httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wr...@apache.org
Subject svn commit: r919908 - /httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
Date Sun, 07 Mar 2010 01:36:20 GMT
Author: wrowe
Date: Sun Mar  7 01:36:20 2010
New Revision: 919908

URL: http://svn.apache.org/viewvc?rev=919908&view=rev
Log:
Adjust attribution

Modified:
    httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml

Modified: httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml?rev=919908&r1=919907&r2=919908&view=diff
==============================================================================
--- httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml [utf-8] (original)
+++ httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml [utf-8] Sun Mar  7 01:36:20
2010
@@ -64,11 +64,11 @@
 <severity level="3">moderate</severity>
 <title>mod_proxy_ajp DoS</title>
 <description><p>
-Niku Toivola reported with a proposed patch that mod_proxy_ajp would return
-the wrong status code if it encountered an error causing a backend server
-to be put into an error state until the retry timeout expired.  A remote
-attacker could send malicious requests to trigger this issue, resulting in
-denial of service.
+Niku Toivola of Sulake Corporation reported, with a corresponding patch, 
+that mod_proxy_ajp would return the wrong status code if it encountered
+an error, causing a backend server to be put into an error state until
+the retry timeout expired.  A remote attacker could send malicious requests
+to trigger this issue, resulting in denial of service.
 </p></description>
 <affects prod="httpd" version="2.2.14"/>
 <affects prod="httpd" version="2.2.13"/>



Mime
View raw message