Информационная безопасность
[RU] switch to English


Уязвимости безопасности в Apache
Опубликовано:2 декабря 2012 г.
Источник:
SecurityVulns ID:12729
Тип:удаленная
Уровень опасности:
5/10
Описание:DoS-уязвимости в mod_proxy_ajp, утечка информации о длинне сообщения в TLS.
Затронутые продукты:APACHE : Apache 2.2
CVE:CVE-2012-4929 (The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.)
 CVE-2012-4557 (The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2579-1] apache2 security update (02.12.2012)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород