[LON-CAPA-admin] Apache vulnerability Issues

Jana C Avery/FS/VCU jcavery at vcu.edu
Tue Sep 6 11:53:21 EDT 2011

Two vulnerabilities were reported by the Apache Software Foundation in the 
last week. Below are links to the details on each vulnerability. 
Tomcat Authentication bypass - CVE-2011-3190
Apache Dos issue - CVE-2011-3192 

The fix looks to be in Apache 2.2.20.

Or possibly a workaround.

We're currently using Apache 2.2.3 on our Lon-Capa servers.  Since the 
vulnerability is fixed in 2.2.20 (2.2.twenty), I'm thinking we need to run 
a yum update.  Has anyone else done this in the past week, or tried the 
workaround?  If so, have you had any issues? Does anyone have any 
suggestions about whether or not we should update Apache to 2.2.20?

Jana Avery
Learning Systems, Technology Services
Virginia Commonwealth University

Don't be a phishing victim - VCU and other reputable organizations will 
never use email to request that you reply with your password, social 
security number or confidential personal information.  For more details 
visit http://infosecurity.vcu.edu/phishing.html.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.lon-capa.org/pipermail/lon-capa-admin/attachments/20110906/4f038769/attachment.html>

More information about the LON-CAPA-admin mailing list