Bug 231919

Summary: mod_jk 1.2.19 is vulnerable to CVE-2007-0774
Product: [Retired] Red Hat Web Application Stack Reporter: Ben Stringer <ben>
Component: distributionAssignee: Patrick Macdonald <patrickm>
Status: CLOSED ERRATA QA Contact: Len DiMaggio <ldimaggi>
Severity: medium Docs Contact:
Priority: medium    
Version: v1   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-05-24 21:15:18 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ben Stringer 2007-03-12 23:33:50 UTC 
Description of problem:
mod_jk 1.2.19 appears to be vulnerable to CVE-2007-0774. See: 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0774
Could we have mod_jk 1.2.21 made available from Redhat please?


Version-Release number of selected component (if applicable):
mod_jk-ap20-1.2.19-1jpp_1rh running on RHEL AS4 release 4 on i386.
Comment 1 Ben Stringer 2007-03-13 00:37:33 UTC 
Looks like this is patched in Application Stack 1.0. Can the same patch be made 
available in the channel Application Server 2.0?

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230045
Comment 2 Ben Stringer 2007-03-13 00:38:25 UTC 
*** Bug 231917 has been marked as a duplicate of this bug. ***
Comment 3 Vincent Danen 2012-05-24 21:15:18 UTC 
Wow, old bug.

This was resolved a month after it was filed and never closed:

https://rhn.redhat.com/errata/RHSA-2007-0164.html