httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kevin A. McGrail" <>
Subject [users@httpd] Update on mod_setenvif exploit CVE-2011-3607 and CVE-2011-4415
Date Wed, 21 Dec 2011 17:42:02 GMT
Good Morning,

I was wondering if there was any update on CVE-2011-3607 
<> and 
<> which 
are bugs in mod_setenvif?

Our server is being flagged for PCI non-compliance because of these 
CVE's but there doesn't appear to be a fix, a workaround or any 
information I can find.

I checked bugzilla and the announce archives but these CVE's aren't 
listed at either.

However, some websearch issues that get pretty technical seem unclear if 
the issue is considered a security issue by apache.  Any assistance 


View raw message