Nom du paquet
apache-conf
Date
2010-01-07
Advisory ID
MDVSA-2009:300-1
Affected versions
2009.1 i586 , 2009.1 x86_64

Problem description

A vulnerability was discovered and corrected in apache-conf:

The Apache HTTP Server enables the HTTP TRACE method per default
which allows remote attackers to conduct cross-site scripting (XSS)
attacks via unspecified web client software (CVE-2009-2823).

This update provides a solution to this vulnerability.

Update:

The wrong package was uploaded for 2009.1. This update addresses
that problem.

Updated packages

2009.1 i586

 d20085bdf2db6c017ae2bbd1e66b95a3  2009.1/i586/apache-conf-2.2.11-5.1mdv2009.1.i586.rpm 
 528faefad6aa4272aa1f4eb028ffa738  2009.1/SRPMS/apache-conf-2.2.11-5.1mdv2009.1.src.rpm

2009.1 x86_64

 3621be7e9f192f73f0c0435891d5ee1e  2009.1/x86_64/apache-conf-2.2.11-5.1mdv2009.1.x86_64.rpm 
 528faefad6aa4272aa1f4eb028ffa738  2009.1/SRPMS/apache-conf-2.2.11-5.1mdv2009.1.src.rpm

References