Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Is this your freeware software? Submitter

marko
View other files from this member

File Information

Submitted: Aug 01 2010 12:21 PM
Last Updated: Jan 31 2012 09:31 PM
File Size: 6.87MB
Views: 651
Downloads: 12
Will Run On: Unix/Linux
Author's Site: Click Here
License: Info Not Available

Related Tags

apache

Apache HTTP Server for Linux 2.2.22

1 Votes

Download Now

0

The Apache project is an effort to develop and maintain an open-source HTTP server for various modern desktop and server operating systems, such as UNIX and Windows NT.

The goal of this project is to provide a secure, efficient and extensible server which provides HTTP services in sync with the current HTTP standards.

What's New in Version 2.2.22 (See full changelog)

SECURITY: CVE-2011-3368 (cve.mitre.org) Reject requests where the request-URI does not match the HTTP specification, preventing unexpected expansion of target URLs in some reverse proxy configurations. [Joe Orton]
SECURITY: CVE-2011-3607 (cve.mitre.org) Fix integer overflow in ap_pregsub() which, when the mod_setenvif module is enabled, could allow local users to gain privileges via a .htaccess file. [Stefan Fritsch, Greg Ames]
SECURITY: CVE-2011-4317 (cve.mitre.org) Resolve additional cases of URL rewriting with ProxyPassMatch or RewriteRule, where particular request-URIs could result in undesired backend network exposure in some configurations. [Joe Orton]
SECURITY: CVE-2012-0021 (cve.mitre.org) mod_log_config: Fix segfault (crash) when the '{cookiename}C' log format string is in use and a client sends a nameless, valueless cookie, causing a denial of service. The issue existed since version 2.2.17. PR 52256. [Rainer Canavan ]
SECURITY: CVE-2012-0031 (cve.mitre.org) Fix scoreboard issue which could allow an unprivileged child process could cause the parent to crash at shutdown rather than terminate cleanly. [Joe Orton]
SECURITY: CVE-2012-0053 (cve.mitre.org) Fix an issue in error responses that could expose 'httpOnly' cookies when no custom ErrorDocument is specified for status code 400. [Eric Covener]
mod_proxy_ajp: Try to prevent a single long request from marking a worker in error. [Jean-Frederic Clere]
config: Update the default mod_ssl configuration: Disable SSLv2, only allow >= 128bit ciphers, add commented example for speed optimized cipher list, limit MSIE workaround to MSIE <= 5. [Kaspar Brand]
core: Fix segfault in ap_send_interim_response(). PR 52315. [Stefan Fritsch]
mod_log_config: Prevent segfault. PR 50861. [Torsten F?rtsch ]
mod_win32: Invert logic for env var UTF-8 fixing. Now we exclude a list of vars which we know for sure they dont hold UTF-8 chars; all other vars will be fixed. This has the benefit that now also all vars from 3rd-party modules will be fixed. PR 13029 / 34985. [Guenter Knauf]
core: Fix hook sorting for Perl modules, a regression introduced in 2.2.21. PR: 45076. [Torsten Foertsch ]
Fix a regression introduced by the CVE-2011-3192 byterange fix in 2.2.20: A range of '0-' will now return 206 instead of 200. PR 51878. [Jim Jagielski]
Example configuration: Fix entry for MaxRanges (use 'unlimited' instead of '0'). [Rainer Jung]
mod_substitute: Fix buffer overrun. [Ruediger Pluem, Rainer Jung]

Scanned & Checked: Jan 31 2012 09:31 PM

When we last updated Apache HTTP Server for Linux, we made sure it was still virus and malware free and the developer's site had no proven issues in any of the reputable site advisory services. In the unlikely event you notice any issues, please let us know immediately, otherwise we will schedule this software for another scan the next time it is updated.