httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From m..@apache.org
Subject svn commit: r356293 - in /httpd/site/trunk: docs/security/vulnerabilities_13.html docs/security/vulnerabilities_20.html docs/security/vulnerabilities_22.html xdocs/security/vulnerabilities-httpd.xml xdocs/security/vulnerabilities_22.xml
Date Mon, 12 Dec 2005 17:31:46 GMT
Author: mjc
Date: Mon Dec 12 09:31:36 2005
New Revision: 356293

URL: http://svn.apache.org/viewcvs?rev=356293&view=rev
Log:
Add CVE-2005-3352

Added:
    httpd/site/trunk/docs/security/vulnerabilities_22.html
Modified:
    httpd/site/trunk/docs/security/vulnerabilities_13.html
    httpd/site/trunk/docs/security/vulnerabilities_20.html
    httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
    httpd/site/trunk/xdocs/security/vulnerabilities_22.xml

Modified: httpd/site/trunk/docs/security/vulnerabilities_13.html
URL: http://svn.apache.org/viewcvs/httpd/site/trunk/docs/security/vulnerabilities_13.html?rev=356293&r1=356292&r2=356293&view=diff
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities_13.html (original)
+++ httpd/site/trunk/docs/security/vulnerabilities_13.html Mon Dec 12 09:31:36 2005
@@ -84,6 +84,37 @@
            <table border="0" cellspacing="0" cellpadding="2" width="100%">
  <tr><td bgcolor="#525D76">
   <font color="#ffffff" face="arial,helvetica,sanserif">
+   <a name="1.3.35-dev"><strong>Fixed in Apache httpd 1.3.35-dev</strong></a>
+  </font>
+ </td></tr>
+ <tr><td>
+  <blockquote>
+<dl>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2005-3352">mod_imap Referer Cross-Site Scripting</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352">CVE-2005-3352</a>
+<p>
+A flaw in mod_imap when using the Referer directive with image maps.
+In certain site configurations a remote attacker could perform a cross-site
+scripting attack if a victim can be forced to visit a malicious 
+URL using certain web browsers.  
+</p>
+</dd>
+<dd />
+<dd>
+      Affects: 
+    1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20,
1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p
/>
+</dd>
+</dl>
+  </blockquote>
+ </td></tr>
+</table>
+           <table border="0" cellspacing="0" cellpadding="2" width="100%">
+ <tr><td bgcolor="#525D76">
+  <font color="#ffffff" face="arial,helvetica,sanserif">
    <a name="1.3.33"><strong>Fixed in Apache httpd 1.3.33</strong></a>
   </font>
  </td></tr>

Modified: httpd/site/trunk/docs/security/vulnerabilities_20.html
URL: http://svn.apache.org/viewcvs/httpd/site/trunk/docs/security/vulnerabilities_20.html?rev=356293&r1=356292&r2=356293&view=diff
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities_20.html (original)
+++ httpd/site/trunk/docs/security/vulnerabilities_20.html Mon Dec 12 09:31:36 2005
@@ -84,6 +84,37 @@
            <table border="0" cellspacing="0" cellpadding="2" width="100%">
  <tr><td bgcolor="#525D76">
   <font color="#ffffff" face="arial,helvetica,sanserif">
+   <a name="2.0.56-dev"><strong>Fixed in Apache httpd 2.0.56-dev</strong></a>
+  </font>
+ </td></tr>
+ <tr><td>
+  <blockquote>
+<dl>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2005-3352">mod_imap Referer Cross-Site Scripting</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352">CVE-2005-3352</a>
+<p>
+A flaw in mod_imap when using the Referer directive with image maps.
+In certain site configurations a remote attacker could perform a cross-site
+scripting attack if a victim can be forced to visit a malicious 
+URL using certain web browsers.  
+</p>
+</dd>
+<dd />
+<dd>
+      Affects: 
+    2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45,
2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
+</dd>
+</dl>
+  </blockquote>
+ </td></tr>
+</table>
+           <table border="0" cellspacing="0" cellpadding="2" width="100%">
+ <tr><td bgcolor="#525D76">
+  <font color="#ffffff" face="arial,helvetica,sanserif">
    <a name="2.0.55"><strong>Fixed in Apache httpd 2.0.55</strong></a>
   </font>
  </td></tr>

Added: httpd/site/trunk/docs/security/vulnerabilities_22.html
URL: http://svn.apache.org/viewcvs/httpd/site/trunk/docs/security/vulnerabilities_22.html?rev=356293&view=auto
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities_22.html (added)
+++ httpd/site/trunk/docs/security/vulnerabilities_22.html Mon Dec 12 09:31:36 2005
@@ -0,0 +1,127 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+               "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html>
+ <head>
+  <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
+       <meta name="author" content="Security Group" /><meta name="email" content="security@apache.org"
/>
+    <title>Apache httpd 2.2 vulnerabilities - The Apache HTTP Server Project</title>
+ </head>
+ <body bgcolor="#ffffff" text="#000000" link="#525D76">
+<p><a href="/"><img src="../images/httpd_logo_wide.gif" alt="The Apache HTTP
Server Project" border="0"/></a></p>
+ <table border="0" width="100%" cellspacing="4">
+   <tr>
+    <!-- LEFT SIDE NAVIGATION -->
+    <td valign="top" nowrap="nowrap">
+     <a href="http://apachecon.com/"
+       ><img src="/images/apachecon_2005us.jpg" height="59"
+         width="135" border="0" alt="ApacheCon US 2005" /></a>
+           <p><b>Essentials</b></p>
+    <menu compact="compact">
+          <li><a href="/ABOUT_APACHE.html">About</a></li>
+          <li><a href="http://www.apache.org/licenses/">License</a></li>
+          <li><a href="/docs/2.2/faq/">FAQ</a></li>
+          <li><a href="/security_report.html">Security<br />Reports</a></li>
+        </menu>
+      <p><b>Download!</b></p>
+    <menu compact="compact">
+          <li><a href="/download.cgi">from a mirror</a></li>
+        </menu>
+      <p><b><a 
+href="/docs/">Documentation</a></b></p>
+    <menu compact="compact">
+          <li><a href="/docs/2.2/">Version 2.2</a></li>
+          <li><a href="/docs/2.0/">Version 2.0</a></li>
+          <li><a href="/docs/1.3/">Version 1.3</a></li>
+          <li><a href="/docs/trunk/">Trunk</a> (dev)</li>
+        </menu>
+      <p><b>Get Involved</b></p>
+    <menu compact="compact">
+          <li><a href="/lists.html">Mailing Lists</a></li>
+          <li><a href="/bug_report.html">Bug Reports</a></li>
+          <li><a href="/dev/">Developer Info</a></li>
+        </menu>
+      <p><b>Subprojects</b></p>
+    <menu compact="compact">
+          <li><a href="/docs-project/">Docs</a></li>
+          <li><a href="/test/">Test</a></li>
+          <li><a href="/test/flood/">Flood</a></li>
+          <li><a href="/apreq/">libapreq</a></li>
+          <li><a href="/modules/">Modules</a></li>
+          <li><a href="/cli/">cli (.NET)</a></li>
+        </menu>
+      <p><b><a 
+href="/info/">Miscellaneous</a></b></p>
+    <menu compact="compact">
+          <li><a href="/contributors/">Contributors</a></li>
+          <li><a href="/awards.html">Awards</a></li>
+          <li><a href="http://webring.com/hub?ring=apachesupport">Support<br
/>Webring</a></li>
+        </menu>
+    </td>
+    <!-- RIGHT SIDE INFORMATION -->
+    <td align="left" valign="top">
+                <table border="0" cellspacing="0" cellpadding="2" width="100%">
+ <tr><td bgcolor="#525D76">
+  <font color="#ffffff" face="arial,helvetica,sanserif">
+   <a name="top"><strong>Apache httpd 2.2 vulnerabilities</strong></a>
+  </font>
+ </td></tr>
+ <tr><td>
+  <blockquote>
+<p>This page lists all security vulnerabilities fixed in released
+versions of Apache httpd 2.2.  Each
+vulnerability is given a security <a href="/security/impact_levels.html">impact rating</a>
by the Apache
+security team - please note that this rating may well vary from
+platform to platform.  We also list the versions of Apache httpd the
+flaw is known to affect, and where a flaw has not been verified list
+the version with a question mark.  </p>
+<p> This page is created from a database of vulnerabilities originally
+populated by Apache Week.  Please send comments or corrections for
+these vulnerabilities to the <a href="/security_report.html">Security
+Team</a>.  </p>
+  </blockquote>
+ </td></tr>
+</table>
+           <table border="0" cellspacing="0" cellpadding="2" width="100%">
+ <tr><td bgcolor="#525D76">
+  <font color="#ffffff" face="arial,helvetica,sanserif">
+   <a name="2.2.1-dev"><strong>Fixed in Apache httpd 2.2.1-dev</strong></a>
+  </font>
+ </td></tr>
+ <tr><td>
+  <blockquote>
+<dl>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2005-3352">mod_imap Referer Cross-Site Scripting</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352">CVE-2005-3352</a>
+<p>
+A flaw in mod_imap when using the Referer directive with image maps.
+In certain site configurations a remote attacker could perform a cross-site
+scripting attack if a victim can be forced to visit a malicious 
+URL using certain web browsers.  
+</p>
+</dd>
+<dd />
+<dd>
+      Affects: 
+    2.2.0<p />
+</dd>
+</dl>
+  </blockquote>
+ </td></tr>
+</table>
+         </td>
+   </tr>
+   <!-- FOOTER -->
+   <tr><td colspan="2"><hr noshade="noshade" size="1"/></td></tr>
+   <tr><td colspan="2" align="center">
+        <font size="-1">
+         <em>Copyright &#169; 1999-2005, The Apache Software Foundation</em>
+        </font>
+       </td>
+   </tr>
+  </table>
+ </body>
+</html>

Modified: httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
URL: http://svn.apache.org/viewcvs/httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml?rev=356293&r1=356292&r2=356293&view=diff
==============================================================================
--- httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml (original)
+++ httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml Mon Dec 12 09:31:36 2005
@@ -1,4 +1,89 @@
-<security updated="20051101">
+<security updated="20051212">
+
+<issue fixed="2.2.1-dev" public="20051212" reported="20051101">
+<cve name="CVE-2005-3352"/>
+<severity level="3">moderate</severity>
+<title>mod_imap Referer Cross-Site Scripting</title>
+<description>
+<p>
+A flaw in mod_imap when using the Referer directive with image maps.
+In certain site configurations a remote attacker could perform a cross-site
+scripting attack if a victim can be forced to visit a malicious 
+URL using certain web browsers.  
+</p>
+</description>
+<affects prod="httpd" version="2.2.0"/>
+</issue>
+
+<issue fixed="2.0.56-dev" public="20051212" reported="20051101">
+<cve name="CVE-2005-3352"/>
+<severity level="3">moderate</severity>
+<title>mod_imap Referer Cross-Site Scripting</title>
+<description>
+<p>
+A flaw in mod_imap when using the Referer directive with image maps.
+In certain site configurations a remote attacker could perform a cross-site
+scripting attack if a victim can be forced to visit a malicious 
+URL using certain web browsers.  
+</p>
+</description>
+<affects prod="httpd" version="2.0.55"/>
+<affects prod="httpd" version="2.0.54"/>
+<affects prod="httpd" version="2.0.53"/>
+<affects prod="httpd" version="2.0.52"/>
+<affects prod="httpd" version="2.0.51"/>
+<affects prod="httpd" version="2.0.50"/>
+<affects prod="httpd" version="2.0.49"/>
+<affects prod="httpd" version="2.0.48"/>
+<affects prod="httpd" version="2.0.47"/>
+<affects prod="httpd" version="2.0.46"/>
+<affects prod="httpd" version="2.0.45"/>
+<affects prod="httpd" version="2.0.44"/>
+<affects prod="httpd" version="2.0.43"/>
+<affects prod="httpd" version="2.0.42"/>
+<affects prod="httpd" version="2.0.40"/>
+<affects prod="httpd" version="2.0.39"/>
+<affects prod="httpd" version="2.0.37"/>
+<affects prod="httpd" version="2.0.36"/>
+<affects prod="httpd" version="2.0.35"/>
+</issue>
+
+<issue fixed="1.3.35-dev" public="20051212" reported="20051101">
+<cve name="CVE-2005-3352"/>
+<severity level="3">moderate</severity>
+<title>mod_imap Referer Cross-Site Scripting</title>
+<description>
+<p>
+A flaw in mod_imap when using the Referer directive with image maps.
+In certain site configurations a remote attacker could perform a cross-site
+scripting attack if a victim can be forced to visit a malicious 
+URL using certain web browsers.  
+</p>
+</description>
+  <affects prod="httpd" version="1.3.34"/>
+  <affects prod="httpd" version="1.3.33"/>
+  <affects prod="httpd" version="1.3.32"/>
+  <affects prod="httpd" version="1.3.31"/>
+  <affects prod="httpd" version="1.3.29"/>
+  <affects prod="httpd" version="1.3.28"/>
+  <affects prod="httpd" version="1.3.27"/>
+  <affects prod="httpd" version="1.3.26"/>
+  <affects prod="httpd" version="1.3.24"/>
+  <affects prod="httpd" version="1.3.22"/>
+  <affects prod="httpd" version="1.3.20"/>
+  <affects prod="httpd" version="1.3.19"/>
+  <affects prod="httpd" version="1.3.17"/>
+  <affects prod="httpd" version="1.3.14"/>
+  <affects prod="httpd" version="1.3.12"/>
+  <affects prod="httpd" version="1.3.11"/>
+  <affects prod="httpd" version="1.3.9"/>
+  <affects prod="httpd" version="1.3.6"/>
+  <affects prod="httpd" version="1.3.4"/>
+  <affects prod="httpd" version="1.3.3"/>
+  <affects prod="httpd" version="1.3.2"/>
+  <affects prod="httpd" version="1.3.1"/>
+  <affects prod="httpd" version="1.3.0"/>
+</issue>
 
 <issue fixed="2.0.55" released="20051014">
 <cve name="CVE-2005-2970"/>

Modified: httpd/site/trunk/xdocs/security/vulnerabilities_22.xml
URL: http://svn.apache.org/viewcvs/httpd/site/trunk/xdocs/security/vulnerabilities_22.xml?rev=356293&r1=356292&r2=356293&view=diff
==============================================================================
--- httpd/site/trunk/xdocs/security/vulnerabilities_22.xml (original)
+++ httpd/site/trunk/xdocs/security/vulnerabilities_22.xml Mon Dec 12 09:31:36 2005
@@ -19,11 +19,28 @@
 these vulnerabilities to the <a href="/security_report.html">Security
 Team</a>.  </p>
 </section>
-<section id="none">
-<title></title>
+<section id="2.2.1-dev">
+<title>Fixed in Apache httpd 2.2.1-dev</title>
+<dl>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2005-3352">mod_imap Referer Cross-Site Scripting</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352">CVE-2005-3352</a>
 <p>
-No Security Issues have been found for Apache httpd 2.2.
+A flaw in mod_imap when using the Referer directive with image maps.
+In certain site configurations a remote attacker could perform a cross-site
+scripting attack if a victim can be forced to visit a malicious 
+URL using certain web browsers.  
 </p>
+</dd>
+<dd/>
+<dd>
+      Affects: 
+    2.2.0<p/>
+</dd>
+</dl>
 </section>
 </body>
 </document>



Mime
View raw message