Red Hat Bugzilla – Bug 242606
CVE-2007-1862 httpd's mod_mem_cache sensitive information disclosure
Last modified: 2008-01-16 12:16:30 EST
Description of problem:
mod_mem_cache module in Apache httpd-2.2.4 could return headers from cache
pool objects that were already cleaned up and used for other purposes
possibly disclosing sensitive information.
The change that caused this flaw was introduced in revision 484642  and
reverted in revision 543515 .
Version-Release number of selected component (if applicable):
httpd-2.2.4 and thus:
CVE-2007-1862 Doesn't Affect: FC5
CVE-2007-1862 Affects: FC6
CVE-2007-1862 Affects: FC7
httpd-2.2.4-4.1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
This issue was specific to httpd version 2.2.4 and did not affect the versions
of httpd as shipped with Red Hat Enterprise Linux 2.1, 3, 4 or 5 and Red Hat
Application Stack v1.
Version of httpd as shipped with Red Hat Application Stack v2 was fixed prior to
its first release.