Fix “Apache ETag Header Disclosure” vulnerability

A cache management feature for Apache makes use of an entity tag (ETag) header. When this option is enabled and a request is made for a document relating to a file, an ETag response header is returned containing various file attributes for caching purposes. ETag information allows subsequent file requests to contain specific information, such […]

Continue reading ...

Apache HTTPD CGI Application “Proxy:” Header Processing

Decription: Apache HTTPD CGI Application “Proxy:” Header Processing Flaw Lets Remote Users Redirect the Target CGI Application Requests to an Arbitrary Web Proxy in Certain Cases On systems where the Apache HTTPD server is configured to proxy HTTP requests and the target CGI application relies on the HTTP_PROXY environment variable in a trusted manner, a […]

Continue reading ...

Apache HTTPD HTTP/2: remote user can bypass client certificate authentication

Decription: A vulnerability was reported in Apache HTTPD. A remote user can bypass client certificate authentication. The web server’s experimental module for HTTP/2 (mod_http2) does not properly validate an X.509 client. A remote user can bypass client certificate authentication to access web resources on the target system. Affected versions: Apache v.2.4.18 through 2.4.20 using the […]

Continue reading ...