Univention Bugzilla – Bug 40929
apache2: Multiple issues (4.1)
Last modified: 2016-10-05 12:46:45 CEST
The apache2 package in ucs_4.1-0 should also get fixed.
+++ This bug was initially created as a clone of Bug #39066 +++
* HTTP request smuggling attack against chunked request parser, allowing cache poisoning or credential hijacking if an intermediary proxy is in use (CVE-2015-3183)
Fixed upstream in Debian package version 2.2.22-13+deb7u5.
The package has been rebuilt with the additional Debian patches from deb7u6.
OK: automated tests: "ucs-test -s apache -E dangerous"
(except for 20_ssl-protocols and 21_ssl-ciphers which are not adapted to current openssl compile time settings)