Bug #871674 “Server mod_proxy_ajp Denial of Service Vulnerabilit...” : Bugs : apache2 package : Ubuntu

<!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr"> <head> <base href="https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/871674/+index" /> <meta charset="UTF-8" /> <title>Bug #871674 “Server mod_proxy_ajp Denial of Service Vulnerabilit...” : Bugs : apache2 package : Ubuntu</title> <link rel="apple-touch-icon" sizes="180x180" href="/@@/apple-touch-icon.png?v=2022" /> <link rel="icon" type="image/png" sizes="32x32" href="/@@/favicon-32x32.png?v=2022" /> <link rel="icon" type="image/png" sizes="16x16" href="/@@/favicon-16x16.png?v=2022" /> <link rel="manifest" href="/@@/site.webmanifest?v=2022" /> <link rel="mask-icon" href="/@@/safari-pinned-tab.svg?v=2022" color="#e9531f" /> <link rel="shortcut icon" href="/@@/favicon.ico?v=2022" /> <meta name="msapplication-TileColor" content="#da532c" /> <meta name="msapplication-config" content="/@@/browserconfig.xml?v=2022" /> <meta name="theme-color" content="#ffffff" /> <link rel="canonical" href="https://bugs.launchpad.net/bugs/871674" /> <link rel="alternate" type="application/atom+xml" href="http://feeds.launchpad.net/bugs/871674/bug.atom" title="Bug 871674 Feed" /> <link type="text/css" rel="stylesheet" media="screen, print" href="/+icing/revaa29ae0fff49e4e804b39147c9f259d2fb023199/combo.css" /> <meta name="description" content="A vulnerability exists in Apache HTTP Server due to an error within the processing of malformed HTTP requests in mod_proxy_ajp when being used in combination with mod_proxy_balancer." /> <meta property="og:description" content="A vulnerability exists in Apache HTTP Server due to an error within the processing of malformed HTTP requests in mod_proxy_ajp when being used in combination with mod_proxy_balancer." /> <meta property="og:title" content="Bug #871674 “Server mod_proxy_ajp Denial of Service Vulnerabilit...” : Bugs : apache2 package : Ubuntu" /> <meta property="og:type" content="website" /> <meta property="og:image" content="/@@/launchpad-og-image.png" /> <meta property="og:url" content="https://bugs.launchpad.net/bugs/871674" /> <meta property="og:site_name" content="Launchpad" /> <script type="text/javascript"> var LP = { cache: {}, links: {} }; </script> <script type="text/javascript">var cookie_scope = '; Path=/; Secure; Domain=.launchpad.net';</script> <script type="text/javascript" src="/+combo/revaa29ae0fff49e4e804b39147c9f259d2fb023199/?yui/yui/yui-min.js&lp/meta.js&yui/loader/loader-min.js"></script> <script type="text/javascript"> var raw = null; if (LP.devmode) { raw = 'raw'; } YUI.GlobalConfig = { combine: true, comboBase: '/+combo/revaa29ae0fff49e4e804b39147c9f259d2fb023199/?', root: 'yui/', filter: raw, debug: false, fetchCSS: false, maxURLLength: 2000, groups: { lp: { combine: true, base: '/+combo/revaa29ae0fff49e4e804b39147c9f259d2fb023199/?lp/', comboBase: '/+combo/revaa29ae0fff49e4e804b39147c9f259d2fb023199/?', root: 'lp/', // comes from including lp/meta.js modules: LP_MODULES, fetchCSS: false } } }</script> <script type="text/javascript"> // we need this to create a single YUI instance all events and code // talks across. All instances of YUI().use should be based off of // LPJS instead. var LPJS = new YUI(); </script> <script id="base-layout-load-scripts" type="text/javascript"> //<![CDATA[ LPJS.use('base', 'node', 'console', 'event', 'oop', 'lp', 'lp.app.foldables','lp.app.sorttable', 'lp.app.inlinehelp', 'lp.app.links', 'lp.bugs.bugtask_index', 'lp.bugs.subscribers', 'lp.app.ellipsis', 'lp.code.branchmergeproposal.diff', 'lp.views.global', function(Y) { Y.on("domready", function () { var global_view = new Y.lp.views.Global(); global_view.render(); Y.lp.app.sorttable.SortTable.init(); Y.lp.app.inlinehelp.init_help(); Y.lp.activate_collapsibles(); Y.lp.app.foldables.activate(); Y.lp.app.links.check_valid_lp_links(); }); Y.on('lp:context:web_link:changed', function(e) { window.location = e.new_value; }); }); //]]> </script> <script id="base-helper-functions" type="text/javascript"> //<![CDATA[ // This code is pulled from lp.js that needs to be available on every // request. Pulling here to get it outside the scope of the YUI block. function setFocusByName(name) { // Focus the first element matching the given name which can be focused. var nodes = document.getElementsByName(name); var i, node; for (i = 0; i < nodes.length; i++) { node = nodes[i]; if (node.focus) { try { // Trying to focus a hidden element throws an error in IE8. if (node.offsetHeight !== 0) { node.focus(); } } catch (e) { LPJS.use('console', function(Y) { Y.log('In setFocusByName(<' + node.tagName + ' type=' + node.type + '>): ' + e); }); } break; } } } function selectWidget(widget_name, event) { if (event && (event.keyCode === 9 || event.keyCode === 13)) { // Avoid firing if user is tabbing through or simply pressing // enter to submit the form. return; } document.getElementById(widget_name).checked = true; } //]]> </script> <script type="text/javascript" id="available-official-tags-js">var available_official_tags = ["a11y", "appstream", "bionic", "bisect-done", "bitesize", "block-proposed", "block-proposed-focal", "block-proposed-jammy", "block-proposed-noble", "block-proposed-oracular", "cherry-pick", "community-security", "desktop-file", "dist-upgrade", "fixed-upstream", "focal", "ftbfs", "hw-specific", "jammy", "kernel-bug", "manpage", "metabug", "multiarch", "multigpu", "multimonitor", "needs-bisect", "needs-design", "needs-packaging", "needs-reassignment", "noble", "nvidia", "oracular", "package-conflict", "packaging", "patch", "patch-accepted-debian", "patch-accepted-upstream", "patch-forwarded-debian", "patch-forwarded-upstream", "patch-needswork", "patch-rejected", "patch-rejected-debian", "patch-rejected-upstream", "performing-bisect", "plucky", "qt4-removal", "regression-proposed", "regression-release", "regression-update", "string-fix", "suspend-resume", "systemd-boot", "testcase", "unmetdeps", "update-excuse", "upgrade-software-version", "verification-done-bionic", "verification-done-focal", "verification-done-jammy", "verification-done-noble", "verification-done-oracular", "verification-failed-bionic", "verification-failed-jammy", "verification-needed-bionic", "verification-needed-focal", "verification-needed-jammy", "verification-needed-noble", "verification-needed-oracular", "wayland"];</script> <script type="text/javascript"> LPJS.use('base', 'node', 'oop', 'event', 'lp.bugs.bugtask_index', 'lp.bugs.subscribers', 'lp.code.branchmergeproposal.diff', 'lp.app.comment', 'lp.services.messages.edit', function(Y) { Y.on('domready', function() { Y.lp.code.branchmergeproposal.diff.connect_diff_links(); Y.lp.bugs.bugtask_index.setup_bugtask_index(); Y.lp.bugs.bugtask_index.setup_bugtask_table(); LP.cache.comment_context = LP.cache.bug; var cl = new Y.lp.app.comment.CommentList(); cl.render(); var sl = new Y.lp.bugs.subscribers.createBugSubscribersLoader({ container_box: '#other-bug-subscribers', subscribers_details_view: '/+bug-portlet-subscribers-details', subscribe_someone_else_link: '.menu-link-addsubscriber' }, window); Y.lp.services.messages.edit.setup(); }); }); </script> <style type="text/css"> /* Align the 'add comment' link to the right of the comment box. */ #add-comment-form textarea { width: 100%; } #add-comment-form { max-width: 60em; padding-bottom: 4em; } #add-comment-form .actions {float: right;} .buglink-summary dd { font-size: 10px; } a#privacy-link:link:hover, a#privacy-link:visited:hover {text-decoration:none;} </style> <style type="text/css"> .yui3-overlay .value label { /* It normally makes sense for form labels to be bold, but since this form consists only of radio buttons, there's nothing but labels so we just get wall-to-wall bold. */ font-weight: normal !important; } </style> </head> <body id="document" itemscope="" itemtype="http://schema.org/WebPage" class="tab-bugs main_side public yui3-skin-sam"> <div class="yui-d0"> <div id="locationbar" class="login-logout"> <div id="logincontrol"><a href="https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/871674/+login">Log in / Register</a></div> </div> <div id="watermark" class="watermark-apps-portlet"> <div> <a href="https://launchpad.net/ubuntu"><img alt="" width="64" height="64" src="https://launchpadlibrarian.net/606381979/CoF%2064px.png" /></a> </div> <div class="wide"> <h2 id="watermark-heading"><a href="https://launchpad.net/ubuntu">Ubuntu</a><br /><a href="https://launchpad.net/ubuntu/+source/apache2">apache2 package</a></h2> </div>  <ul class="facetmenu"> <li class="overview"><a href="https://launchpad.net/ubuntu/+source/apache2">Overview</a></li> <li class="branches"><a href="https://code.launchpad.net/ubuntu/+source/apache2">Code</a></li> <li class="bugs active"><a href="https://bugs.launchpad.net/ubuntu/+source/apache2">Bugs</a></li> <li class="specifications disabled-tab"><span>Blueprints</span></li> <li class="translations"><a href="https://translations.launchpad.net/ubuntu/+source/apache2">Translations</a></li> <li class="answers"><a href="https://answers.launchpad.net/ubuntu/+source/apache2">Answers</a></li> </ul> </div> <div class="yui-t4"> <div id="maincontent" class="yui-main"> <div class="yui-b" dir="ltr"> <div class="context-publication"> <h1 id="edit-title"> <span class="yui3-editable_text-text ellipsis" style="max-width: 95%;"> Server mod_proxy_ajp Denial of Service Vulnerability </span> </h1> <div id="registration" class="registering"> Bug #871674 reported by <a href="https://launchpad.net/~djtwenty" class="sprite person">Gabrieli Gianpietro</a> <time title="2011-10-10 10:14:08 UTC" datetime="2011-10-10T10:14:08.547666+00:00">on 2011-10-10</time> </div> </div> <div id="request-notifications"> </div> <div> <div id="bug-is-duplicate"> </div> <div style="float: right;"> <span><a href="/+help-bugs/bug-heat.html" target="help" class="sprite flame">258</a></span> </div> <div class="actions"> <span id="affectsmetoo" style="display: inline">This bug affects 1 person</span> </div> <table id="affected-software" class="listing"> <thead> <tr> <th colspan="2">Affects</th> <th>Status</th> <th>Importance</th> <th>Assigned to</th> <th>Milestone</th> </tr> </thead> <tbody> <tr class="highlight" id="tasksummary1031908"> <td> </td> <td> <span id="bugtarget-picker-tasksummary1031908"> <span class="yui3-activator-data-box"> <a class="sprite package-source" href="https://bugs.launchpad.net/ubuntu/+source/apache2" title="Latest release: 2.4.63-1ubuntu1, uploaded to main on 2025-02-19 07:07:21.748083+00:00 by Simon Quigley (tsimonq2), maintained by Ubuntu Developers (ubuntu-devel-discuss-lists)">apache2 (Ubuntu)</a> </span> <div class="yui3-activator-message-box yui3-activator-hidden"></div> </span> </td> <td style="width: 20%; vertical-align: middle"> <div class="status-content" style="width: 100%; float: left"> <span style="float: left" class="value statusFIXRELEASED">Fix Released</span> </div> </td> <td style="width: 15em; vertical-align: middle"> <div class="importance-content" style="width: 100%; float: left"> <span style="float: left" class="value importanceUNDECIDED">Undecided</span> </div> </td> <td style="width:20%; margin: 0; padding: 0; vertical-align: middle; padding-left: 0.5em"> <span id="assignee-picker-tasksummary1031908"> <span class="yui3-activator-data-box"> <a class="sprite person" href="https://launchpad.net/~sbeattie">Steve Beattie</a> </span> <div class="yui3-activator-message-box yui3-activator-hidden"></div> </span> </td> <td style="width: 20%; vertical-align: middle"> <div class="milestone-content" style="width: 100%; float: left"> <a class="value" href=""></a> </div> </td> </tr> </tbody> </table> <div id="maincontentsub"> <div class="top-portlet"> <div itemprop="mainContentOfPage" class="report"> <div> <div class="lazr-multiline-edit" id="edit-description"> <div class="clearfix"> <h3>Bug Description</h3> </div> <div class="yui3-editable_text-text"><p>A vulnerability exists in Apache HTTP Server due to an error within the processing of malformed HTTP requests in mod_proxy_ajp when being used in combination with mod_proxy_balancer.</p></div> </div> </div> <div style="margin:-10px 0 20px 5px" class="clearfix"> </div> <div id="bug-tags"> <span id="tags-heading"> </span> <span id="tag-list"> </span> </div> <script type="text/javascript"> LPJS.use('event', 'node', 'lp.bugs.tags_entry', function(Y) { Y.on('domready', function(e) { Y.lp.bugs.tags_entry.setup_tag_entry( available_official_tags); }, window); }); </script> <div class="clearfix"></div> </div> <div id="branches-and-cves"> <div id="bug-branches-container" style="float: left"> <div id="bug-branches"> <h2>Related branches</h2> <div class="buglink-summary"> <a href="https://code.launchpad.net/~ubuntu-branches/ubuntu/lucid/apache2/lucid-security" class="sprite branch">lp:ubuntu/lucid-security/apache2</a> </div> <div class="buglink-summary"> <a href="https://code.launchpad.net/~ubuntu-branches/ubuntu/hardy/apache2/hardy-security" class="sprite branch">lp:ubuntu/hardy-security/apache2</a> </div> <div class="buglink-summary"> <a href="https://code.launchpad.net/~ubuntu-branches/ubuntu/maverick/apache2/maverick-security" class="sprite branch">lp:ubuntu/maverick-security/apache2</a> </div> <div class="buglink-summary"> <a href="https://code.launchpad.net/~ubuntu-branches/ubuntu/natty/apache2/natty-security" class="sprite branch">lp:ubuntu/natty-security/apache2</a> </div> <div class="buglink-summary"> <a href="https://code.launchpad.net/~ubuntu-branches/ubuntu/oneiric/apache2/oneiric-security" class="sprite branch">lp:ubuntu/oneiric-security/apache2</a> </div> <div class="buglink-summary"> <a href="https://code.launchpad.net/~ubuntu-branches/ubuntu/lucid/apache2/lucid-updates" class="sprite branch">lp:ubuntu/lucid-updates/apache2</a> </div> <div class="buglink-summary"> <a href="https://code.launchpad.net/~ubuntu-branches/ubuntu/hardy/apache2/hardy-updates" class="sprite branch">lp:ubuntu/hardy-updates/apache2</a> </div> </div> </div> <div class="cves"> <h2>CVE References</h2> <ul> <li class="sprite cve"> <a href="/bugs/cve/2011-3192" title="The byterange filter in the Apache HT...">2011-3192</a> </li> <li class="sprite cve"> <a href="/bugs/cve/2011-3348" title="The mod_proxy_ajp module in the Apach...">2011-3348</a> </li> <li class="sprite cve"> <a href="/bugs/cve/2011-3368" title="The mod_proxy module in the Apache HT...">2011-3368</a> </li> </ul> </div> <div class="clearfix"></div> </div>  </div> <div> <div xmlns="http://www.w3.org/1999/xhtml" itemscope="" itemtype="http://schema.org/UserComments" class="boardComment editable-message " data-baseurl="/ubuntu/+source/apache2/+bug/871674/comments/1" data-i-can-edit="False"> <div class="boardCommentDetails"> <div class="message-revision-container"> <div class="message-revision-container-header"> <span>Revision history for this message</span> <img src="/+icing/build/overlay/assets/skins/sam/images/close.gif" class="message-revision-close" /> </div> <script type="text/template"> <div class='message-revision-item'> <div class='message-revision-title'> <a class="sprite remove action-icon message-revision-del-btn"> Remove </a> <a class="js-action"> Revision #{revision}, created at {date_created_display} </a> </div> <div class='message-revision-body'>{content}</div> </div> </script> <div class="message-revision-list"></div> </div> <table> <tbody> <tr> <td> <a href="https://launchpad.net/~sbeattie" class="sprite person">Steve Beattie (sbeattie)</a> wrote <time itemprop="commentTime" datetime="2011-10-13T16:53:48.025942+00:00" title="2011-10-13 16:53:48 UTC">on 2011-10-13</time><span class="editable-message-last-edit-date">: </span> </td> <td> </td> <td> </td> <td class="bug-comment-index"> <a itemprop="url" href="/ubuntu/+source/apache2/+bug/871674/comments/1"> #1</a> </td> </tr> </tbody> </table> </div> <div class="boardCommentBody"> <div class="editable-message-body"> <div class="comment-text editable-message-text" itemprop="commentText"><p>Thanks for the heads up, assigning to myself.</p></div> </div> <div class="editable-message-form" style="display: none"> <textarea style="width: 100%" rows="10">Thanks for the heads up, assigning to myself.</textarea> <input type="button" value="Update" class="editable-message-update-btn" /> <input type="button" value="Cancel" class="editable-message-cancel-btn" /> </div> </div> <div class="boardCommentActivity"> <table class="bug-activity"> <tr> <td colspan="2">Changed in apache2 (Ubuntu): </td> </tr> <tr> <td style="text-align: right;"> <b>status</b>: </td> <td> New → In Progress </td> </tr> <tr> <td style="text-align: right;"> <b>assignee</b>: </td> <td> nobody → Steve Beattie (sbeattie) </td> </tr> <tr> <td style="text-align: right;"> <b>visibility</b>: </td> <td> private → public </td> </tr> </table> </div> </div> <div xmlns="http://www.w3.org/1999/xhtml" itemscope="" itemtype="http://schema.org/UserComments" class="boardComment editable-message " data-baseurl="/ubuntu/+source/apache2/+bug/871674/comments/2" data-i-can-edit="False"> <div class="boardCommentDetails"> <div class="message-revision-container"> <div class="message-revision-container-header"> <span>Revision history for this message</span> <img src="/+icing/build/overlay/assets/skins/sam/images/close.gif" class="message-revision-close" /> </div> <script type="text/template"> <div class='message-revision-item'> <div class='message-revision-title'> <a class="sprite remove action-icon message-revision-del-btn"> Remove </a> <a class="js-action"> Revision #{revision}, created at {date_created_display} </a> </div> <div class='message-revision-body'>{content}</div> </div> </script> <div class="message-revision-list"></div> </div> <table> <tbody> <tr> <td> <a href="https://launchpad.net/~janitor" class="sprite person-inactive">Launchpad Janitor (janitor)</a> wrote <time itemprop="commentTime" datetime="2011-11-10T22:04:50.060029+00:00" title="2011-11-10 22:04:50 UTC">on 2011-11-10</time><span class="editable-message-last-edit-date">: </span> </td> <td> </td> <td> </td> <td class="bug-comment-index"> <a itemprop="url" href="/ubuntu/+source/apache2/+bug/871674/comments/2"> #2</a> </td> </tr> </tbody> </table> </div> <div class="boardCommentBody"> <div class="editable-message-body"> <div class="comment-text editable-message-text" itemprop="commentText"><p>This bug was fixed in the package apache2 - 2.2.20-1ubuntu1.1</p> <p>---------------<br /> apache2 (2.2.20-1ubuntu1.1) oneiric-security; urgency=low</p> <p>  * SECURITY UPDATE: mod_proxy reverse proxy exposure (LP: <a href="/bugs/877740" class="bug-link">#877740</a>)<br />     - debian/<wbr />patches/<wbr />212_CVE-<wbr />2011-3368.<wbr />dpatch: return 400<br />       on invalid requests. (patch courtesy of Michael Jeanson)<br />     - CVE-2011-3368<br />   * SECURITY UPDATE: mod_proxy_ajp denial of service (LP: <a href="/bugs/871674" class="bug-link">#871674</a>)<br />     - debian/<wbr />patches/<wbr />213_CVE-<wbr />2011-3348.<wbr />dpatch: return<br />       HTTP_<wbr />NOT_IMPLEMENTED when AJP_EBAD_METHOD is requested<br />     - CVE-2011-3348<br />   * Include additional fixes for regressions introduced by<br />     CVE-2011-3192 fixes<br />     - debian/<wbr />patches/<wbr />214_CVE-<wbr />2011-3192_<wbr />regression.<wbr />dpatch:<br />       take upstream fixes for byterange_filter.c through the 2.2.21<br />       release except for the added MaxRanges configuration option, along<br />       with a staged fix for the 2.2.22 release.<br />  -- Steve Beattie <email address hidden> Mon, 07 Nov 2011 14:01:10 -0800</p></div> </div> <div class="editable-message-form" style="display: none"> <textarea style="width: 100%" rows="10">This bug was fixed in the package apache2 - 2.2.20-1ubuntu1.1 --------------- apache2 (2.2.20-1ubuntu1.1) oneiric-security; urgency=low * SECURITY UPDATE: mod_proxy reverse proxy exposure (LP: #877740) - debian/patches/212_CVE-2011-3368.dpatch: return 400 on invalid requests. (patch courtesy of Michael Jeanson) - CVE-2011-3368 * SECURITY UPDATE: mod_proxy_ajp denial of service (LP: #871674) - debian/patches/213_CVE-2011-3348.dpatch: return HTTP_NOT_IMPLEMENTED when AJP_EBAD_METHOD is requested - CVE-2011-3348 * Include additional fixes for regressions introduced by CVE-2011-3192 fixes - debian/patches/214_CVE-2011-3192_regression.dpatch: take upstream fixes for byterange_filter.c through the 2.2.21 release except for the added MaxRanges configuration option, along with a staged fix for the 2.2.22 release. -- Steve Beattie <sbeattie@ubuntu.com> Mon, 07 Nov 2011 14:01:10 -0800</textarea> <input type="button" value="Update" class="editable-message-update-btn" /> <input type="button" value="Cancel" class="editable-message-cancel-btn" /> </div> </div> <div class="boardCommentActivity"> <table class="bug-activity"> <tr> <td colspan="2">Changed in apache2 (Ubuntu): </td> </tr> <tr> <td style="text-align: right;"> <b>status</b>: </td> <td> In Progress → Fix Released </td> </tr> </table> </div> </div> <div style="float: right;"> <a class="menu-link-activitylog" href="https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/871674/+activity">See full activity log</a> </div> <div class="clearfix"></div> <div align="center" id="add-comment-login-first"> To post a comment you must <a href="+login?comments=all">log in</a>. </div> </div> </div> <div> <div id="duplicate-form-container"></div> <div id="privacy-form-container"></div> </div> </div> </div> </div> <div id="side-portlets" class="yui-b side"> <div id="involvement" class="portlet"> <ul class="involvement"> <li class="single"> <a class="sprite bugs" href="/ubuntu/+source/apache2/+filebug"> Report a bug </a> </li> </ul> </div> <div id="privacy" class="first portlet public"> <div id="privacy-text"> <span id="information-type-summary" class="sprite public">This report contains <strong id="information-type">Public Security</strong> information </span>  <div id="information-type-description" style="padding-top: 5px">Everyone can see this security related information. </div> </div> </div> <div id="portlet-actions" class="portlet vertical"> <ul id="duplicate-actions"> </ul> <ul id="lock-status-actions"> </ul> </div> <div class="portlet vertical" id="portlet-subscription"> <div class="section"> <div id="current_user_subscription" class="False"> <span>You are</span> <a class="menu-link-subscription sprite modify edit" href="/ubuntu/+source/apache2/+bug/871674/+subscribe"> not directly subscribed to this bug's notifications. </a> </div> <div id="sub-unsub-spinner">Subscribing...</div> <ul> <li><a class="menu-link-editsubscriptions sprite modify edit" href="https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/871674/+subscriptions" title="View and change your subscriptions to this bug">Edit bug mail</a></li> </ul> </div> <script type="text/javascript"> LPJS.use('io-base', 'node', 'lp.bugs.bugtask_index.portlets.subscription', function(Y) { Y.on('domready', function() { Y.lp.bugs.bugtask_index.portlets.subscription.initialize(); }); }); </script> </div> <div class="portlet vertical" id="portlet-subscribers"> <h2>Other bug subscribers</h2> <div> <div><a class="menu-link-addsubscriber sprite add" href="https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/871674/+addsubscriber" title="Launchpad will email that person whenever this bugs changes">Subscribe someone else</a></div> </div> <div id="other-bug-subscribers"></div> </div> <div class="portlet" id="portlet-watches"> <h2>Remote bug watches</h2> <ul> </ul> <p>Bug watches keep track of this bug in other bug trackers.</p> </div> </div> </div> <div id="footer" class="footer"> <div class="lp-arcana"> <div class="lp-branding"> <a href="https://launchpad.net/"><img src="/@@/launchpad-footer-logo.svg" alt="Launchpad" width="65" height="18" /></a>  •  <a href="https://launchpad.net/+tour">Take the tour</a>  •  <a href="https://help.launchpad.net/">Read the guide</a>   <form id="globalsearch" method="get" accept-charset="UTF-8" action="https://launchpad.net/+search"> <input type="search" id="search-text" name="field.text" /> <input type="image" src="/@@/search" style="vertical-align:5%" alt="Search Launchpad" /> </form> </div> </div> <div class="colophon"> © 2004 <a href="http://canonical.com/">Canonical Ltd.</a>  •  <a href="https://launchpad.net/legal">Terms of use</a>  •  <a href="https://www.ubuntu.com/legal/dataprivacy">Data privacy</a>  •  <a href="/feedback">Contact Launchpad Support</a>  •  <a href="http://blog.launchpad.net/">Blog</a>  •  <a href="https://canonical.com/careers">Careers</a>  •  <a href="https://ubuntu.social/@launchpadstatus">System status</a> <span id="lp-version">  •  aa29ae0 (<a href="https://dev.launchpad.net/">Get the code!</a>) </span> </div> </div> </div> <script id="json-cache-script">LP.cache = {"related_features": {}, "bug": {"self_link": "https://bugs.launchpad.net/api/devel/bugs/871674", "web_link": "https://bugs.launchpad.net/bugs/871674", "resource_type_link": "https://bugs.launchpad.net/api/devel/#bug", "id": 871674, "private": false, "information_type": "Public Security", "name": null, "title": "Server mod_proxy_ajp Denial of Service Vulnerability ", "description": "A vulnerability exists in Apache HTTP Server due to an error within the processing of malformed HTTP requests in mod_proxy_ajp when being used in combination with mod_proxy_balancer.", "owner_link": "https://bugs.launchpad.net/api/devel/~djtwenty", "bug_tasks_collection_link": "https://bugs.launchpad.net/api/devel/bugs/871674/bug_tasks", "duplicate_of_link": null, "date_created": "2011-10-10T10:14:08.547666+00:00", "activity_collection_link": "https://bugs.launchpad.net/api/devel/bugs/871674/activity", "subscriptions_collection_link": "https://bugs.launchpad.net/api/devel/bugs/871674/subscriptions", "date_last_updated": "2011-11-10T23:15:38.242575+00:00", "who_made_private_link": null, "date_made_private": null, "heat": 258, "bug_watches_collection_link": "https://bugs.launchpad.net/api/devel/bugs/871674/bug_watches", "cves_collection_link": "https://bugs.launchpad.net/api/devel/bugs/871674/cves", "vulnerabilities_collection_link": "https://bugs.launchpad.net/api/devel/bugs/871674/vulnerabilities", "duplicates_collection_link": "https://bugs.launchpad.net/api/devel/bugs/871674/duplicates", "attachments_collection_link": "https://bugs.launchpad.net/api/devel/bugs/871674/attachments", "security_related": true, "latest_patch_uploaded": null, "tags": [], "date_last_message": "2011-11-10T22:04:50.060029+00:00", "number_of_duplicates": 0, "message_count": 3, "users_affected_count": 1, "users_unaffected_count": 0, "users_affected_collection_link": "https://bugs.launchpad.net/api/devel/bugs/871674/users_affected", "users_unaffected_collection_link": "https://bugs.launchpad.net/api/devel/bugs/871674/users_unaffected", "users_affected_count_with_dupes": 1, "other_users_affected_count_with_dupes": 1, "users_affected_with_dupes_collection_link": "https://bugs.launchpad.net/api/devel/bugs/871674/users_affected_with_dupes", "messages_collection_link": "https://bugs.launchpad.net/api/devel/bugs/871674/messages", "lock_status": "Unlocked", "lock_reason": null, "linked_branches_collection_link": "https://bugs.launchpad.net/api/devel/bugs/871674/linked_branches", "linked_merge_proposals_collection_link": "https://bugs.launchpad.net/api/devel/bugs/871674/linked_merge_proposals", "http_etag": "\"d77755e493bdf7caa818046d0d012db21e8ba223-cb436fa723dce6b2bb5f89cac7d3e82b86365975\""}, "subscribers_portlet_url_data": {"web_link": "https://bugs.launchpad.net/bugs/871674", "self_link": "https://bugs.launchpad.net/api/devel/bugs/871674"}, "total_comments_and_activity": 16, "initial_comment_batch_offset": 41, "first visible_recent_comment": -38, "bugtask_data": {"1031908": {"id": 1031908, "row_id": "tasksummary1031908", "form_row_id": "task1031908", "bugtask_path": "/ubuntu/+source/apache2/+bug/871674", "prefix": "ubuntu_apache2", "targetname": "apache2 (Ubuntu)", "bug_title": "Server mod_proxy_ajp Denial of Service Vulnerability ", "assignee_value": "sbeattie", "assignee_is_team": false, "assignee_vocabulary": "AllUserTeamsParticipation", "assignee_vocabulary_filters": [], "hide_assignee_team_selection": true, "user_can_unassign": false, "user_can_delete": false, "delete_link": "https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/871674/+delete", "target_is_product": false, "status_widget_items": [{"name": "Fix Released", "value": "Fix Released", "description": "The fix was released.\n", "description_css_class": "choice-description", "style": "", "help": "", "disabled": false, "css_class": "statusFIXRELEASED"}], "status_value": "Fix Released", "importance_widget_items": "[]", "importance_value": "Undecided", "milestone_widget_items": "[]", "milestone_value": null, "user_can_edit_assignee": false, "user_can_edit_milestone": false, "user_can_edit_status": false, "user_can_edit_importance": false}}, "information_type_data": {"PUBLIC": {"value": "PUBLIC", "description": "Everyone can see this information.\n", "name": "Public", "order": 0, "is_private": false, "description_css_class": "choice-description"}, "PUBLICSECURITY": {"value": "PUBLICSECURITY", "description": "Everyone can see this security related information.\n", "name": "Public Security", "order": 1, "is_private": false, "description_css_class": "choice-description"}, "PRIVATESECURITY": {"value": "PRIVATESECURITY", "description": "Only the security group can see this information.\n ", "name": "Private Security", "order": 2, "is_private": true, "description_css_class": "choice-description"}, "USERDATA": {"value": "USERDATA", "description": "Only shared with users permitted to see private user information.\n", "name": "Private", "order": 3, "is_private": true, "description_css_class": "choice-description"}}, "bug_is_private": false, "context": {"self_link": "https://bugs.launchpad.net/api/devel/ubuntu/+source/apache2/+bug/871674", "web_link": "https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/871674", "resource_type_link": "https://bugs.launchpad.net/api/devel/#bug_task", "bug_link": "https://bugs.launchpad.net/api/devel/bugs/871674", "milestone_link": null, "status": "Fix Released", "status_explanation": null, "importance": "Undecided", "importance_explanation": null, "assignee_link": "https://bugs.launchpad.net/api/devel/~sbeattie", "bug_target_display_name": "apache2 (Ubuntu)", "bug_target_name": "apache2 (Ubuntu)", "bug_watch_link": null, "date_assigned": "2011-10-13T16:54:03.459046+00:00", "date_created": "2011-10-10T10:14:08.547666+00:00", "date_confirmed": "2011-10-13T16:53:59.365156+00:00", "date_incomplete": null, "date_in_progress": "2011-10-13T16:53:59.365156+00:00", "date_closed": "2011-11-10T22:04:50.438730+00:00", "date_left_new": "2011-10-13T16:53:59.365156+00:00", "date_triaged": "2011-10-13T16:53:59.365156+00:00", "date_fix_committed": "2011-11-10T22:04:50.438730+00:00", "date_fix_released": "2011-11-10T22:04:50.438730+00:00", "date_left_closed": null, "owner_link": "https://bugs.launchpad.net/api/devel/~djtwenty", "target_link": "https://bugs.launchpad.net/api/devel/ubuntu/+source/apache2", "title": "Bug #871674 in apache2 (Ubuntu): \"Server mod_proxy_ajp Denial of Service Vulnerability \"", "related_tasks_collection_link": "https://bugs.launchpad.net/api/devel/ubuntu/+source/apache2/+bug/871674/related_tasks", "is_complete": true, "http_etag": "\"064edf1210cb729b102a46f5dd642bee301821dd-ed17e9532ce35c189646ab7f4157c4a72cb17860\""}};</script> </body>  </html>

CINXE.COM

Bug #871674 “Server mod_proxy_ajp Denial of Service Vulnerabilit...” : Bugs : apache2 package : Ubuntu