httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From m..@apache.org
Subject svn commit: r264792 - in /httpd/site/trunk: docs/security/vulnerabilities_20.html xdocs/security/vulnerabilities-httpd.xml
Date Tue, 30 Aug 2005 15:08:07 GMT
Author: mjc
Date: Tue Aug 30 08:08:02 2005
New Revision: 264792

URL: http://svn.apache.org/viewcvs?rev=264792&view=rev
Log:
I actually wrote these issues up quite some time ago but
my jre wasn't working with xslt to generate the final page;
switched back to IBM jre for now

Modified:
    httpd/site/trunk/docs/security/vulnerabilities_20.html
    httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml

Modified: httpd/site/trunk/docs/security/vulnerabilities_20.html
URL: http://svn.apache.org/viewcvs/httpd/site/trunk/docs/security/vulnerabilities_20.html?rev=264792&r1=264791&r2=264792&view=diff
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities_20.html (original)
+++ httpd/site/trunk/docs/security/vulnerabilities_20.html Tue Aug 30 08:08:02 2005
@@ -83,6 +83,58 @@
            <table border="0" cellspacing="0" cellpadding="2" width="100%">
  <tr><td bgcolor="#525D76">
   <font color="#ffffff" face="arial,helvetica,sanserif">
+   <a name="2.0.55-dev"><strong>Fixed in Apache httpd 2.0.55-dev</strong></a>
+  </font>
+ </td></tr>
+ <tr><td>
+  <blockquote>
+<dl>
+<dd>
+<b>low: </b>
+<b>
+<name name="CAN-2005-1268">Malicious CRL off-by-one</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1268">CAN-2005-1268</a>
+<p>
+An off-by-one stack overflow was discovered in the mod_ssl CRL
+verification callback. In order to exploit this issue the Apache
+server would need to be configured to use a malicious certificate
+revocation list (CRL)
+</p>
+</dd>
+<dd />
+<dd>
+      Affects: 
+    2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44,
2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CAN-2005-2088">HTTP Request Spoofing</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2088">CAN-2005-2088</a>
+<p>
+A flaw occured when using the Apache server as a HTTP proxy. A remote
+attacker could send a HTTP request with both a "Transfer-Encoding:
+chunked" header and a Content-Length header, causing Apache to
+incorrectly handle and forward the body of the request in a way that
+causes the receiving server to process it as a separate HTTP request.
+This could allow the bypass of web application firewall protection or
+lead to cross-site scripting (XSS) attacks.
+</p>
+</dd>
+<dd />
+<dd>
+      Affects: 
+    2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44,
2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
+</dd>
+</dl>
+  </blockquote>
+ </td></tr>
+</table>
+           <table border="0" cellspacing="0" cellpadding="2" width="100%">
+ <tr><td bgcolor="#525D76">
+  <font color="#ffffff" face="arial,helvetica,sanserif">
    <a name="2.0.53"><strong>Fixed in Apache httpd 2.0.53</strong></a>
   </font>
  </td></tr>

Modified: httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
URL: http://svn.apache.org/viewcvs/httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml?rev=264792&r1=264791&r2=264792&view=diff
==============================================================================
--- httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml (original)
+++ httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml Tue Aug 30 08:08:02 2005
@@ -1,4 +1,71 @@
-<security updated="20050503">
+<security updated="20050830">
+
+<issue fixed="2.0.55-dev" public="20050611">
+<cve name="CAN-2005-2088"/>
+<severity level="3">moderate</severity>
+<title>HTTP Request Spoofing</title>
+<description>
+<p>
+A flaw occured when using the Apache server as a HTTP proxy. A remote
+attacker could send a HTTP request with both a "Transfer-Encoding:
+chunked" header and a Content-Length header, causing Apache to
+incorrectly handle and forward the body of the request in a way that
+causes the receiving server to process it as a separate HTTP request.
+This could allow the bypass of web application firewall protection or
+lead to cross-site scripting (XSS) attacks.
+</p>
+</description>
+<affects prod="httpd" version="2.0.54"/>
+<affects prod="httpd" version="2.0.53"/>
+<affects prod="httpd" version="2.0.52"/>
+<affects prod="httpd" version="2.0.51"/>
+<affects prod="httpd" version="2.0.50"/>
+<affects prod="httpd" version="2.0.49"/>
+<affects prod="httpd" version="2.0.48"/>
+<affects prod="httpd" version="2.0.47"/>
+<affects prod="httpd" version="2.0.46"/>
+<affects prod="httpd" version="2.0.45"/>
+<affects prod="httpd" version="2.0.44"/>
+<affects prod="httpd" version="2.0.43"/>
+<affects prod="httpd" version="2.0.42"/>
+<affects prod="httpd" version="2.0.40"/>
+<affects prod="httpd" version="2.0.39"/>
+<affects prod="httpd" version="2.0.37"/>
+<affects prod="httpd" version="2.0.36"/>
+<affects prod="httpd" version="2.0.35"/>
+</issue>
+
+<issue fixed="2.0.55-dev" public="20050608">
+<cve name="CAN-2005-1268"/>
+<severity level="4">low</severity>
+<title>Malicious CRL off-by-one</title>
+<description>
+<p>
+An off-by-one stack overflow was discovered in the mod_ssl CRL
+verification callback. In order to exploit this issue the Apache
+server would need to be configured to use a malicious certificate
+revocation list (CRL)
+</p>
+</description>
+<affects prod="httpd" version="2.0.54"/>
+<affects prod="httpd" version="2.0.53"/>
+<affects prod="httpd" version="2.0.52"/>
+<affects prod="httpd" version="2.0.51"/>
+<affects prod="httpd" version="2.0.50"/>
+<affects prod="httpd" version="2.0.49"/>
+<affects prod="httpd" version="2.0.48"/>
+<affects prod="httpd" version="2.0.47"/>
+<affects prod="httpd" version="2.0.46"/>
+<affects prod="httpd" version="2.0.45"/>
+<affects prod="httpd" version="2.0.44"/>
+<affects prod="httpd" version="2.0.43"/>
+<affects prod="httpd" version="2.0.42"/>
+<affects prod="httpd" version="2.0.40"/>
+<affects prod="httpd" version="2.0.39"/>
+<affects prod="httpd" version="2.0.37"/>
+<affects prod="httpd" version="2.0.36"/>
+<affects prod="httpd" version="2.0.35"/>
+</issue>
 
 <issue fixed="2.0.53" public="20041101" released="20050208" reported="20041028">
 <cve name="CAN-2004-0942"/>



Mime
View raw message