Bug 743743 - VUL-1: CVE-2012-0053: apache2: cookie exposure due to error responses
VUL-1: CVE-2012-0053: apache2: cookie exposure due to error responses
Status: RESOLVED FIXED
: 753051 (view as bug list)
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: General
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
maint:released:sle11-sp1:45334 maint:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-01-27 08:51 UTC by Matthias Weckbecker
Modified: 2013-07-02 12:05 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Matthias Weckbecker 2012-01-27 08:51:40 UTC
"CVE-2012-0053: Fix an issue in error responses that could expose 
"httpOnly" cookies when no custom ErrorDocument is specified for 
status code 400",

http://svn.apache.org/viewvc?view=revision&revision=1235454
Comment 1 Bernhard Wiedemann 2012-02-14 05:00:32 UTC
This is an autogenerated message for OBS integration:
This bug (743743) was mentioned in
https://build.opensuse.org/request/show/104860 Evergreen:11.2 / apache2
Comment 2 Swamp Workflow Management 2012-02-18 08:25:44 UTC
Update released for: apache2, apache2-debuginfo, apache2-debugsource, apache2-devel, apache2-doc, apache2-event, apache2-example-pages, apache2-prefork, apache2-utils, apache2-worker, libapr1, libapr1-32bit, libapr1-debuginfo, libapr1-debuginfo-32bit, libapr1-debugsource, libapr1-devel, libapr1-devel-32bit
Products:
SLE-DEBUGINFO 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-SDK 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP1-TERADATA (x86_64)
SLES4VMWARE 11-SP1 (i386, x86_64)
Comment 3 Bernhard Wiedemann 2012-02-19 19:00:29 UTC
This is an autogenerated message for OBS integration:
This bug (743743) was mentioned in
https://build.opensuse.org/request/show/105883 Evergreen:11.1 / apache2
Comment 4 Bernhard Wiedemann 2012-02-20 20:00:29 UTC
This is an autogenerated message for OBS integration:
This bug (743743) was mentioned in
https://build.opensuse.org/request/show/106112 Evergreen:11.1 / apache2
Comment 5 Marcus Meissner 2012-02-23 15:28:44 UTC
all submitted I think, so reassign to security team
Comment 6 Swamp Workflow Management 2012-02-28 11:10:38 UTC
Update released for: apache2, apache2-debuginfo, apache2-debugsource, apache2-devel, apache2-doc, apache2-event, apache2-event-debuginfo, apache2-example-certificates, apache2-example-pages, apache2-itk, apache2-itk-debuginfo, apache2-prefork, apache2-prefork-debuginfo, apache2-utils, apache2-utils-debuginfo, apache2-worker, apache2-worker-debuginfo
Products:
openSUSE 11.4 (debug, i586, x86_64)
Comment 7 Swamp Workflow Management 2012-02-28 12:09:03 UTC
Update released for: apache2, apache2-debuginfo, apache2-devel, apache2-doc, apache2-event, apache2-example-pages, apache2-prefork, apache2-worker
Products:
SLE-SERVER 10-SP3-TERADATA (x86_64)
Comment 8 Marcus Meissner 2012-03-01 17:09:45 UTC
released
Comment 9 Swamp Workflow Management 2012-03-06 16:55:59 UTC
Update released for: apache2, apache2-debuginfo, apache2-devel, apache2-doc, apache2-event, apache2-example-pages, apache2-prefork, apache2-worker
Products:
SLE-DEBUGINFO 10-SP4 (i386, ia64, ppc, s390x, x86_64)
SLE-SDK 10-SP4 (i386, ia64, ppc, s390x, x86_64)
SLE-SERVER 10-SP4 (i386, ia64, ppc, s390x, x86_64)
Comment 10 Dirk Mueller 2012-03-29 08:19:57 UTC
*** Bug 753051 has been marked as a duplicate of this bug. ***
Comment 11 Swamp Workflow Management 2013-03-15 12:59:48 UTC
Update released for: apache2, apache2-debuginfo, apache2-devel, apache2-doc, apache2-event, apache2-example-pages, apache2-prefork, apache2-worker
Products:
SLE-DEBUGINFO 10-SP3 (i386, s390x, x86_64)
SLE-SERVER 10-SP3-LTSS (i386, s390x, x86_64)
Comment 14 Swamp Workflow Management 2013-07-02 12:05:10 UTC
Update released for: apache2, apache2-devel, apache2-doc, apache2-example-pages, apache2-leader, apache2-metuxmpm, apache2-perchild, apache2-prefork, apache2-worker, libapr0
Products:
SUSE-CORE 9-SP3-TERADATA (x86_64)