Apache Web Server MIME Boundary Information Disclosure Vulnerability

A vulnerability has been discovered in the Apache web server that may result in the disclosure of sensitive information. Specifically, sensitive process information is used within generated MIME message boundaries.

Access to this information may aid an attacker in launching attacks further attacks against target services.

OpenBSD has released a patch that addresses this issue. MIME boundaries are now generated by the server using BASE64 encoded random numbers.


Privacy Statement
Copyright 2010, SecurityFocus