Redhat has released a security patch to correct two vulnerabilities identified in Apache. The first issue occurs when processing an HTTP request containing "Transfer-Encoding: chunked" and "Content-Length" headers, which could allow the bypass of Web application firewall protection or lead to cross-site scripting attacks. The second flaw is due to a buffer overflow error in the "ssl_callback_SSLVerify_CRL()" function [modules/ssl/ssl_engine_kernel.c] when apache is configured to use a malicious certificate revocation list (CRL), which could be exploited by attackers to cause a denial of service. For additional information, see : VUPEN/ADV-2005-1198
Subscribe to VUPEN VNS and receive real-time alerts with CVE, CWE, and CVSS when new advisories or patches relevant to your systems and network configurations are available.
Feedback If you have additional information or corrections for this security advisory please submit them via our contact form.
