MDVSA-2009:300-1
- Package name
- apache-conf
- Date
- 2010-01-07
- Advisory ID
- MDVSA-2009:300-1
- Affected versions
- 2009.1 i586 , 2009.1 x86_64
Problem description
A vulnerability was discovered and corrected in apache-conf:
The Apache HTTP Server enables the HTTP TRACE method per default
which allows remote attackers to conduct cross-site scripting (XSS)
attacks via unspecified web client software (CVE-2009-2823).
This update provides a solution to this vulnerability.
Update:
The wrong package was uploaded for 2009.1. This update addresses
that problem.
Updated packages
2009.1 i586
d20085bdf2db6c017ae2bbd1e66b95a3 2009.1/i586/apache-conf-2.2.11-5.1mdv2009.1.i586.rpm 528faefad6aa4272aa1f4eb028ffa738 2009.1/SRPMS/apache-conf-2.2.11-5.1mdv2009.1.src.rpm
2009.1 x86_64
3621be7e9f192f73f0c0435891d5ee1e 2009.1/x86_64/apache-conf-2.2.11-5.1mdv2009.1.x86_64.rpm 528faefad6aa4272aa1f4eb028ffa738 2009.1/SRPMS/apache-conf-2.2.11-5.1mdv2009.1.src.rpm