Author: mjc
Date: Wed Mar 3 10:51:50 2010
New Revision: 918395
URL: http://svn.apache.org/viewvc?rev=918395&view=rev
Log:
Add http://svn.apache.org/viewvc?view=revision&revision=917867
Modified:
httpd/site/trunk/docs/security/vulnerabilities-oval.xml
httpd/site/trunk/docs/security/vulnerabilities_22.html
httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
Modified: httpd/site/trunk/docs/security/vulnerabilities-oval.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/docs/security/vulnerabilities-oval.xml?rev=918395&r1=918394&r2=918395&view=diff
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities-oval.xml (original)
+++ httpd/site/trunk/docs/security/vulnerabilities-oval.xml Wed Mar 3 10:51:50 2010
@@ -5,6 +5,40 @@
<oval:timestamp>2005-10-12T18:13:45</oval:timestamp>
</generator>
<definitions>
+<definition id="oval:org.apache.httpd:def:20100434" version="1" class="vulnerability">
+<metadata>
+<title>Request header information leak</title>
+<reference source="CVE" ref_id="CVE-2010-0434" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0434"/>
+<description>
+A bug in the handling of headers in subrequests could lead to a reuse
+of memory. In a multithreaded MPM this could possibly cause an
+information leak from other requests being handled by a different
+thread.
+</description>
+<apache_httpd_repository>
+<public>20091209</public>
+<reported>20091209</reported>
+<released/>
+<severity level="4">low</severity>
+</apache_httpd_repository>
+</metadata>
+<criteria operator="OR">
+<criteria operator="OR">
+<criterion test_ref="oval:org.apache.httpd:tst:2214" comment="the version of httpd is
2.2.14"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2213" comment="the version of httpd is
2.2.13"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2212" comment="the version of httpd is
2.2.12"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2211" comment="the version of httpd is
2.2.11"/>
+<criterion test_ref="oval:org.apache.httpd:tst:229" comment="the version of httpd is 2.2.9"/>
+<criterion test_ref="oval:org.apache.httpd:tst:228" comment="the version of httpd is 2.2.8"/>
+<criterion test_ref="oval:org.apache.httpd:tst:226" comment="the version of httpd is 2.2.6"/>
+<criterion test_ref="oval:org.apache.httpd:tst:225" comment="the version of httpd is 2.2.5"/>
+<criterion test_ref="oval:org.apache.httpd:tst:224" comment="the version of httpd is 2.2.4"/>
+<criterion test_ref="oval:org.apache.httpd:tst:223" comment="the version of httpd is 2.2.3"/>
+<criterion test_ref="oval:org.apache.httpd:tst:222" comment="the version of httpd is 2.2.2"/>
+<criterion test_ref="oval:org.apache.httpd:tst:220" comment="the version of httpd is 2.2.0"/>
+</criteria>
+</criteria>
+</definition>
<definition id="oval:org.apache.httpd:def:20100408" version="1" class="vulnerability">
<metadata>
<title>mod_proxy_ajp DoS</title>
Modified: httpd/site/trunk/docs/security/vulnerabilities_22.html
URL: http://svn.apache.org/viewvc/httpd/site/trunk/docs/security/vulnerabilities_22.html?rev=918395&r1=918394&r2=918395&view=diff
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities_22.html [utf-8] (original)
+++ httpd/site/trunk/docs/security/vulnerabilities_22.html [utf-8] Wed Mar 3 10:51:50 2010
@@ -91,7 +91,7 @@
<tr>
<td bgcolor="#525D76">
<font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="2.2.15-cvs"><strong>Fixed in Apache httpd 2.2.15-cvs</strong></a>
+ <a name="2.2.15-dev"><strong>Fixed in Apache httpd 2.2.15-dev</strong></a>
</font>
</td>
</tr>
@@ -99,6 +99,24 @@
<blockquote>
<dl>
<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2010-0434">Request header information leak</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0434">CVE-2010-0434</a>
+<p>
+A bug in the handling of headers in subrequests could lead to a reuse
+of memory. In a multithreaded MPM this could possibly cause an
+information leak from other requests being handled by a different
+thread.
+</p>
+</dd>
+<dd />
+<dd>
+ Affects:
+ 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p
/>
+</dd>
+<dd>
<b>moderate: </b>
<b>
<name name="CVE-2010-0408">mod_proxy_ajp DoS</name>
Modified: httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml?rev=918395&r1=918394&r2=918395&view=diff
==============================================================================
--- httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml [utf-8] (original)
+++ httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml [utf-8] Wed Mar 3 10:51:50
2010
@@ -1,6 +1,31 @@
-<security updated="20100302">
+<security updated="20100303">
-<issue fixed="2.2.15-cvs" reported="20100202" public="20100302" released="">
+<issue fixed="2.2.15-dev" reported="20091209" public="20091209" released="">
+<cve name="CVE-2010-0434"/>
+<severity level="4">low</severity>
+<title>Request header information leak</title>
+<description><p>
+A bug in the handling of headers in subrequests could lead to a reuse
+of memory. In a multithreaded MPM this could possibly cause an
+information leak from other requests being handled by a different
+thread.
+</p></description>
+<!-- http://svn.apache.org/viewvc?view=revision&revision=917867 -->
+<affects prod="httpd" version="2.2.14"/>
+<affects prod="httpd" version="2.2.13"/>
+<affects prod="httpd" version="2.2.12"/>
+<affects prod="httpd" version="2.2.11"/>
+<affects prod="httpd" version="2.2.9"/>
+<affects prod="httpd" version="2.2.8"/>
+<affects prod="httpd" version="2.2.6"/>
+<affects prod="httpd" version="2.2.5"/>
+<affects prod="httpd" version="2.2.4"/>
+<affects prod="httpd" version="2.2.3"/>
+<affects prod="httpd" version="2.2.2"/>
+<affects prod="httpd" version="2.2.0"/>
+</issue>
+
+<issue fixed="2.2.15-dev" reported="20100202" public="20100302" released="">
<cve name="CVE-2010-0408"/>
<severity level="3">moderate</severity>
<title>mod_proxy_ajp DoS</title>
|