httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From m..@apache.org
Subject svn commit: r920084 - in /httpd/site/trunk: docs/security/vulnerabilities-oval.xml docs/security/vulnerabilities_22.html xdocs/security/vulnerabilities-httpd.xml
Date Sun, 07 Mar 2010 20:12:21 GMT
Author: mjc
Date: Sun Mar  7 20:12:21 2010
New Revision: 920084

URL: http://svn.apache.org/viewvc?rev=920084&view=rev
Log:
Just make it clear this is a flaw only affecting Windows
installations that use mod_isapi.  These entries need a bit
more cleanup, but another day

Modified:
    httpd/site/trunk/docs/security/vulnerabilities-oval.xml
    httpd/site/trunk/docs/security/vulnerabilities_22.html
    httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml

Modified: httpd/site/trunk/docs/security/vulnerabilities-oval.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/docs/security/vulnerabilities-oval.xml?rev=920084&r1=920083&r2=920084&view=diff
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities-oval.xml (original)
+++ httpd/site/trunk/docs/security/vulnerabilities-oval.xml Sun Mar  7 20:12:21 2010
@@ -51,13 +51,13 @@
 <title>mod_isapi module unload flaw</title>
 <reference source="CVE" ref_id="CVE-2010-0425" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0425"/>
 <description>
-Brett Gervasoni of Sense of Security reported a flaw with proposed patch fix
-within mod_isapi, which would attempt to unload the ISAPI dll when it
+Brett Gervasoni of Sense of Security reported and proposed a patch fix
+for a flaw with within mod_isapi, which would attempt to unload the ISAPI dll when it
 encountered various error states.  This could leave the callbacks in an
-undefined state and result in a segfault.  As the remote attacker could
-send a malicious request to trigger this issue, and win32 mpm runs only one
+undefined state and result in a segfault.  On Windows platforms using mod_isapi, a 
+remote attacker could send a malicious request to trigger this issue, and as win32 MPM runs
only one
 process, this would result in a denial of service, and potentially allow
-for arbitrary code execution.
+arbitrary code execution.
 </description>
 <apache_httpd_repository>
 <public>20100302</public>

Modified: httpd/site/trunk/docs/security/vulnerabilities_22.html
URL: http://svn.apache.org/viewvc/httpd/site/trunk/docs/security/vulnerabilities_22.html?rev=920084&r1=920083&r2=920084&view=diff
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities_22.html [utf-8] (original)
+++ httpd/site/trunk/docs/security/vulnerabilities_22.html [utf-8] Sun Mar  7 20:12:21 2010
@@ -105,13 +105,13 @@
 </b>
 <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0425">CVE-2010-0425</a>
 <p>
-Brett Gervasoni of Sense of Security reported a flaw with proposed patch fix
-within mod_isapi, which would attempt to unload the ISAPI dll when it
+Brett Gervasoni of Sense of Security reported and proposed a patch fix
+for a flaw with within mod_isapi, which would attempt to unload the ISAPI dll when it
 encountered various error states.  This could leave the callbacks in an
-undefined state and result in a segfault.  As the remote attacker could
-send a malicious request to trigger this issue, and win32 mpm runs only one
+undefined state and result in a segfault.  On Windows platforms using mod_isapi, a 
+remote attacker could send a malicious request to trigger this issue, and as win32 MPM runs
only one
 process, this would result in a denial of service, and potentially allow
-for arbitrary code execution.
+arbitrary code execution.
 </p>
 </dd>
 <dd>

Modified: httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml?rev=920084&r1=920083&r2=920084&view=diff
==============================================================================
--- httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml [utf-8] (original)
+++ httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml [utf-8] Sun Mar  7 20:12:21
2010
@@ -37,13 +37,13 @@
 <severity level="2">important</severity>
 <title>mod_isapi module unload flaw</title>
 <description><p>
-Brett Gervasoni of Sense of Security reported a flaw with proposed patch fix
-within mod_isapi, which would attempt to unload the ISAPI dll when it
+Brett Gervasoni of Sense of Security reported and proposed a patch fix
+for a flaw with within mod_isapi, which would attempt to unload the ISAPI dll when it
 encountered various error states.  This could leave the callbacks in an
-undefined state and result in a segfault.  As the remote attacker could
-send a malicious request to trigger this issue, and win32 mpm runs only one
+undefined state and result in a segfault.  On Windows platforms using mod_isapi, a 
+remote attacker could send a malicious request to trigger this issue, and as win32 MPM runs
only one
 process, this would result in a denial of service, and potentially allow
-for arbitrary code execution.
+arbitrary code execution.
 </p></description>
 <affects prod="httpd" version="2.2.14"/>
 <affects prod="httpd" version="2.2.13"/>



Mime
View raw message