Bug 743743 – VUL-1: CVE-2012-0053: apache2: cookie exposure due to error responses

Bug 743743 - VUL-1: CVE-2012-0053: apache2: cookie exposure due to error responses


Summary:	VUL-1: CVE-2012-0053: apache2: cookie exposure due to error responses

Status:	RESOLVED FIXED
Duplicates:	753051 (view as bug list)

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	General
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:	maint:released:sle11-sp1:45334 maint:...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2012-01-27 08:51 UTC by Matthias Weckbecker
Modified:	2013-07-02 12:05 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Matthias Weckbecker 2012-01-27 08:51:40 UTC

"CVE-2012-0053: Fix an issue in error responses that could expose 
"httpOnly" cookies when no custom ErrorDocument is specified for 
status code 400",

http://svn.apache.org/viewvc?view=revision&revision=1235454

Comment 1 Bernhard Wiedemann 2012-02-14 05:00:32 UTC

This is an autogenerated message for OBS integration:
This bug (743743) was mentioned in
https://build.opensuse.org/request/show/104860 Evergreen:11.2 / apache2

Comment 2 Swamp Workflow Management 2012-02-18 08:25:44 UTC

Update released for: apache2, apache2-debuginfo, apache2-debugsource, apache2-devel, apache2-doc, apache2-event, apache2-example-pages, apache2-prefork, apache2-utils, apache2-worker, libapr1, libapr1-32bit, libapr1-debuginfo, libapr1-debuginfo-32bit, libapr1-debugsource, libapr1-devel, libapr1-devel-32bit
Products:
SLE-DEBUGINFO 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-SDK 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP1-TERADATA (x86_64)
SLES4VMWARE 11-SP1 (i386, x86_64)

Comment 3 Bernhard Wiedemann 2012-02-19 19:00:29 UTC

This is an autogenerated message for OBS integration:
This bug (743743) was mentioned in
https://build.opensuse.org/request/show/105883 Evergreen:11.1 / apache2

Comment 4 Bernhard Wiedemann 2012-02-20 20:00:29 UTC

This is an autogenerated message for OBS integration:
This bug (743743) was mentioned in
https://build.opensuse.org/request/show/106112 Evergreen:11.1 / apache2

Comment 5 Marcus Meissner 2012-02-23 15:28:44 UTC

all submitted I think, so reassign to security team

Comment 6 Swamp Workflow Management 2012-02-28 11:10:38 UTC

Update released for: apache2, apache2-debuginfo, apache2-debugsource, apache2-devel, apache2-doc, apache2-event, apache2-event-debuginfo, apache2-example-certificates, apache2-example-pages, apache2-itk, apache2-itk-debuginfo, apache2-prefork, apache2-prefork-debuginfo, apache2-utils, apache2-utils-debuginfo, apache2-worker, apache2-worker-debuginfo
Products:
openSUSE 11.4 (debug, i586, x86_64)

Comment 7 Swamp Workflow Management 2012-02-28 12:09:03 UTC

Update released for: apache2, apache2-debuginfo, apache2-devel, apache2-doc, apache2-event, apache2-example-pages, apache2-prefork, apache2-worker
Products:
SLE-SERVER 10-SP3-TERADATA (x86_64)

Comment 8 Marcus Meissner 2012-03-01 17:09:45 UTC

released

Comment 9 Swamp Workflow Management 2012-03-06 16:55:59 UTC

Update released for: apache2, apache2-debuginfo, apache2-devel, apache2-doc, apache2-event, apache2-example-pages, apache2-prefork, apache2-worker
Products:
SLE-DEBUGINFO 10-SP4 (i386, ia64, ppc, s390x, x86_64)
SLE-SDK 10-SP4 (i386, ia64, ppc, s390x, x86_64)
SLE-SERVER 10-SP4 (i386, ia64, ppc, s390x, x86_64)

Comment 10 Dirk Mueller 2012-03-29 08:19:57 UTC

*** Bug 753051 has been marked as a duplicate of this bug. ***

Comment 11 Swamp Workflow Management 2013-03-15 12:59:48 UTC

Update released for: apache2, apache2-debuginfo, apache2-devel, apache2-doc, apache2-event, apache2-example-pages, apache2-prefork, apache2-worker
Products:
SLE-DEBUGINFO 10-SP3 (i386, s390x, x86_64)
SLE-SERVER 10-SP3-LTSS (i386, s390x, x86_64)

Comment 14 Swamp Workflow Management 2013-07-02 12:05:10 UTC

Update released for: apache2, apache2-devel, apache2-doc, apache2-example-pages, apache2-leader, apache2-metuxmpm, apache2-perchild, apache2-prefork, apache2-worker, libapr0
Products:
SUSE-CORE 9-SP3-TERADATA (x86_64)