Bug 137465 - mod_disk_cache information disclosure
mod_disk_cache information disclosure
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: httpd (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Joe Orton
: Security
: 157474 (view as bug list)
Depends On:
  Show dependency treegraph
Reported: 2004-10-28 13:30 EDT by Josh Bressers
Modified: 2007-11-30 17:07 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-11-25 10:49:57 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Josh Bressers 2004-10-28 13:30:33 EDT
mod_disk_cache stores all client authentication credentials for cached
objects on disk. This means proxy authentication credentials as well as
in certain RFC2616 defined cases standard authentication credentials.

In case of Basic Authentication *plaintext passwords* are stored on disk.

for more information and patch.
Comment 1 Joe Orton 2004-11-09 09:45:44 EST
Should be fixed in 2.0.46-44.ent update.
Comment 2 Mark J. Cox (Product Security) 2004-11-25 10:49:57 EST
Comment 3 Mark J. Cox (Product Security) 2005-05-12 05:40:12 EDT
*** Bug 157474 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.