Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2012:0323 - Security Advisory
Issued:
2012-02-21
Updated:
2012-02-21

RHSA-2012:0323 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: httpd security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated httpd packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Description

The Apache HTTP Server is a popular web server.

It was discovered that the fix for CVE-2011-3368 (released via
RHSA-2011:1392) did not completely address the problem. An attacker could
bypass the fix and make a reverse proxy connect to an arbitrary server not
directly accessible to the attacker by sending an HTTP version 0.9 request.
(CVE-2011-3639)

The httpd server included the full HTTP header line in the default error
page generated when receiving an excessively long or malformed header.
Malicious JavaScript running in the server's domain context could use this
flaw to gain access to httpOnly cookies. (CVE-2012-0053)

An integer overflow flaw, leading to a heap-based buffer overflow, was
found in the way httpd performed substitutions in regular expressions. An
attacker able to set certain httpd settings, such as a user permitted to
override the httpd configuration for a specific directory using a
".htaccess" file, could use this flaw to crash the httpd child process or,
possibly, execute arbitrary code with the privileges of the "apache" user.
(CVE-2011-3607)

A flaw was found in the way httpd handled child process status information.
A malicious program running with httpd child process privileges (such as a
PHP or CGI script) could use this flaw to cause the parent httpd process to
crash during httpd service shutdown. (CVE-2012-0031)

All httpd users should upgrade to these updated packages, which contain
backported patches to correct these issues. After installing the updated
packages, the httpd daemon will be restarted automatically.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

  • BZ - 752080 - CVE-2011-3639 httpd: http 0.9 request bypass of the reverse proxy vulnerability CVE-2011-3368 fix
  • BZ - 769844 - CVE-2011-3607 httpd: ap_pregsub Integer overflow to buffer overflow
  • BZ - 773744 - CVE-2012-0031 httpd: possible crash on shutdown due to flaw in scoreboard handling
  • BZ - 785069 - CVE-2012-0053 httpd: cookie exposure due to error responses

CVEs

  • CVE-2011-3607
  • CVE-2011-3639
  • CVE-2012-0053
  • CVE-2012-0031

References

  • https://access.redhat.com/security/updates/classification/#moderate
  • https://rhn.redhat.com/errata/RHSA-2011-1392.html
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
httpd-2.2.3-63.el5_8.1.src.rpm SHA-256: 1f8328a01dd81d74a1aa4791286edcf800ec6dfef05dfb16883e63513f6c81b8
x86_64
httpd-2.2.3-63.el5_8.1.x86_64.rpm SHA-256: bfcc0b476f567ea60c793f3d5a819b36b6287f85cce0fb3cdf074632735afa31
httpd-debuginfo-2.2.3-63.el5_8.1.i386.rpm SHA-256: c087073a7352c73e7c4756f72eddae4aefe20012d55b39ff7f19171e8e3c8bc3
httpd-debuginfo-2.2.3-63.el5_8.1.x86_64.rpm SHA-256: 3129aa4ceb90b4e4ed913798530145592153834115577188b8fb016b7dd0f89b
httpd-devel-2.2.3-63.el5_8.1.i386.rpm SHA-256: c5a38b6f00f0593bce4e9eeda0b41f656ab0bed9f6413bdde89e40501faa3108
httpd-devel-2.2.3-63.el5_8.1.x86_64.rpm SHA-256: 8840dead0175991f64f3be3a9b39f610ffd6ec9629e416b5a471eac67d198153
httpd-manual-2.2.3-63.el5_8.1.x86_64.rpm SHA-256: 1b07e7a4026965722acffd1e8f017d82c89beb49874596ee5144791ad0b5d9bb
mod_ssl-2.2.3-63.el5_8.1.x86_64.rpm SHA-256: eb39747dcde2a4380404c24371a923f06d4b3b12bbe80c273597c74dcf5449ca
ia64
httpd-2.2.3-63.el5_8.1.ia64.rpm SHA-256: 7398ea26d9056ad4e65da6bbb20d0c7a71f64c81ed83ad0691a1422bc0f6e36f
httpd-debuginfo-2.2.3-63.el5_8.1.ia64.rpm SHA-256: b3da09ef15bd6f783188edc90be0ac4b167cb8c15b5866712f54336c18ac4044
httpd-devel-2.2.3-63.el5_8.1.ia64.rpm SHA-256: 13a8e7869d6ef40ad2752fb91645ec6a0848e0bebbf4db968e2bae7ee599992b
httpd-manual-2.2.3-63.el5_8.1.ia64.rpm SHA-256: c6dcea93803aca38f89594916952166d4f16cdcb4fbcc1d27b1f5e683dfa0952
mod_ssl-2.2.3-63.el5_8.1.ia64.rpm SHA-256: 3810c6e27e3edd96b75ce53e057e60076f4a51eb2dbbb0a71445ef497abb735a
i386
httpd-2.2.3-63.el5_8.1.i386.rpm SHA-256: b6db0220a9936bf6842f994ea2b05c9f5f0c7cfe23c50b9ae30162bf692b90e6
httpd-debuginfo-2.2.3-63.el5_8.1.i386.rpm SHA-256: c087073a7352c73e7c4756f72eddae4aefe20012d55b39ff7f19171e8e3c8bc3
httpd-devel-2.2.3-63.el5_8.1.i386.rpm SHA-256: c5a38b6f00f0593bce4e9eeda0b41f656ab0bed9f6413bdde89e40501faa3108
httpd-manual-2.2.3-63.el5_8.1.i386.rpm SHA-256: d607695f4d548eec8fea3391444984b390f051069aebef218498021492ce2e63
mod_ssl-2.2.3-63.el5_8.1.i386.rpm SHA-256: 4599de482ca654dd4df8a1fdf5a98f43ab635102f751a036b5636fb929c9d5c9

Red Hat Enterprise Linux Workstation 5

SRPM
httpd-2.2.3-63.el5_8.1.src.rpm SHA-256: 1f8328a01dd81d74a1aa4791286edcf800ec6dfef05dfb16883e63513f6c81b8
x86_64
httpd-2.2.3-63.el5_8.1.x86_64.rpm SHA-256: bfcc0b476f567ea60c793f3d5a819b36b6287f85cce0fb3cdf074632735afa31
httpd-debuginfo-2.2.3-63.el5_8.1.i386.rpm SHA-256: c087073a7352c73e7c4756f72eddae4aefe20012d55b39ff7f19171e8e3c8bc3
httpd-debuginfo-2.2.3-63.el5_8.1.x86_64.rpm SHA-256: 3129aa4ceb90b4e4ed913798530145592153834115577188b8fb016b7dd0f89b
httpd-debuginfo-2.2.3-63.el5_8.1.x86_64.rpm SHA-256: 3129aa4ceb90b4e4ed913798530145592153834115577188b8fb016b7dd0f89b
httpd-devel-2.2.3-63.el5_8.1.i386.rpm SHA-256: c5a38b6f00f0593bce4e9eeda0b41f656ab0bed9f6413bdde89e40501faa3108
httpd-devel-2.2.3-63.el5_8.1.x86_64.rpm SHA-256: 8840dead0175991f64f3be3a9b39f610ffd6ec9629e416b5a471eac67d198153
httpd-manual-2.2.3-63.el5_8.1.x86_64.rpm SHA-256: 1b07e7a4026965722acffd1e8f017d82c89beb49874596ee5144791ad0b5d9bb
mod_ssl-2.2.3-63.el5_8.1.x86_64.rpm SHA-256: eb39747dcde2a4380404c24371a923f06d4b3b12bbe80c273597c74dcf5449ca
i386
httpd-2.2.3-63.el5_8.1.i386.rpm SHA-256: b6db0220a9936bf6842f994ea2b05c9f5f0c7cfe23c50b9ae30162bf692b90e6
httpd-debuginfo-2.2.3-63.el5_8.1.i386.rpm SHA-256: c087073a7352c73e7c4756f72eddae4aefe20012d55b39ff7f19171e8e3c8bc3
httpd-debuginfo-2.2.3-63.el5_8.1.i386.rpm SHA-256: c087073a7352c73e7c4756f72eddae4aefe20012d55b39ff7f19171e8e3c8bc3
httpd-devel-2.2.3-63.el5_8.1.i386.rpm SHA-256: c5a38b6f00f0593bce4e9eeda0b41f656ab0bed9f6413bdde89e40501faa3108
httpd-manual-2.2.3-63.el5_8.1.i386.rpm SHA-256: d607695f4d548eec8fea3391444984b390f051069aebef218498021492ce2e63
mod_ssl-2.2.3-63.el5_8.1.i386.rpm SHA-256: 4599de482ca654dd4df8a1fdf5a98f43ab635102f751a036b5636fb929c9d5c9

Red Hat Enterprise Linux Desktop 5

SRPM
httpd-2.2.3-63.el5_8.1.src.rpm SHA-256: 1f8328a01dd81d74a1aa4791286edcf800ec6dfef05dfb16883e63513f6c81b8
x86_64
httpd-2.2.3-63.el5_8.1.x86_64.rpm SHA-256: bfcc0b476f567ea60c793f3d5a819b36b6287f85cce0fb3cdf074632735afa31
httpd-debuginfo-2.2.3-63.el5_8.1.x86_64.rpm SHA-256: 3129aa4ceb90b4e4ed913798530145592153834115577188b8fb016b7dd0f89b
mod_ssl-2.2.3-63.el5_8.1.x86_64.rpm SHA-256: eb39747dcde2a4380404c24371a923f06d4b3b12bbe80c273597c74dcf5449ca
i386
httpd-2.2.3-63.el5_8.1.i386.rpm SHA-256: b6db0220a9936bf6842f994ea2b05c9f5f0c7cfe23c50b9ae30162bf692b90e6
httpd-debuginfo-2.2.3-63.el5_8.1.i386.rpm SHA-256: c087073a7352c73e7c4756f72eddae4aefe20012d55b39ff7f19171e8e3c8bc3
mod_ssl-2.2.3-63.el5_8.1.i386.rpm SHA-256: 4599de482ca654dd4df8a1fdf5a98f43ab635102f751a036b5636fb929c9d5c9

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
httpd-2.2.3-63.el5_8.1.src.rpm SHA-256: 1f8328a01dd81d74a1aa4791286edcf800ec6dfef05dfb16883e63513f6c81b8
s390x
httpd-2.2.3-63.el5_8.1.s390x.rpm SHA-256: 1ce1853ddb1c2c74d61ec229a2ee4544fc7c130ba78ed24c12c2a61b298156d1
httpd-debuginfo-2.2.3-63.el5_8.1.s390.rpm SHA-256: bc7add225e1153fddf8ec95fec86bf952f5c4196b361ec2223917d96d3eebe9a
httpd-debuginfo-2.2.3-63.el5_8.1.s390x.rpm SHA-256: 732f1c4c7517635033e4f3ef3449f32402ebaf684e5ee829bf6eca106400c4aa
httpd-devel-2.2.3-63.el5_8.1.s390.rpm SHA-256: 559e0105d30074b865d04991b8f359fc4afa3bfa53eb6b49fea0c098e0b66765
httpd-devel-2.2.3-63.el5_8.1.s390x.rpm SHA-256: ee593405d2eef7bd70aae7c26c327ba74044561694fba73e71ffa1a141e2db9e
httpd-manual-2.2.3-63.el5_8.1.s390x.rpm SHA-256: 7d64a2a10ed66835caedcb104f0993b8060e6c3c7e39358271054f86a7f31fd6
mod_ssl-2.2.3-63.el5_8.1.s390x.rpm SHA-256: 612527ee758dc1ca79e4b30a26559d91187e83263322bd0b508f331bfbb9fa10

Red Hat Enterprise Linux for Power, big endian 5

SRPM
httpd-2.2.3-63.el5_8.1.src.rpm SHA-256: 1f8328a01dd81d74a1aa4791286edcf800ec6dfef05dfb16883e63513f6c81b8
ppc
httpd-2.2.3-63.el5_8.1.ppc.rpm SHA-256: fed26ab180ac369868c4c924d06679c7ee2bb151de269a0e14413b8adbe098ba
httpd-debuginfo-2.2.3-63.el5_8.1.ppc.rpm SHA-256: d44f9cd7629be0605e00e513426abae5936abbfd71025fc09e91cb7f6f7bd406
httpd-debuginfo-2.2.3-63.el5_8.1.ppc64.rpm SHA-256: de925d173fe5037f201500f66b568c51925290d07772a8c2893cf0e92e3e9832
httpd-devel-2.2.3-63.el5_8.1.ppc.rpm SHA-256: 3ba9742fc9730f9579bb9a13dcc4bb9d2dbc5a6aba5a311de95c11d172281373
httpd-devel-2.2.3-63.el5_8.1.ppc64.rpm SHA-256: 1e8878bebcc0e65789dbfe05eb76bfa6e3f650c2c789cadbd3375435d2cf840a
httpd-manual-2.2.3-63.el5_8.1.ppc.rpm SHA-256: 16eaa6a8741912d168fd6af7d625db38a3cd89972d41e749a91bec5802c70c6d
mod_ssl-2.2.3-63.el5_8.1.ppc.rpm SHA-256: 0fc5288420e545586b1bf31c8d70116e7875d77e1d2f1c72f309eb0040c45622

Red Hat Enterprise Linux Server from RHUI 5

SRPM
httpd-2.2.3-63.el5_8.1.src.rpm SHA-256: 1f8328a01dd81d74a1aa4791286edcf800ec6dfef05dfb16883e63513f6c81b8
x86_64
httpd-2.2.3-63.el5_8.1.x86_64.rpm SHA-256: bfcc0b476f567ea60c793f3d5a819b36b6287f85cce0fb3cdf074632735afa31
httpd-debuginfo-2.2.3-63.el5_8.1.i386.rpm SHA-256: c087073a7352c73e7c4756f72eddae4aefe20012d55b39ff7f19171e8e3c8bc3
httpd-debuginfo-2.2.3-63.el5_8.1.x86_64.rpm SHA-256: 3129aa4ceb90b4e4ed913798530145592153834115577188b8fb016b7dd0f89b
httpd-devel-2.2.3-63.el5_8.1.i386.rpm SHA-256: c5a38b6f00f0593bce4e9eeda0b41f656ab0bed9f6413bdde89e40501faa3108
httpd-devel-2.2.3-63.el5_8.1.x86_64.rpm SHA-256: 8840dead0175991f64f3be3a9b39f610ffd6ec9629e416b5a471eac67d198153
httpd-manual-2.2.3-63.el5_8.1.x86_64.rpm SHA-256: 1b07e7a4026965722acffd1e8f017d82c89beb49874596ee5144791ad0b5d9bb
mod_ssl-2.2.3-63.el5_8.1.x86_64.rpm SHA-256: eb39747dcde2a4380404c24371a923f06d4b3b12bbe80c273597c74dcf5449ca
i386
httpd-2.2.3-63.el5_8.1.i386.rpm SHA-256: b6db0220a9936bf6842f994ea2b05c9f5f0c7cfe23c50b9ae30162bf692b90e6
httpd-debuginfo-2.2.3-63.el5_8.1.i386.rpm SHA-256: c087073a7352c73e7c4756f72eddae4aefe20012d55b39ff7f19171e8e3c8bc3
httpd-devel-2.2.3-63.el5_8.1.i386.rpm SHA-256: c5a38b6f00f0593bce4e9eeda0b41f656ab0bed9f6413bdde89e40501faa3108
httpd-manual-2.2.3-63.el5_8.1.i386.rpm SHA-256: d607695f4d548eec8fea3391444984b390f051069aebef218498021492ce2e63
mod_ssl-2.2.3-63.el5_8.1.i386.rpm SHA-256: 4599de482ca654dd4df8a1fdf5a98f43ab635102f751a036b5636fb929c9d5c9

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2023 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter