httpd-2.2.15-54.0.1.AXS4
エラータID: AXSA:2016-569:04
リリース日:
2016/07/20 Wednesday - 18:37
題名:
httpd-2.2.15-54.0.1.AXS4
影響のあるチャネル:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
[修正内容]
以下項目について対処しました。
[Security Fix]
- Apache HTTP Server には、RFC 3875 section 4.1.18 に従い、HTTP_PROXY 環境変数内の信頼されないクライアントデータからのアプリケーションの保護を行っていないため、リモートの攻撃者が、HTTP リクエストの細工されたプロキシヘッダによって、アプリケーションのアウトバウンド HTTP トラフィックから任意のプロキシサーバーにリダイレクトする可能性のある脆弱性があります。(CVE-2016-5387)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2016-5387
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability.
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability.
追加情報:
N/A
ダウンロード:
SRPMS
- httpd-2.2.15-54.0.1.AXS4.src.rpm
MD5: 73dd0dcf7d02a5b7ba331055f54e4669
SHA-256: e0b8520e7d98b1d4d8b2a3f5c257305f417ad6d154c3ffa96c9eaa4affc314e2
Size: 6.46 MB
Asianux Server 4 for x86
- httpd-2.2.15-54.0.1.AXS4.i686.rpm
MD5: 7962011d3eac11ba4baaa4cbfaea0634
SHA-256: 2eb74acaf1a529fc61b04af4833e725bfbc9d3fc6e1d7fe68e566e0698553236
Size: 835.02 kB - httpd-devel-2.2.15-54.0.1.AXS4.i686.rpm
MD5: c1d6c53fd3c8d769f3ce4234e4bd3e31
SHA-256: cd5c586db05ca1478d6afe56487b979e4b91b3b7527eacdadd496c103fa9f728
Size: 155.64 kB - httpd-manual-2.2.15-54.0.1.AXS4.noarch.rpm
MD5: 9a1ef45b3b39095f834f5ed4e7668a56
SHA-256: f40e607fb6df94b2ee878cea5c0112f431d89915ea899ab2a2002dfbab4d34e6
Size: 788.62 kB - httpd-tools-2.2.15-54.0.1.AXS4.i686.rpm
MD5: 18d24ce456fb971a5d8126a4aef66e01
SHA-256: d7afaa4e5859dbfe918bfd68f490691574b334ea3e12d3877752c8ae0d338466
Size: 78.73 kB - mod_ssl-2.2.15-54.0.1.AXS4.i686.rpm
MD5: 9abfee7bb6e81367a261734f71df4bd8
SHA-256: d2c2a468910ae170863781361c0d6bebe7a2f09bf16ca23b994be61a7acac031
Size: 96.97 kB
Asianux Server 4 for x86_64
- httpd-2.2.15-54.0.1.AXS4.x86_64.rpm
MD5: cdb3aa792941f939371eeae81850d3f2
SHA-256: d0133a329b563244e690b95144ef144605ec53f718146cd8898cb564fc5d51cb
Size: 834.86 kB - httpd-devel-2.2.15-54.0.1.AXS4.x86_64.rpm
MD5: daee10b78f7b96b790d54495fdb3f84b
SHA-256: edad84f03ec94537f361f8ad8d244b37a565007705d69f67e8bf444c63540e37
Size: 155.17 kB - httpd-manual-2.2.15-54.0.1.AXS4.noarch.rpm
MD5: b200205c2ebeb23cbc60ab225bafe95e
SHA-256: 6590dce561a489e8524ce475ed422139764082e3010f5d91be8611c6a7c1fc81
Size: 788.16 kB - httpd-tools-2.2.15-54.0.1.AXS4.x86_64.rpm
MD5: 4b6db6f1b8541209d8c9c49de90dd550
SHA-256: fb6aff6a4aa348b8bc05c7e0f3aafe3c46f68a7d64b7f3104dfab023e0247ba3
Size: 77.72 kB - mod_ssl-2.2.15-54.0.1.AXS4.x86_64.rpm
MD5: a5436bb4826dfcf732585c5462b6c5ea
SHA-256: f5718845d91bf915c1e06048342137dd9b45dd657ffe8fd0f629776b8e0ee0a7
Size: 95.88 kB - httpd-devel-2.2.15-54.0.1.AXS4.i686.rpm
MD5: c1d6c53fd3c8d769f3ce4234e4bd3e31
SHA-256: cd5c586db05ca1478d6afe56487b979e4b91b3b7527eacdadd496c103fa9f728
Size: 155.64 kB
English