CVE-2009-1191 would affect RHEL5.x?

Solution Verified - Updated -

Issue

  • Confirmination of CVE-2009-1191 fix date  by RHEL5.x.

  • The problem occurs in the environment to make Apache httpd and JBoss cooperate.

  • The problem that a different session was displayed in user's browser was occured.

  • When user connected to IContSelect.html, but IScheDetail.html was displaied on the users browser.
  • I confirmed a similar case in the Apache bug track.
  • Bug 46949 - Apache httpd serves sometimes content from another thread  https://issues.apache.org/bugzilla/show_bug.cgi?id=46949

Environment

  • OS: Red Hat Enterprise Linux 5.2 x86_64
  • HTTP Server: httpd-2.2.3-11.el5_1.3
  • Application server: jboss-4.2.2 GA
  • module: mod_proxy_ajp

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content