Return-Path:
Delivered-To: apmail-httpd-cvs-archive@www.apache.org
Received: (qmail 33388 invoked from network); 19 Jan 2008 16:42:35 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
by minotaur.apache.org with SMTP; 19 Jan 2008 16:42:35 -0000
Received: (qmail 64393 invoked by uid 500); 19 Jan 2008 16:42:24 -0000
Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org
Received: (qmail 64341 invoked by uid 500); 19 Jan 2008 16:42:24 -0000
Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help:
list-unsubscribe:
List-Post:
List-Id:
Delivered-To: mailing list cvs@httpd.apache.org
Received: (qmail 64330 invoked by uid 99); 19 Jan 2008 16:42:24 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 19 Jan 2008 08:42:24 -0800
X-ASF-Spam-Status: No, hits=-100.0 required=10.0
tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.3] (HELO eris.apache.org) (140.211.11.3)
by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 19 Jan 2008 16:42:16 +0000
Received: by eris.apache.org (Postfix, from userid 65534)
id 263571A9832; Sat, 19 Jan 2008 08:42:08 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Subject: svn commit: r613412 - in /httpd/site/trunk:
docs/security/vulnerabilities-oval.xml
docs/security/vulnerabilities_13.html docs/security/vulnerabilities_20.html
docs/security/vulnerabilities_22.html
xdocs/security/vulnerabilities-httpd.xml
Date: Sat, 19 Jan 2008 16:42:07 -0000
To: cvs@httpd.apache.org
From: mjc@apache.org
X-Mailer: svnmailer-1.0.8
Message-Id: <20080119164208.263571A9832@eris.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org
Author: mjc
Date: Sat Jan 19 08:42:06 2008
New Revision: 613412
URL: http://svn.apache.org/viewvc?rev=613412&view=rev
Log:
Vulnerability pages updated for final releases
Modified:
httpd/site/trunk/docs/security/vulnerabilities-oval.xml
httpd/site/trunk/docs/security/vulnerabilities_13.html
httpd/site/trunk/docs/security/vulnerabilities_20.html
httpd/site/trunk/docs/security/vulnerabilities_22.html
httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
Modified: httpd/site/trunk/docs/security/vulnerabilities-oval.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/docs/security/vulnerabilities-oval.xml?rev=613412&r1=613411&r2=613412&view=diff
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities-oval.xml (original)
+++ httpd/site/trunk/docs/security/vulnerabilities-oval.xml Sat Jan 19 08:42:06 2008
@@ -17,7 +17,7 @@
20080102
20071215
-
+20080119
moderate
@@ -94,7 +94,7 @@
20071211
20071023
-
+20080119
moderate
@@ -176,7 +176,7 @@
20080108
20071215
-
+20080119
low
@@ -228,7 +228,7 @@
20080102
20071212
-
+20080119
low
@@ -254,7 +254,7 @@
20080102
20071212
-
+20080119
low
Modified: httpd/site/trunk/docs/security/vulnerabilities_13.html
URL: http://svn.apache.org/viewvc/httpd/site/trunk/docs/security/vulnerabilities_13.html?rev=613412&r1=613411&r2=613412&view=diff
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities_13.html (original)
+++ httpd/site/trunk/docs/security/vulnerabilities_13.html Sat Jan 19 08:42:06 2008
@@ -86,7 +86,7 @@
- Fixed in Apache httpd 1.3.41-dev
+ Fixed in Apache httpd 1.3.41
|
@@ -105,7 +105,9 @@
scripting attack is possible.
Note that the server-status page is not enabled by default and it is best practice to not make this publicly available.
-
+
+ Update Released: 19th January 2008
+
Affects:
1.3.39, 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2
@@ -121,7 +123,9 @@
mod_imap is enabled and an imagemap file is publicly available, a
cross-site scripting attack is possible.
-
+
+ Update Released: 19th January 2008
+
Affects:
1.3.39, 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0
Modified: httpd/site/trunk/docs/security/vulnerabilities_20.html
URL: http://svn.apache.org/viewvc/httpd/site/trunk/docs/security/vulnerabilities_20.html?rev=613412&r1=613411&r2=613412&view=diff
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities_20.html (original)
+++ httpd/site/trunk/docs/security/vulnerabilities_20.html Sat Jan 19 08:42:06 2008
@@ -86,7 +86,7 @@
- Fixed in Apache httpd 2.0.63-dev
+ Fixed in Apache httpd 2.0.63
|
@@ -107,7 +107,9 @@
RFC 2616.
-
+
+ Update Released: 19th January 2008
+
Affects:
2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
@@ -124,7 +126,9 @@
scripting attack is possible.
Note that the server-status page is not enabled by default and it is best practice to not make this publicly available.
-
+
+ Update Released: 19th January 2008
+
Affects:
2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
@@ -140,7 +144,9 @@
mod_imap is enabled and an imagemap file is publicly available, a
cross-site scripting attack is possible.
-
+
+ Update Released: 19th January 2008
+
Affects:
2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
Modified: httpd/site/trunk/docs/security/vulnerabilities_22.html
URL: http://svn.apache.org/viewvc/httpd/site/trunk/docs/security/vulnerabilities_22.html?rev=613412&r1=613411&r2=613412&view=diff
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities_22.html (original)
+++ httpd/site/trunk/docs/security/vulnerabilities_22.html Sat Jan 19 08:42:06 2008
@@ -86,7 +86,7 @@
- Fixed in Apache httpd 2.2.8-dev
+ Fixed in Apache httpd 2.2.8
|
@@ -107,7 +107,9 @@
RFC 2616.
-
+
+ Update Released: 19th January 2008
+
Affects:
2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0
@@ -125,7 +127,9 @@
request to crash. This could lead to a denial of service if using a
threaded Multi-Processing Module.
-
+
+ Update Released: 19th January 2008
+
Affects:
2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0
@@ -141,7 +145,9 @@
mod_proxy_balancer is enabled, a cross-site scripting attack against an
authorized user is possible.
-
+
+ Update Released: 19th January 2008
+
Affects:
2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0
@@ -158,7 +164,9 @@
scripting attack is possible.
Note that the server-status page is not enabled by default and it is best practice to not make this publicly available.
-
+
+ Update Released: 19th January 2008
+
Affects:
2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0
@@ -174,7 +182,9 @@
mod_imagemap is enabled and an imagemap file is publicly available, a
cross-site scripting attack is possible.
-
+
+ Update Released: 19th January 2008
+
Affects:
2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0
Modified: httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml?rev=613412&r1=613411&r2=613412&view=diff
==============================================================================
--- httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml (original)
+++ httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml Sat Jan 19 08:42:06 2008
@@ -1,6 +1,6 @@
-
+
-
+
moderate
mod_status XSS
@@ -17,7 +17,7 @@
-
+
moderate
mod_status XSS
@@ -50,7 +50,7 @@
-
+
moderate
mod_status XSS
@@ -86,7 +86,7 @@
-
+
moderate
mod_imagemap XSS
@@ -102,7 +102,7 @@
-
+
moderate
mod_imap XSS
@@ -134,7 +134,7 @@
-
+
moderate
mod_imap XSS
@@ -171,7 +171,7 @@
-
+
low
mod_proxy_ftp UTF-7 XSS
@@ -206,7 +206,7 @@
-
+
low
mod_proxy_ftp UTF-7 XSS
@@ -225,7 +225,7 @@
-
+
low
mod_proxy_balancer DoS
@@ -243,7 +243,7 @@
-
+
low
mod_proxy_balancer XSS