mod_rpaf: Denial of service — GLSA 201209-20

A vulnerability in mod_rpaf may result in Denial of Service.

Affected packages

www-apache/mod_rpaf on all architectures
Affected versions < 0.6
Unaffected versions >= 0.6

Background

mod_rpaf is a reverse proxy add forward module for backend Apache servers.

Description

An error has been found in the way mod_rpaf handles X-Forwarded-For headers. Please review the CVE identifier referenced below for details.

Impact

A remote attacker could send a specially crafted HTTP header, possibly resulting in a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All mod_rpaf users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=www-apache/mod_rpaf-0.6"
 

References

Release date
September 27, 2012

Latest revision
September 27, 2012: 1

Severity
normal

Exploitable
remote

Bugzilla entries