Bug 617523 (CVE-2010-2791)
Summary: | CVE-2010-2791 httpd: Reverse proxy sends wrong responses after time-outs | ||||||
---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Jeremy Sowden <jeremy> | ||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
Status: | CLOSED ERRATA | QA Contact: | |||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | unspecified | CC: | jim.redhat, jorton, kieran, puzza007+redhat, vdanen | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2013-05-08 17:28:55 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 623210, 623211 | ||||||
Bug Blocks: | |||||||
Attachments: |
|
Description
Jeremy Sowden
2010-07-23 10:53:33 UTC
(In reply to comment #0) > The code committed to modules/proxy/mod_proxy_http.c in rev. 660936 > [0] and tagged in 2.2.9 [1] introduced a bug in the case of a proxy > time-out such that when a reverse proxy attempts to force a retry, > ap_proxy_http_process_response returns OK and so the connection to > the back-end server remains intact, allowing the server to send its > response. Sorry, got the revision wrong; it should be 657443: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_http.c?r1=657440&r2=657443 Raising the severity of this bug report to match the importance ascribed to the related issue in Apache's bugzilla: https://issues.apache.org/bugzilla/show_bug.cgi?id=49417 Thanks a lot for the report and diagnosis. It doesn't look like any security impact of this was noticed upstream. Changing this to a security response bug, and giving it its assigned CVE name: CVE-2010-2791 as per: http://marc.info/?l=apache-httpd-dev&m=128050296121660&w=2 Upstream security page lists this issue as only affecting httpd 2.2.9: http://httpd.apache.org/security/vulnerabilities_22.html#2.2.10 While httpd version shipped with Red Hat Enterprise Linux 5 is based on 2.2.3, it was affected by this issue due to a rebase of mod_proxy and mod_cache modules to version used in upstream httpd version 2.2.9. This rebase was done in RHBA-2009:0185, released as part of Red Hat Enterprise Linux 5.3 update: https://rhn.redhat.com/errata/RHBA-2009-0185.html This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2010:0659 https://rhn.redhat.com/errata/RHSA-2010-0659.html |