httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kevin A. McGrail" <KMcGr...@PCCC.com>
Subject [users@httpd] Update on mod_setenvif exploit CVE-2011-3607 and CVE-2011-4415
Date Wed, 21 Dec 2011 17:42:02 GMT
Good Morning,

I was wondering if there was any update on CVE-2011-3607 
<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3607> and 
CVE-2011-4415 
<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4415> which 
are bugs in mod_setenvif?

Our server is being flagged for PCI non-compliance because of these 
CVE's but there doesn't appear to be a fix, a workaround or any 
information I can find.

I checked bugzilla and the announce archives but these CVE's aren't 
listed at http://httpd.apache.org/security/vulnerabilities_22.html either.

However, some websearch issues that get pretty technical seem unclear if 
the issue is considered a security issue by apache.  Any assistance 
appreciated.

Regards,
KAM

Mime
View raw message