The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp
in the Apache HTTP Server 2.2.x before 2.2.15 does not properly
handle certain situations in which a client sends no request body,
which allows remote attackers to cause a denial of service (backend
server outage) via a crafted request, related to use of a 500 error
code instead of the appropriate 400 error code.
The ap_read_request function in server/protocol.c in the Apache HTTP
Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does
not properly handle headers in subrequests in certain circumstances
involving a parent request that has a body, which might allow remote
attackers to obtain sensitive information via a crafted request that
triggers access to memory locations associated with an earlier
2.2.15 in cvs
To really fix the ssl renegotiation issue, 2.2.15 should depend on openssl 0.9.8m and we should stabilize it together.
(In reply to comment #3)
> To really fix the ssl renegotiation issue, 2.2.15 should depend on openssl
> 0.9.8m and we should stabilize it together.
i've updated the dependencies in 2.2.15
Archs, please stabilize.
Guy, please don't close security bugs.
GLSA vote: YES.
Yes, too, glsa request filed.
This issue was resolved and addressed in
GLSA 201206-25 at http://security.gentoo.org/glsa/glsa-201206-25.xml
by GLSA coordinator Tobias Heinlein (keytoaster).