httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From m..@apache.org
Subject svn commit: r392234 - in /httpd/site/trunk: docs/security/vulnerabilities_13.html xdocs/security/vulnerabilities-httpd.xml
Date Fri, 07 Apr 2006 09:58:49 GMT
Author: mjc
Date: Fri Apr  7 02:58:47 2006
New Revision: 392234

URL: http://svn.apache.org/viewcvs?rev=392234&view=rev
Log:
Revert revision 392230.  wrowe correctly points out that 
cve-2005-2088 didn't affect apache 1.3, and indeed I've mailed
people that thought it did to correct them.

Modified:
    httpd/site/trunk/docs/security/vulnerabilities_13.html
    httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml

Modified: httpd/site/trunk/docs/security/vulnerabilities_13.html
URL: http://svn.apache.org/viewcvs/httpd/site/trunk/docs/security/vulnerabilities_13.html?rev=392234&r1=392233&r2=392234&view=diff
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities_13.html (original)
+++ httpd/site/trunk/docs/security/vulnerabilities_13.html Fri Apr  7 02:58:47 2006
@@ -112,42 +112,6 @@
            <table border="0" cellspacing="0" cellpadding="2" width="100%">
  <tr><td bgcolor="#525D76">
   <font color="#ffffff" face="arial,helvetica,sanserif">
-   <a name="1.3.34"><strong>Fixed in Apache httpd 1.3.34</strong></a>
-  </font>
- </td></tr>
- <tr><td>
-  <blockquote>
-<dl>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2005-2088">HTTP Request Spoofing</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2088">CVE-2005-2088</a>
-<p>
-A flaw occured when using the Apache server as a HTTP proxy. A remote
-attacker could send a HTTP request with both a "Transfer-Encoding:
-chunked" header and a Content-Length header, causing Apache to
-incorrectly handle and forward the body of the request in a way that
-causes the receiving server to process it as a separate HTTP request.
-This could allow the bypass of web application firewall protection or
-lead to cross-site scripting (XSS) attacks.
-</p>
-</dd>
-<dd>
-  Update Released: 18th October 2005<br />
-</dd>
-<dd>
-      Affects: 
-    1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19,
1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
-</dd>
-</dl>
-  </blockquote>
- </td></tr>
-</table>
-           <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
-  <font color="#ffffff" face="arial,helvetica,sanserif">
    <a name="1.3.33"><strong>Fixed in Apache httpd 1.3.33</strong></a>
   </font>
  </td></tr>

Modified: httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
URL: http://svn.apache.org/viewcvs/httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml?rev=392234&r1=392233&r2=392234&view=diff
==============================================================================
--- httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml (original)
+++ httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml Fri Apr  7 02:58:47 2006
@@ -253,45 +253,6 @@
 <affects prod="httpd" version="2.0.35"/>
 </issue>
 
-<issue fixed="1.3.34" public="20050611" released="20051018">
-<cve name="CVE-2005-2088"/>
-<severity level="3">moderate</severity>
-<title>HTTP Request Spoofing</title>
-<description>
-<p>
-A flaw occured when using the Apache server as a HTTP proxy. A remote
-attacker could send a HTTP request with both a "Transfer-Encoding:
-chunked" header and a Content-Length header, causing Apache to
-incorrectly handle and forward the body of the request in a way that
-causes the receiving server to process it as a separate HTTP request.
-This could allow the bypass of web application firewall protection or
-lead to cross-site scripting (XSS) attacks.
-</p>
-</description>
-  <affects prod="httpd" version="1.3.33"/>
-  <affects prod="httpd" version="1.3.32"/>
-  <affects prod="httpd" version="1.3.31"/>
-  <affects prod="httpd" version="1.3.29"/>
-  <affects prod="httpd" version="1.3.28"/>
-  <affects prod="httpd" version="1.3.27"/>
-  <affects prod="httpd" version="1.3.26"/>
-  <affects prod="httpd" version="1.3.24"/>
-  <affects prod="httpd" version="1.3.22"/>
-  <affects prod="httpd" version="1.3.20"/>
-  <affects prod="httpd" version="1.3.19"/>
-  <affects prod="httpd" version="1.3.17"/>
-  <affects prod="httpd" version="1.3.14"/>
-  <affects prod="httpd" version="1.3.12"/>
-  <affects prod="httpd" version="1.3.11"/>
-  <affects prod="httpd" version="1.3.9"/>
-  <affects prod="httpd" version="1.3.6"/>
-  <affects prod="httpd" version="1.3.4"/>
-  <affects prod="httpd" version="1.3.3"/>
-  <affects prod="httpd" version="1.3.2"/>
-  <affects prod="httpd" version="1.3.1"/>
-  <affects prod="httpd" version="1.3.0"/>
-</issue>
-
 <issue fixed="2.0.55" public="20050611" released="20051014">
 <cve name="CVE-2005-2088"/>
 <severity level="3">moderate</severity>



Mime
View raw message