|CERT-In Vulnerability Note
Remote Users Bypass Security Restriction Vulnerability in Red Hat Enterprise Linux
Original Issue Date:November 02, 2017
Severity Rating: MEDIUM
- Red Hat Enterprise Linux Server 6 x86_64
- Red Hat Enterprise Linux Server 6 i386
- Red Hat Enterprise Linux Workstation 6 x86_64
- Red Hat Enterprise Linux Workstation 6 i386
- Red Hat Enterprise Linux Desktop 6 x86_64
- Red Hat Enterprise Linux Desktop 6 i386
- Red Hat Enterprise Linux for IBM z Systems 6 s390x
- Red Hat Enterprise Linux for Power, big endian 6 ppc64
- Red Hat Enterprise Linux for Scientific Computing 6 x86_64
A Vulnerability has been reported in Apache HTTPD on Red Hat Enterprise Linux which could be exploited by a remote attacker to bypass security controls on the targeted system.
This vulnerability exists in Apache HTTPD on Red Hat Enterprise Linux due to improper parse comments in the "Allow" and "Deny" Configuration lines.
Successful exploitation of this vulnerability could allow the attacker to access an ostensibly restricted HTTP resource.
Apply appropriate Security fixes as mentioned in the following Red Hat advisory.
The information provided herein is on "as is" basis, without warranty of any kind.
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003