httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From m..@apache.org
Subject svn commit: r818868 - in /httpd/site/trunk: docs/security/vulnerabilities-oval.xml docs/security/vulnerabilities_22.html xdocs/security/vulnerabilities-httpd.xml
Date Fri, 25 Sep 2009 15:00:52 GMT
Author: mjc
Date: Fri Sep 25 15:00:51 2009
New Revision: 818868

URL: http://svn.apache.org/viewvc?rev=818868&view=rev
Log:
Update for 2.2.13 and some of the 2.2.14 issues that
are public in CVE

Modified:
    httpd/site/trunk/docs/security/vulnerabilities-oval.xml
    httpd/site/trunk/docs/security/vulnerabilities_22.html
    httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml

Modified: httpd/site/trunk/docs/security/vulnerabilities-oval.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/docs/security/vulnerabilities-oval.xml?rev=818868&r1=818867&r2=818868&view=diff
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities-oval.xml (original)
+++ httpd/site/trunk/docs/security/vulnerabilities-oval.xml Fri Sep 25 15:00:51 2009
@@ -5,6 +5,108 @@
 <oval:timestamp>2005-10-12T18:13:45</oval:timestamp>
 </generator>
 <definitions>
+<definition id="oval:org.apache.httpd:def:20093094" version="1" class="vulnerability">
+<metadata>
+<title>mod_proxy_ftp DoS</title>
+<reference source="CVE" ref_id="CVE-2009-3094" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094"/>
+<description>
+A NULL pointer dereference flaw was found in the mod_proxy_ftp
+module. A malicious FTP server to which requests are being proxied
+could use this flaw to crash an httpd child process via a malformed
+reply to the EPSV or PASV commands, resulting in a limited denial of
+service.
+</description>
+<apache_httpd_repository>
+<public>20090802</public>
+<reported>20090904</reported>
+<released/>
+<severity level="4">low</severity>
+</apache_httpd_repository>
+</metadata>
+<criteria operator="OR">
+<criteria operator="OR">
+<criterion test_ref="oval:org.apache.httpd:tst:2213" comment="the version of httpd is
2.2.13"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2212" comment="the version of httpd is
2.2.12"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2211" comment="the version of httpd is
2.2.11"/>
+<criterion test_ref="oval:org.apache.httpd:tst:229" comment="the version of httpd is 2.2.9"/>
+<criterion test_ref="oval:org.apache.httpd:tst:228" comment="the version of httpd is 2.2.8"/>
+<criterion test_ref="oval:org.apache.httpd:tst:226" comment="the version of httpd is 2.2.6"/>
+<criterion test_ref="oval:org.apache.httpd:tst:225" comment="the version of httpd is 2.2.5"/>
+<criterion test_ref="oval:org.apache.httpd:tst:224" comment="the version of httpd is 2.2.4"/>
+<criterion test_ref="oval:org.apache.httpd:tst:223" comment="the version of httpd is 2.2.3"/>
+<criterion test_ref="oval:org.apache.httpd:tst:222" comment="the version of httpd is 2.2.2"/>
+<criterion test_ref="oval:org.apache.httpd:tst:220" comment="the version of httpd is 2.2.0"/>
+</criteria>
+</criteria>
+</definition>
+<definition id="oval:org.apache.httpd:def:20093095" version="1" class="vulnerability">
+<metadata>
+<title>mod_proxy_ftp FTP command injection</title>
+<reference source="CVE" ref_id="CVE-2009-3095" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095"/>
+<description>
+A flaw was found in the mod_proxy_ftp module. In a reverse proxy
+configuration, a remote attacker could use this flaw to bypass
+intended access restrictions by creating a carefully-crafted HTTP
+Authorization header, allowing the attacker to send arbitrary commands
+to the FTP server.
+</description>
+<apache_httpd_repository>
+<public>20090803</public>
+<reported>20090903</reported>
+<released/>
+<severity level="4">low</severity>
+</apache_httpd_repository>
+</metadata>
+<criteria operator="OR">
+<criteria operator="OR">
+<criterion test_ref="oval:org.apache.httpd:tst:2213" comment="the version of httpd is
2.2.13"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2212" comment="the version of httpd is
2.2.12"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2211" comment="the version of httpd is
2.2.11"/>
+<criterion test_ref="oval:org.apache.httpd:tst:229" comment="the version of httpd is 2.2.9"/>
+<criterion test_ref="oval:org.apache.httpd:tst:228" comment="the version of httpd is 2.2.8"/>
+<criterion test_ref="oval:org.apache.httpd:tst:226" comment="the version of httpd is 2.2.6"/>
+<criterion test_ref="oval:org.apache.httpd:tst:225" comment="the version of httpd is 2.2.5"/>
+<criterion test_ref="oval:org.apache.httpd:tst:224" comment="the version of httpd is 2.2.4"/>
+<criterion test_ref="oval:org.apache.httpd:tst:223" comment="the version of httpd is 2.2.3"/>
+<criterion test_ref="oval:org.apache.httpd:tst:222" comment="the version of httpd is 2.2.2"/>
+<criterion test_ref="oval:org.apache.httpd:tst:220" comment="the version of httpd is 2.2.0"/>
+</criteria>
+</criteria>
+</definition>
+<definition id="oval:org.apache.httpd:def:20092412" version="1" class="vulnerability">
+<metadata>
+<title>APR apr_palloc heap overflow</title>
+<reference source="CVE" ref_id="CVE-2009-2412" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412"/>
+<description>
+A flaw in apr_palloc() in the bundled copy of APR could
+cause heap overflows in programs that try to apr_palloc() a user
+controlled size.  The Apache HTTP Server itself does not pass 
+unsanitized user-provided sizes to this function, so it could only
+be triggered through some other application which uses apr_palloc()
+in a vulnerable way.
+</description>
+<apache_httpd_repository>
+<public>20090804</public>
+<reported>20090727</reported>
+<released>20090809</released>
+<severity level="4">low</severity>
+</apache_httpd_repository>
+</metadata>
+<criteria operator="OR">
+<criteria operator="OR">
+<criterion test_ref="oval:org.apache.httpd:tst:2212" comment="the version of httpd is
2.2.12"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2211" comment="the version of httpd is
2.2.11"/>
+<criterion test_ref="oval:org.apache.httpd:tst:229" comment="the version of httpd is 2.2.9"/>
+<criterion test_ref="oval:org.apache.httpd:tst:228" comment="the version of httpd is 2.2.8"/>
+<criterion test_ref="oval:org.apache.httpd:tst:226" comment="the version of httpd is 2.2.6"/>
+<criterion test_ref="oval:org.apache.httpd:tst:225" comment="the version of httpd is 2.2.5"/>
+<criterion test_ref="oval:org.apache.httpd:tst:224" comment="the version of httpd is 2.2.4"/>
+<criterion test_ref="oval:org.apache.httpd:tst:223" comment="the version of httpd is 2.2.3"/>
+<criterion test_ref="oval:org.apache.httpd:tst:222" comment="the version of httpd is 2.2.2"/>
+<criterion test_ref="oval:org.apache.httpd:tst:220" comment="the version of httpd is 2.2.0"/>
+</criteria>
+</criteria>
+</definition>
 <definition id="oval:org.apache.httpd:def:20091956" version="1" class="vulnerability">
 <metadata>
 <title>APR-util off-by-one overflow</title>
@@ -3096,6 +3198,14 @@
 </definition>
 </definitions>
 <tests>
+<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:2213"
version="1" comment="the version of httpd is 2.2.13" check="at least one">
+<object object_ref="oval:org.apache.httpd:obj:1"/>
+<state state_ref="oval:org.apache.httpd:ste:2213"/>
+</httpd_test>
+<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:2212"
version="1" comment="the version of httpd is 2.2.12" check="at least one">
+<object object_ref="oval:org.apache.httpd:obj:1"/>
+<state state_ref="oval:org.apache.httpd:ste:2212"/>
+</httpd_test>
 <httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:2211"
version="1" comment="the version of httpd is 2.2.11" check="at least one">
 <object object_ref="oval:org.apache.httpd:obj:1"/>
 <state state_ref="oval:org.apache.httpd:ste:2211"/>
@@ -3341,6 +3451,12 @@
 </httpd_object>
 </objects>
 <states>
+<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:2213"
version="1" comment="the version of httpd is 2.2.13">
+<version operation="equals" datatype="version">2.2.13</version>
+</httpd_state>
+<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:2212"
version="1" comment="the version of httpd is 2.2.12">
+<version operation="equals" datatype="version">2.2.12</version>
+</httpd_state>
 <httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:2211"
version="1" comment="the version of httpd is 2.2.11">
 <version operation="equals" datatype="version">2.2.11</version>
 </httpd_state>

Modified: httpd/site/trunk/docs/security/vulnerabilities_22.html
URL: http://svn.apache.org/viewvc/httpd/site/trunk/docs/security/vulnerabilities_22.html?rev=818868&r1=818867&r2=818868&view=diff
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities_22.html [utf-8] (original)
+++ httpd/site/trunk/docs/security/vulnerabilities_22.html [utf-8] Fri Sep 25 15:00:51 2009
@@ -88,6 +88,96 @@
  <tr>
  <td bgcolor="#525D76">
   <font color="#ffffff" face="arial,helvetica,sanserif">
+   <a name="2.2.14-dev"><strong>Fixed in Apache httpd 2.2.14-dev</strong></a>
+  </font>
+ </td>
+ </tr>
+ <tr><td>
+  <blockquote>
+<dl>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2009-3094">mod_proxy_ftp DoS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094">CVE-2009-3094</a>
+<p>
+A NULL pointer dereference flaw was found in the mod_proxy_ftp
+module. A malicious FTP server to which requests are being proxied
+could use this flaw to crash an httpd child process via a malformed
+reply to the EPSV or PASV commands, resulting in a limited denial of
+service.
+</p>
+</dd>
+<dd />
+<dd>
+      Affects: 
+    2.2.13, 2.2.12, 2.2.11, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2009-3095">mod_proxy_ftp FTP command injection</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095">CVE-2009-3095</a>
+<p>
+A flaw was found in the mod_proxy_ftp module. In a reverse proxy
+configuration, a remote attacker could use this flaw to bypass
+intended access restrictions by creating a carefully-crafted HTTP
+Authorization header, allowing the attacker to send arbitrary commands
+to the FTP server.
+</p>
+</dd>
+<dd />
+<dd>
+      Affects: 
+    2.2.13, 2.2.12, 2.2.11, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
+</dd>
+</dl>
+  </blockquote>
+ </td></tr>
+</table>
+           <table border="0" cellspacing="0" cellpadding="2" width="100%">
+ <tr>
+ <td bgcolor="#525D76">
+  <font color="#ffffff" face="arial,helvetica,sanserif">
+   <a name="2.2.13"><strong>Fixed in Apache httpd 2.2.13</strong></a>
+  </font>
+ </td>
+ </tr>
+ <tr><td>
+  <blockquote>
+<dl>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2009-2412">APR apr_palloc heap overflow</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412">CVE-2009-2412</a>
+<p>
+A flaw in apr_palloc() in the bundled copy of APR could
+cause heap overflows in programs that try to apr_palloc() a user
+controlled size.  The Apache HTTP Server itself does not pass 
+unsanitized user-provided sizes to this function, so it could only
+be triggered through some other application which uses apr_palloc()
+in a vulnerable way.
+</p>
+</dd>
+<dd>
+  Update Released: 9th August 2009<br />
+</dd>
+<dd>
+      Affects: 
+    2.2.12, 2.2.11, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
+</dd>
+</dl>
+  </blockquote>
+ </td></tr>
+</table>
+           <table border="0" cellspacing="0" cellpadding="2" width="100%">
+ <tr>
+ <td bgcolor="#525D76">
+  <font color="#ffffff" face="arial,helvetica,sanserif">
    <a name="2.2.12"><strong>Fixed in Apache httpd 2.2.12</strong></a>
   </font>
  </td>

Modified: httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml?rev=818868&r1=818867&r2=818868&view=diff
==============================================================================
--- httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml [utf-8] (original)
+++ httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml [utf-8] Fri Sep 25 15:00:51
2009
@@ -1,4 +1,76 @@
-<security updated="20090709">
+<security updated="20090925">
+
+<issue fixed="2.2.14-dev" reported="20090904" public="20090802">
+<cve name="CVE-2009-3094"/>
+<severity level="4">low</severity>
+<title>mod_proxy_ftp DoS</title>
+<description><p>
+A NULL pointer dereference flaw was found in the mod_proxy_ftp
+module. A malicious FTP server to which requests are being proxied
+could use this flaw to crash an httpd child process via a malformed
+reply to the EPSV or PASV commands, resulting in a limited denial of
+service.
+</p></description>
+<affects prod="httpd" version="2.2.13"/>
+<affects prod="httpd" version="2.2.12"/>
+<affects prod="httpd" version="2.2.11"/>
+<affects prod="httpd" version="2.2.9"/>
+<affects prod="httpd" version="2.2.8"/>
+<affects prod="httpd" version="2.2.6"/>
+<affects prod="httpd" version="2.2.5"/>
+<affects prod="httpd" version="2.2.4"/>
+<affects prod="httpd" version="2.2.3"/>
+<affects prod="httpd" version="2.2.2"/>
+<affects prod="httpd" version="2.2.0"/>
+</issue>
+
+<issue fixed="2.2.14-dev" reported="20090903" public="20090803">
+<cve name="CVE-2009-3095"/>
+<severity level="4">low</severity>
+<title>mod_proxy_ftp FTP command injection</title>
+<description><p>
+A flaw was found in the mod_proxy_ftp module. In a reverse proxy
+configuration, a remote attacker could use this flaw to bypass
+intended access restrictions by creating a carefully-crafted HTTP
+Authorization header, allowing the attacker to send arbitrary commands
+to the FTP server.
+</p></description>
+<affects prod="httpd" version="2.2.13"/>
+<affects prod="httpd" version="2.2.12"/>
+<affects prod="httpd" version="2.2.11"/>
+<affects prod="httpd" version="2.2.9"/>
+<affects prod="httpd" version="2.2.8"/>
+<affects prod="httpd" version="2.2.6"/>
+<affects prod="httpd" version="2.2.5"/>
+<affects prod="httpd" version="2.2.4"/>
+<affects prod="httpd" version="2.2.3"/>
+<affects prod="httpd" version="2.2.2"/>
+<affects prod="httpd" version="2.2.0"/>
+</issue>
+
+<issue fixed="2.2.13" reported="20090727" public="20090804" released="20090809">
+<cve name="CVE-2009-2412"/>
+<severity level="4">low</severity>
+<title>APR apr_palloc heap overflow</title>
+<description><p>
+A flaw in apr_palloc() in the bundled copy of APR could
+cause heap overflows in programs that try to apr_palloc() a user
+controlled size.  The Apache HTTP Server itself does not pass 
+unsanitized user-provided sizes to this function, so it could only
+be triggered through some other application which uses apr_palloc()
+in a vulnerable way.
+</p></description>
+<affects prod="httpd" version="2.2.12"/>
+<affects prod="httpd" version="2.2.11"/>
+<affects prod="httpd" version="2.2.9"/>
+<affects prod="httpd" version="2.2.8"/>
+<affects prod="httpd" version="2.2.6"/>
+<affects prod="httpd" version="2.2.5"/>
+<affects prod="httpd" version="2.2.4"/>
+<affects prod="httpd" version="2.2.3"/>
+<affects prod="httpd" version="2.2.2"/>
+<affects prod="httpd" version="2.2.0"/>
+</issue>
 
 <issue fixed="2.2.12" public="20090424" released="200900727">
 <cve name="CVE-2009-1956"/>



Mime
View raw message