Computer Security
[EN] securityvulns.ru no-pyccku


Apache security vulnerabilities
Published:02.12.2012
Source:
SecurityVulns ID:12729
Type:remote
Threat Level:
5/10
Description:mod_proxy_ajp DoS vulnerabilities, TLS message length information leakage.
Affected:APACHE : Apache 2.2
CVE:CVE-2012-4929 (The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.)
 CVE-2012-4557 (The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2579-1] apache2 security update (02.12.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod