Support / Security / Advisories / Mandrakelinux 10.0 / MDKSA-2005:130

Package name: apache
Date: 2005-08-03
Advisory ID: MDKSA-2005:130
Affected versions: 10.2 x86_64 , CS2.1 x86_64 , 10.0 amd64 , 10.2 i586 , 10.1 i586 , 10.0 i586 , CS3.0 x86_64 , CS3.0 i586 , CS2.1 i586 , 10.1 x86_64

Problem description

Watchfire reported a flaw that occured when using the Apache server as a HTTP proxy. A remote attacker could send an HTTP request with both a "Transfer-Encoding: chunked" header and a "Content-Length" header which would cause Apache to incorrectly handle and forward the body of the request in a way that the receiving server processed it as a separate HTTP request. This could be used to allow the bypass of web application firewall protection or lead to cross-site scripting (XSS) attacks (CAN-2005-2088). The updated packages have been patched to prevent these issues.

Updated packages

10.2 x86_64

 d8d495e7b7fc8aa9c1fb15614ae04e34  x86_64/10.2/RPMS/apache-1.3.33-6.1.102mdk.x86_64.rpm
830b2e4bf1b3f9a390c8e7a7846b1353  x86_64/10.2/RPMS/apache-devel-1.3.33-6.1.102mdk.x86_64.rpm
a8b1adc69eaf5dc2b83bf49e84935a81  x86_64/10.2/RPMS/apache-modules-1.3.33-6.1.102mdk.x86_64.rpm
38bd01fe2513c2c10499689d6fe4f1b1  x86_64/10.2/RPMS/apache-source-1.3.33-6.1.102mdk.x86_64.rpm
4711227c7c38a014663194c198913907  x86_64/10.2/SRPMS/apache-1.3.33-6.1.102mdk.src.rpm

CS2.1 x86_64

 0dffe139277b76e135e535b4bd4fa79a  x86_64/corporate/2.1/RPMS/apache-1.3.26-7.4.C21mdk.x86_64.rpm
8226b7fd08c890401944c5aa490600d2  x86_64/corporate/2.1/RPMS/apache-common-1.3.26-7.4.C21mdk.x86_64.rpm
69e8a4f73342352b52bf828b2304af18  x86_64/corporate/2.1/RPMS/apache-devel-1.3.26-7.4.C21mdk.x86_64.rpm
112bde1b90f4741699c5618894c61f99  x86_64/corporate/2.1/RPMS/apache-manual-1.3.26-7.4.C21mdk.x86_64.rpm
d732d8e462489a368d3c1b237b29570a  x86_64/corporate/2.1/RPMS/apache-modules-1.3.26-7.4.C21mdk.x86_64.rpm
b40b4e4b81a090015754136d8eeb2e58  x86_64/corporate/2.1/RPMS/apache-source-1.3.26-7.4.C21mdk.x86_64.rpm
9a7d8ecb5a9530d17347c5490fe5df87  x86_64/corporate/2.1/SRPMS/apache-1.3.26-7.4.C21mdk.src.rpm

10.0 amd64

 38a8d4da07d15367f3b6a47507edd4ef  amd64/10.0/RPMS/apache-1.3.29-1.4.100mdk.amd64.rpm
fdb2f8fe48ac0f99dd7b06a77d6df5eb  amd64/10.0/RPMS/apache-devel-1.3.29-1.4.100mdk.amd64.rpm
ac6018c0c08d7c2e77ae7df8744f5cf0  amd64/10.0/RPMS/apache-modules-1.3.29-1.4.100mdk.amd64.rpm
0cc565a8b52aa6aaea33041a1a33b535  amd64/10.0/RPMS/apache-source-1.3.29-1.4.100mdk.amd64.rpm
7dde17d7931fcbb2c24fdae964c7d2e1  amd64/10.0/SRPMS/apache-1.3.29-1.4.100mdk.src.rpm

10.2 i586

 72a644da1a2b6ca9b108f169f0dcb683  10.2/RPMS/apache-1.3.33-6.1.102mdk.i586.rpm
9b715d3b8013f3c475ccd2225a70989a  10.2/RPMS/apache-devel-1.3.33-6.1.102mdk.i586.rpm
9eaa3fa994130d1de447cab50db7d66f  10.2/RPMS/apache-modules-1.3.33-6.1.102mdk.i586.rpm
3a2908d244f78eb80f529f843ce5c1ac  10.2/RPMS/apache-source-1.3.33-6.1.102mdk.i586.rpm
4711227c7c38a014663194c198913907  10.2/SRPMS/apache-1.3.33-6.1.102mdk.src.rpm

10.1 i586

 37fd0fb92592efe5a3fe5d5fa89b0c8c  10.1/RPMS/apache-1.3.31-7.2.101mdk.i586.rpm
3fcc7e95d9def7cb64aeb6d702563498  10.1/RPMS/apache-devel-1.3.31-7.2.101mdk.i586.rpm
47a376032b85aeabc5370bebbac51e38  10.1/RPMS/apache-modules-1.3.31-7.2.101mdk.i586.rpm
cd6757a1cc0270243fbc63c10508da0b  10.1/RPMS/apache-source-1.3.31-7.2.101mdk.i586.rpm
99461fdd6a1955961867fa888cc68d8f  10.1/SRPMS/apache-1.3.31-7.2.101mdk.src.rpm

10.0 i586

 7b647c45b60004470689faf9a461be6c  10.0/RPMS/apache-1.3.29-1.4.100mdk.i586.rpm
8b185dee42649dd3a56d5cffdd47f31c  10.0/RPMS/apache-devel-1.3.29-1.4.100mdk.i586.rpm
991592ab1cb3accd8456f748d8dd1d32  10.0/RPMS/apache-modules-1.3.29-1.4.100mdk.i586.rpm
a8bc7aee751c8a84584fbcc45d24e5d1  10.0/RPMS/apache-source-1.3.29-1.4.100mdk.i586.rpm
7dde17d7931fcbb2c24fdae964c7d2e1  10.0/SRPMS/apache-1.3.29-1.4.100mdk.src.rpm

CS3.0 x86_64

 58bb5e99baa148f0bedf1d8982b3301f  x86_64/corporate/3.0/RPMS/apache-1.3.29-1.4.C30mdk.x86_64.rpm
b7de432d1647f4ffe0661e9a921251dd  x86_64/corporate/3.0/RPMS/apache-modules-1.3.29-1.4.C30mdk.x86_64.rpm
7c9f246c832fec1cf3487e516ff334f4  x86_64/corporate/3.0/SRPMS/apache-1.3.29-1.4.C30mdk.src.rpm

CS3.0 i586

 9b2d7101aa263e860ea3839260620fe6  corporate/3.0/RPMS/apache-1.3.29-1.4.C30mdk.i586.rpm
be9d739b634cf93d229ad7b65bbf6c28  corporate/3.0/RPMS/apache-modules-1.3.29-1.4.C30mdk.i586.rpm
7c9f246c832fec1cf3487e516ff334f4  corporate/3.0/SRPMS/apache-1.3.29-1.4.C30mdk.src.rpm

CS2.1 i586

 9ce162ffa4d94c527ab84e668ae17a78  corporate/2.1/RPMS/apache-1.3.26-7.4.C21mdk.i586.rpm
4bddd4119a520be80ddd577c0f45acca  corporate/2.1/RPMS/apache-common-1.3.26-7.4.C21mdk.i586.rpm
132604f1487d76a5f5d7ace3ee10c040  corporate/2.1/RPMS/apache-devel-1.3.26-7.4.C21mdk.i586.rpm
920f9e8aa639db5e55224db2a75e908d  corporate/2.1/RPMS/apache-manual-1.3.26-7.4.C21mdk.i586.rpm
fe919175f6898834f3372f20d76f55df  corporate/2.1/RPMS/apache-modules-1.3.26-7.4.C21mdk.i586.rpm
64cf8b3d566d5010da1273f1ceeb9416  corporate/2.1/RPMS/apache-source-1.3.26-7.4.C21mdk.i586.rpm
9a7d8ecb5a9530d17347c5490fe5df87  corporate/2.1/SRPMS/apache-1.3.26-7.4.C21mdk.src.rpm

10.1 x86_64

 ac16e81572c092fe5d6448df9442ca8e  x86_64/10.1/RPMS/apache-1.3.31-7.2.101mdk.x86_64.rpm
28de6be2c20737d3819a787e310b2707  x86_64/10.1/RPMS/apache-devel-1.3.31-7.2.101mdk.x86_64.rpm
c02b7724a815cfd4cd8e49a1fb016620  x86_64/10.1/RPMS/apache-modules-1.3.31-7.2.101mdk.x86_64.rpm
8dca2b8497dd582eb732a23933e43a0f  x86_64/10.1/RPMS/apache-source-1.3.31-7.2.101mdk.x86_64.rpm
99461fdd6a1955961867fa888cc68d8f  x86_64/10.1/SRPMS/apache-1.3.31-7.2.101mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2088