[LON-CAPA-admin] Apache vulnerability Issues
Jana C Avery/FS/VCU
jcavery at vcu.edu
Tue Sep 6 11:53:21 EDT 2011
Two vulnerabilities were reported by the Apache Software Foundation in the
last week. Below are links to the details on each vulnerability.
Tomcat Authentication bypass - CVE-2011-3190
Apache Dos issue - CVE-2011-3192
The fix looks to be in Apache 2.2.20.
http://httpd.apache.org/
Or possibly a workaround.
https://bugzilla.redhat.com/show_bug.cgi?id=732928
We're currently using Apache 2.2.3 on our Lon-Capa servers. Since the
vulnerability is fixed in 2.2.20 (2.2.twenty), I'm thinking we need to run
a yum update. Has anyone else done this in the past week, or tried the
workaround? If so, have you had any issues? Does anyone have any
suggestions about whether or not we should update Apache to 2.2.20?
Thanks!
Jana Avery
Learning Systems, Technology Services
Virginia Commonwealth University
Don't be a phishing victim - VCU and other reputable organizations will
never use email to request that you reply with your password, social
security number or confidential personal information. For more details
visit http://infosecurity.vcu.edu/phishing.html.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.lon-capa.org/pipermail/lon-capa-admin/attachments/20110906/4f038769/attachment.html>
More information about the LON-CAPA-admin
mailing list