Re: [users@httpd] Update on mod_setenvif exploit CVE-2011-3607 and CVE-2011-4415

Anyway, I am more wondering if 2.2.22 is even on track to address these issues. Or if there are patches for 2.2.X (I found trunk patches but they only dealt with some of the CVE and didn't address the 2.2 branch). The amount of information available for these CVEs since sparse compared to m

Re: [users@httpd] Update on mod_setenvif exploit CVE-2011-3607 and CVE-2011-4415

On 12/21/2011 1:18 PM, Pete Houston wrote: On Wed, Dec 21, 2011 at 12:42:02PM -0500, Kevin A. McGrail wrote: Our server is being flagged for PCI non-compliance because of these CVE's but there doesn't appear to be a fix, a workaround or any information I can find. There seem to be 2 obvious wor

Re: [users@httpd] Update on mod_setenvif exploit CVE-2011-3607 and CVE-2011-4415

On Wed, Dec 21, 2011 at 12:42:02PM -0500, Kevin A. McGrail wrote: > Our server is being flagged for PCI non-compliance because of these > CVE's but there doesn't appear to be a fix, a workaround or any > information I can find. There seem to be 2 obvious workarounds: 1. Don't load mod_setenvif. T

[users@httpd] Update on mod_setenvif exploit CVE-2011-3607 and CVE-2011-4415

Good Morning, I was wondering if there was any update on CVE-2011-3607 and CVE-2011-4415 which are bugs in mod_setenvif? Our server is being flagged for PCI non-co