  • Red Hat Enterprise Linux Server 3 i386
  • Red Hat Enterprise Linux Workstation 4 x86_64
  • Red Hat Enterprise Linux Workstation 4 ia64
  • Red Hat Enterprise Linux Workstation 4 i386
  • Red Hat Enterprise Linux Workstation 3 x86_64
  • Red Hat Enterprise Linux Workstation 3 ia64
  • Red Hat Enterprise Linux Workstation 3 i386
  • Red Hat Enterprise Linux Desktop 4 x86_64
  • Red Hat Enterprise Linux Desktop 4 i386
  • Red Hat Enterprise Linux Desktop 3 x86_64
  • Red Hat Enterprise Linux Desktop 3 i386
  • Red Hat Enterprise Linux for IBM z Systems 4 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390
  • Red Hat Enterprise Linux for IBM z Systems 3 s390x
  • Red Hat Enterprise Linux for IBM z Systems 3 s390
  • Red Hat Enterprise Linux for Power, big endian 4 ppc
  • Red Hat Enterprise Linux for Power, big endian 3 ppc

Fixes

  • BZ - 167102 - CAN-2005-2728 byterange memory DoS
  • BZ - 167194 - CAN-2005-2700 SSLVerifyClient flaw

CVEs

  • CVE-2005-2700
  • CVE-2005-2728

References

(none)

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 4

SRPM
httpd-2.0.52-12.2.ent.src.rpm SHA-256: 7e1767a1c8bcb516b0d69f501283ea22f6634e139e2e247978e6f2683bfe379e
x86_64
httpd-2.0.52-12.2.ent.x86_64.rpm SHA-256: 3081cdf3fdc884f6ae0dd1940a5044b36e7bc5d63e4230747d2a4ca9e3558c52
httpd-2.0.52-12.2.ent.x86_64.rpm SHA-256: 3081cdf3fdc884f6ae0dd1940a5044b36e7bc5d63e4230747d2a4ca9e3558c52
httpd-devel-2.0.52-12.2.ent.x86_64.rpm SHA-256: a0f706fb37ca7d354f959c34765a0dfa63b27695f44d8399875b012fba1144e2
httpd-devel-2.0.52-12.2.ent.x86_64.rpm SHA-256: a0f706fb37ca7d354f959c34765a0dfa63b27695f44d8399875b012fba1144e2
httpd-manual-2.0.52-12.2.ent.x86_64.rpm SHA-256: 62f14495b561cab317fe1cb0f7b2ef918f94ec7c0227b29881750bda584dc16c
httpd-manual-2.0.52-12.2.ent.x86_64.rpm SHA-256: 62f14495b561cab317fe1cb0f7b2ef918f94ec7c0227b29881750bda584dc16c
httpd-suexec-2.0.52-12.2.ent.x86_64.rpm SHA-256: ad866ac04e8be26b6bd4545838c3d6d395a052a86fae1bfd8a7772a6452d5e06
httpd-suexec-2.0.52-12.2.ent.x86_64.rpm SHA-256: ad866ac04e8be26b6bd4545838c3d6d395a052a86fae1bfd8a7772a6452d5e06
mod_ssl-2.0.52-12.2.ent.x86_64.rpm SHA-256: afc7206c2231e2584171b990379f956d553378f0bb95c3a6eaec292f891fa3e0
mod_ssl-2.0.52-12.2.ent.x86_64.rpm SHA-256: afc7206c2231e2584171b990379f956d553378f0bb95c3a6eaec292f891fa3e0
ia64
httpd-2.0.52-12.2.ent.ia64.rpm SHA-256: f3882a63b9b56d31225a0be6b46294696905d95c8564674f7ad999f40b1daf7d
httpd-2.0.52-12.2.ent.ia64.rpm SHA-256: f3882a63b9b56d31225a0be6b46294696905d95c8564674f7ad999f40b1daf7d
httpd-devel-2.0.52-12.2.ent.ia64.rpm SHA-256: 53e7aa7477da4c08bbeac4edbb31aa3cfa11526f49dbf75274bc69a5322b4e5c
httpd-devel-2.0.52-12.2.ent.ia64.rpm SHA-256: 53e7aa7477da4c08bbeac4edbb31aa3cfa11526f49dbf75274bc69a5322b4e5c
httpd-manual-2.0.52-12.2.ent.ia64.rpm SHA-256: 3bb39f90915ba88958590137e7f660b0174191e37f8bad0b9bb3aee4b491d133
httpd-manual-2.0.52-12.2.ent.ia64.rpm SHA-256: 3bb39f90915ba88958590137e7f660b0174191e37f8bad0b9bb3aee4b491d133
httpd-suexec-2.0.52-12.2.ent.ia64.rpm SHA-256: f588e3a5732d8082fafecceaea47beadf9f9d188b419a04f777624b26a421d3f
httpd-suexec-2.0.52-12.2.ent.ia64.rpm SHA-256: f588e3a5732d8082fafecceaea47beadf9f9d188b419a04f777624b26a421d3f
mod_ssl-2.0.52-12.2.ent.ia64.rpm SHA-256: 59a247e9f5b699376823fa027226541c84396fc4aef8f0225d4cf2e18699aa30
mod_ssl-2.0.52-12.2.ent.ia64.rpm SHA-256: 59a247e9f5b699376823fa027226541c84396fc4aef8f0225d4cf2e18699aa30
i386
httpd-2.0.52-12.2.ent.i386.rpm SHA-256: d279aa2d8aabf3f5bbda422ad5bcd04845588ad953c68a04ba6117c97f7bd987
httpd-2.0.52-12.2.ent.i386.rpm SHA-256: d279aa2d8aabf3f5bbda422ad5bcd04845588ad953c68a04ba6117c97f7bd987
httpd-devel-2.0.52-12.2.ent.i386.rpm SHA-256: c2d62ff3d1ba91cabd2ca55673b10590dfa89cb84785125ac6d3809a45c075d8
httpd-devel-2.0.52-12.2.ent.i386.rpm SHA-256: c2d62ff3d1ba91cabd2ca55673b10590dfa89cb84785125ac6d3809a45c075d8
httpd-manual-2.0.52-12.2.ent.i386.rpm SHA-256: 96c4766a9887ed2db1eb55e3b3d3eb3f726defb1ae66866fd472092daba300ca
httpd-manual-2.0.52-12.2.ent.i386.rpm SHA-256: 96c4766a9887ed2db1eb55e3b3d3eb3f726defb1ae66866fd472092daba300ca
httpd-suexec-2.0.52-12.2.ent.i386.rpm SHA-256: 448541209b7db7919d3bf16a29b278b0c6870306ef4202c30d42f2b937c48451
httpd-suexec-2.0.52-12.2.ent.i386.rpm SHA-256: 448541209b7db7919d3bf16a29b278b0c6870306ef4202c30d42f2b937c48451
mod_ssl-2.0.52-12.2.ent.i386.rpm SHA-256: 972f8fc3735d36dd66d4a2af1316c25320ae7645dc9342dc18ac23c227b455fc
mod_ssl-2.0.52-12.2.ent.i386.rpm SHA-256: 972f8fc3735d36dd66d4a2af1316c25320ae7645dc9342dc18ac23c227b455fc

Red Hat Enterprise Linux Server 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Workstation 4

SRPM
httpd-2.0.52-12.2.ent.src.rpm SHA-256: 7e1767a1c8bcb516b0d69f501283ea22f6634e139e2e247978e6f2683bfe379e
x86_64
httpd-2.0.52-12.2.ent.x86_64.rpm SHA-256: 3081cdf3fdc884f6ae0dd1940a5044b36e7bc5d63e4230747d2a4ca9e3558c52
httpd-devel-2.0.52-12.2.ent.x86_64.rpm SHA-256: a0f706fb37ca7d354f959c34765a0dfa63b27695f44d8399875b012fba1144e2
httpd-manual-2.0.52-12.2.ent.x86_64.rpm SHA-256: 62f14495b561cab317fe1cb0f7b2ef918f94ec7c0227b29881750bda584dc16c
httpd-suexec-2.0.52-12.2.ent.x86_64.rpm SHA-256: ad866ac04e8be26b6bd4545838c3d6d395a052a86fae1bfd8a7772a6452d5e06
mod_ssl-2.0.52-12.2.ent.x86_64.rpm SHA-256: afc7206c2231e2584171b990379f956d553378f0bb95c3a6eaec292f891fa3e0
ia64
httpd-2.0.52-12.2.ent.ia64.rpm SHA-256: f3882a63b9b56d31225a0be6b46294696905d95c8564674f7ad999f40b1daf7d
httpd-devel-2.0.52-12.2.ent.ia64.rpm SHA-256: 53e7aa7477da4c08bbeac4edbb31aa3cfa11526f49dbf75274bc69a5322b4e5c
httpd-manual-2.0.52-12.2.ent.ia64.rpm SHA-256: 3bb39f90915ba88958590137e7f660b0174191e37f8bad0b9bb3aee4b491d133
httpd-suexec-2.0.52-12.2.ent.ia64.rpm SHA-256: f588e3a5732d8082fafecceaea47beadf9f9d188b419a04f777624b26a421d3f
mod_ssl-2.0.52-12.2.ent.ia64.rpm SHA-256: 59a247e9f5b699376823fa027226541c84396fc4aef8f0225d4cf2e18699aa30
i386
httpd-2.0.52-12.2.ent.i386.rpm SHA-256: d279aa2d8aabf3f5bbda422ad5bcd04845588ad953c68a04ba6117c97f7bd987
httpd-devel-2.0.52-12.2.ent.i386.rpm SHA-256: c2d62ff3d1ba91cabd2ca55673b10590dfa89cb84785125ac6d3809a45c075d8
httpd-manual-2.0.52-12.2.ent.i386.rpm SHA-256: 96c4766a9887ed2db1eb55e3b3d3eb3f726defb1ae66866fd472092daba300ca
httpd-suexec-2.0.52-12.2.ent.i386.rpm SHA-256: 448541209b7db7919d3bf16a29b278b0c6870306ef4202c30d42f2b937c48451
mod_ssl-2.0.52-12.2.ent.i386.rpm SHA-256: 972f8fc3735d36dd66d4a2af1316c25320ae7645dc9342dc18ac23c227b455fc

Red Hat Enterprise Linux Workstation 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Desktop 4

SRPM
httpd-2.0.52-12.2.ent.src.rpm SHA-256: 7e1767a1c8bcb516b0d69f501283ea22f6634e139e2e247978e6f2683bfe379e
x86_64
httpd-2.0.52-12.2.ent.x86_64.rpm SHA-256: 3081cdf3fdc884f6ae0dd1940a5044b36e7bc5d63e4230747d2a4ca9e3558c52
httpd-devel-2.0.52-12.2.ent.x86_64.rpm SHA-256: a0f706fb37ca7d354f959c34765a0dfa63b27695f44d8399875b012fba1144e2
httpd-manual-2.0.52-12.2.ent.x86_64.rpm SHA-256: 62f14495b561cab317fe1cb0f7b2ef918f94ec7c0227b29881750bda584dc16c
httpd-suexec-2.0.52-12.2.ent.x86_64.rpm SHA-256: ad866ac04e8be26b6bd4545838c3d6d395a052a86fae1bfd8a7772a6452d5e06
mod_ssl-2.0.52-12.2.ent.x86_64.rpm SHA-256: afc7206c2231e2584171b990379f956d553378f0bb95c3a6eaec292f891fa3e0
i386
httpd-2.0.52-12.2.ent.i386.rpm SHA-256: d279aa2d8aabf3f5bbda422ad5bcd04845588ad953c68a04ba6117c97f7bd987
httpd-devel-2.0.52-12.2.ent.i386.rpm SHA-256: c2d62ff3d1ba91cabd2ca55673b10590dfa89cb84785125ac6d3809a45c075d8
httpd-manual-2.0.52-12.2.ent.i386.rpm SHA-256: 96c4766a9887ed2db1eb55e3b3d3eb3f726defb1ae66866fd472092daba300ca
httpd-suexec-2.0.52-12.2.ent.i386.rpm SHA-256: 448541209b7db7919d3bf16a29b278b0c6870306ef4202c30d42f2b937c48451
mod_ssl-2.0.52-12.2.ent.i386.rpm SHA-256: 972f8fc3735d36dd66d4a2af1316c25320ae7645dc9342dc18ac23c227b455fc

Red Hat Enterprise Linux Desktop 3

SRPM
x86_64
i386

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
httpd-2.0.52-12.2.ent.src.rpm SHA-256: 7e1767a1c8bcb516b0d69f501283ea22f6634e139e2e247978e6f2683bfe379e
s390x
httpd-2.0.52-12.2.ent.s390x.rpm SHA-256: eb81adec4ecd7d30c1d025f59c3a2ca2e69167702568b495d8efde2bacdb164a
httpd-devel-2.0.52-12.2.ent.s390x.rpm SHA-256: ba7b2ed99384cb1200279f06a1644dd9702fd9f9e03a14a21f4d8511faad2657
httpd-manual-2.0.52-12.2.ent.s390x.rpm SHA-256: 9f70d08cdf7677140b8cb17196e438b677eb913a71ddf336d314dad5c4037405
httpd-suexec-2.0.52-12.2.ent.s390x.rpm SHA-256: e7ef4abe5ef5c5e1aa19b0b214359f877d82ef4d31e8fa6be1ee207da67dc174
mod_ssl-2.0.52-12.2.ent.s390x.rpm SHA-256: d75314c6901cd016754e8bf5132145cb502827630f98c5b77128689db034071e
s390
httpd-2.0.52-12.2.ent.s390.rpm SHA-256: 468cc8f36c63852d8f9f00118fcaf0368182a200e4bede22ccefcab1c6db1f16
httpd-devel-2.0.52-12.2.ent.s390.rpm SHA-256: 4d098a084817ecfd83d04db3f70b79c84e083c734174be0570ffdcf2253a959d
httpd-manual-2.0.52-12.2.ent.s390.rpm SHA-256: 9d8d3795bac5692f8f727bcd59a8a73b250240ad8e49dffa24aff88f8b0d88f2
httpd-suexec-2.0.52-12.2.ent.s390.rpm SHA-256: 7bd47af1782ce8cffebf7bb993cbffc533a29e2110357a1417dc3d68d6744ba1
mod_ssl-2.0.52-12.2.ent.s390.rpm SHA-256: 02deba5c5a005aac6f29c52e86732dfb54e0f88c79001602462c76069034bc8d

Red Hat Enterprise Linux for IBM z Systems 3

SRPM
s390x
s390

Red Hat Enterprise Linux for Power, big endian 4

SRPM
httpd-2.0.52-12.2.ent.src.rpm SHA-256: 7e1767a1c8bcb516b0d69f501283ea22f6634e139e2e247978e6f2683bfe379e
ppc
httpd-2.0.52-12.2.ent.ppc.rpm SHA-256: 4660b1e51ac3f57b685e069bbc8f7058f1e9383666566b978f96db79568b105c
httpd-devel-2.0.52-12.2.ent.ppc.rpm SHA-256: 3e60dff09ecfac3eb11cf2dafd15d362bc2fb2253721d53d207facfc89a3dffe
httpd-manual-2.0.52-12.2.ent.ppc.rpm SHA-256: 40d835b10c8c0c8d3d2d1499d214be15ec690327e3a66860ebf1100af38c4d45
httpd-suexec-2.0.52-12.2.ent.ppc.rpm SHA-256: 1fa6ed8af4f99de084091a539464b4ba91e7e7fe2bd95db9b15c04996a77dc48
mod_ssl-2.0.52-12.2.ent.ppc.rpm SHA-256: 031d483606271bbbf8b04a458aa21c0a70869e7f8e28b9803c8a2a5419f9c522

Red Hat Enterprise Linux for Power, big endian 3

SRPM
ppc

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility