Good Morning,
I was wondering if there was any update on CVE-2011-3607
<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3607> and
CVE-2011-4415
<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4415> which
are bugs in mod_setenvif?
Our server is being flagged for PCI non-compliance because of these
CVE's but there doesn't appear to be a fix, a workaround or any
information I can find.
I checked bugzilla and the announce archives but these CVE's aren't
listed at http://httpd.apache.org/security/vulnerabilities_22.html either.
However, some websearch issues that get pretty technical seem unclear if
the issue is considered a security issue by apache. Any assistance
appreciated.
Regards,
KAM
- [users@httpd] Update on mod_setenvif exploit CVE-2011-360... Kevin A. McGrail
-
