httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From m..@apache.org
Subject svn commit: r556932 - in /httpd/site/trunk: docs/security/vulnerabilities-oval.xml docs/security/vulnerabilities_22.html xdocs/security/vulnerabilities-httpd.xml xdocs/security/vulnerabilities_22.xml
Date Tue, 17 Jul 2007 14:31:12 GMT
Author: mjc
Date: Tue Jul 17 07:31:10 2007
New Revision: 556932

URL: http://svn.apache.org/viewvc?view=rev&rev=556932
Log:
Add CVE-2007-1862 details, only 2.2.4 was affected

Modified:
    httpd/site/trunk/docs/security/vulnerabilities-oval.xml
    httpd/site/trunk/docs/security/vulnerabilities_22.html
    httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
    httpd/site/trunk/xdocs/security/vulnerabilities_22.xml

Modified: httpd/site/trunk/docs/security/vulnerabilities-oval.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/docs/security/vulnerabilities-oval.xml?view=diff&rev=556932&r1=556931&r2=556932
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities-oval.xml (original)
+++ httpd/site/trunk/docs/security/vulnerabilities-oval.xml Tue Jul 17 07:31:10 2007
@@ -5,6 +5,28 @@
 <oval:timestamp>2005-10-12T18:13:45</oval:timestamp>
 </generator>
 <definitions>
+<definition id="oval:org.apache.httpd:def:20071862" version="1" class="vulnerability">
+<metadata>
+<title>mod_cache information leak</title>
+<reference source="CVE" ref_id="CVE-2007-1862" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1862"/>
+<description>The recall_headers function in mod_mem_cache in Apache 2.2.4 did not
+properly copy all levels of header data, which can cause Apache to
+return HTTP headers containing previously used data, which could be
+used by remote attackers to obtain potentially sensitive information.
+</description>
+<apache_httpd_repository>
+<public>20070601</public>
+<reported>20070426</reported>
+<released/>
+<severity level="3">moderate</severity>
+</apache_httpd_repository>
+</metadata>
+<criteria operator="OR">
+<criteria operator="OR">
+<criterion test_ref="oval:org.apache.httpd:tst:224" comment="the version of httpd is 2.2.4"/>
+</criteria>
+</criteria>
+</definition>
 <definition id="oval:org.apache.httpd:def:20071863" version="1" class="vulnerability">
 <metadata>
 <title>mod_cache proxy DoS</title>
@@ -2286,6 +2308,10 @@
 </definition>
 </definitions>
 <tests>
+<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:224"
version="1" comment="the version of httpd is 2.2.4" check="at least one">
+<object object_ref="oval:org.apache.httpd:obj:1"/>
+<state state_ref="oval:org.apache.httpd:ste:224"/>
+</httpd_test>
 <httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:2059"
version="1" comment="the version of httpd is 2.0.59" check="at least one">
 <object object_ref="oval:org.apache.httpd:obj:1"/>
 <state state_ref="oval:org.apache.httpd:ste:2059"/>
@@ -2362,10 +2388,6 @@
 <object object_ref="oval:org.apache.httpd:obj:1"/>
 <state state_ref="oval:org.apache.httpd:ste:2037"/>
 </httpd_test>
-<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:224"
version="1" comment="the version of httpd is 2.2.4" check="at least one">
-<object object_ref="oval:org.apache.httpd:obj:1"/>
-<state state_ref="oval:org.apache.httpd:ste:224"/>
-</httpd_test>
 <httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:223"
version="1" comment="the version of httpd is 2.2.3" check="at least one">
 <object object_ref="oval:org.apache.httpd:obj:1"/>
 <state state_ref="oval:org.apache.httpd:ste:223"/>
@@ -2495,6 +2517,9 @@
 </httpd_object>
 </objects>
 <states>
+<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:224"
version="1" comment="the version of httpd is 2.2.4">
+<version operation="equals" datatype="version">2.2.4</version>
+</httpd_state>
 <httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:2059"
version="1" comment="the version of httpd is 2.0.59">
 <version operation="equals" datatype="version">2.0.59</version>
 </httpd_state>
@@ -2551,9 +2576,6 @@
 </httpd_state>
 <httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:2037"
version="1" comment="the version of httpd is 2.0.37">
 <version operation="equals" datatype="version">2.0.37</version>
-</httpd_state>
-<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:224"
version="1" comment="the version of httpd is 2.2.4">
-<version operation="equals" datatype="version">2.2.4</version>
 </httpd_state>
 <httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:223"
version="1" comment="the version of httpd is 2.2.3">
 <version operation="equals" datatype="version">2.2.3</version>

Modified: httpd/site/trunk/docs/security/vulnerabilities_22.html
URL: http://svn.apache.org/viewvc/httpd/site/trunk/docs/security/vulnerabilities_22.html?view=diff&rev=556932&r1=556931&r2=556932
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities_22.html (original)
+++ httpd/site/trunk/docs/security/vulnerabilities_22.html Tue Jul 17 07:31:10 2007
@@ -90,6 +90,23 @@
 <dd>
 <b>moderate: </b>
 <b>
+<name name="CVE-2007-1862">mod_cache information leak</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1862">CVE-2007-1862</a>
+<p>The recall_headers function in mod_mem_cache in Apache 2.2.4 did not
+properly copy all levels of header data, which can cause Apache to
+return HTTP headers containing previously used data, which could be
+used by remote attackers to obtain potentially sensitive information.
+</p>
+</dd>
+<dd />
+<dd>
+      Affects: 
+    2.2.4<p />
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
 <name name="CVE-2007-1863">mod_cache proxy DoS</name>
 </b>
 <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863">CVE-2007-1863</a>

Modified: httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml?view=diff&rev=556932&r1=556931&r2=556932
==============================================================================
--- httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml (original)
+++ httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml Tue Jul 17 07:31:10 2007
@@ -1,5 +1,18 @@
 <security updated="20070717">
 
+<issue fixed="2.2.5-dev" public="20070601" reported="20070426">
+<cve name="CVE-2007-1862"/>
+<severity level="3">moderate</severity>      
+<title>mod_cache information leak</title>
+<description>
+<p>The recall_headers function in mod_mem_cache in Apache 2.2.4 did not
+properly copy all levels of header data, which can cause Apache to
+return HTTP headers containing previously used data, which could be
+used by remote attackers to obtain potentially sensitive information.
+</p></description>
+<affects prod="httpd" version="2.2.4"/>
+</issue>
+
 <issue fixed="2.0.60-dev" public="20070618" reported="20070502">
 <cve name="CVE-2007-1863"/>
 <severity level="3">moderate</severity>      

Modified: httpd/site/trunk/xdocs/security/vulnerabilities_22.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/xdocs/security/vulnerabilities_22.xml?view=diff&rev=556932&r1=556931&r2=556932
==============================================================================
--- httpd/site/trunk/xdocs/security/vulnerabilities_22.xml (original)
+++ httpd/site/trunk/xdocs/security/vulnerabilities_22.xml Tue Jul 17 07:31:10 2007
@@ -25,6 +25,23 @@
 <dd>
 <b>moderate: </b>
 <b>
+<name name="CVE-2007-1862">mod_cache information leak</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1862">CVE-2007-1862</a>
+<p>The recall_headers function in mod_mem_cache in Apache 2.2.4 did not
+properly copy all levels of header data, which can cause Apache to
+return HTTP headers containing previously used data, which could be
+used by remote attackers to obtain potentially sensitive information.
+</p>
+</dd>
+<dd/>
+<dd>
+      Affects: 
+    2.2.4<p/>
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
 <name name="CVE-2007-1863">mod_cache proxy DoS</name>
 </b>
 <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863">CVE-2007-1863</a>



Mime
View raw message