httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From traw...@apache.org
Subject svn commit: r921915 - in /httpd/site/trunk: docs/security/vulnerabilities-oval.xml docs/security/vulnerabilities_20.html xdocs/security/vulnerabilities-httpd.xml
Date Thu, 11 Mar 2010 16:12:39 GMT
Author: trawick
Date: Thu Mar 11 16:12:38 2010
New Revision: 921915

URL: http://svn.apache.org/viewvc?rev=921915&view=rev
Log:
add 2.0.64-dev references to CVE-2010-0434 and CVE-2008-2364 

Modified:
    httpd/site/trunk/docs/security/vulnerabilities-oval.xml
    httpd/site/trunk/docs/security/vulnerabilities_20.html
    httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml

Modified: httpd/site/trunk/docs/security/vulnerabilities-oval.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/docs/security/vulnerabilities-oval.xml?rev=921915&r1=921914&r2=921915&view=diff
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities-oval.xml (original)
+++ httpd/site/trunk/docs/security/vulnerabilities-oval.xml Thu Mar 11 16:12:38 2010
@@ -70,6 +70,31 @@ fix for this issue.
 <criterion test_ref="oval:org.apache.httpd:tst:2036" comment="the version of httpd is
2.0.36"/>
 <criterion test_ref="oval:org.apache.httpd:tst:2035" comment="the version of httpd is
2.0.35"/>
 </criteria>
+<criteria operator="OR">
+<criterion test_ref="oval:org.apache.httpd:tst:2063" comment="the version of httpd is
2.0.63"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2061" comment="the version of httpd is
2.0.61"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2059" comment="the version of httpd is
2.0.59"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2058" comment="the version of httpd is
2.0.58"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2055" comment="the version of httpd is
2.0.55"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2054" comment="the version of httpd is
2.0.54"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2053" comment="the version of httpd is
2.0.53"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2052" comment="the version of httpd is
2.0.52"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2051" comment="the version of httpd is
2.0.51"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2050" comment="the version of httpd is
2.0.50"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2049" comment="the version of httpd is
2.0.49"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2048" comment="the version of httpd is
2.0.48"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2047" comment="the version of httpd is
2.0.47"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2046" comment="the version of httpd is
2.0.46"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2045" comment="the version of httpd is
2.0.45"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2044" comment="the version of httpd is
2.0.44"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2043" comment="the version of httpd is
2.0.43"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2042" comment="the version of httpd is
2.0.42"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2040" comment="the version of httpd is
2.0.40"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2039" comment="the version of httpd is
2.0.39"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2037" comment="the version of httpd is
2.0.37"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2036" comment="the version of httpd is
2.0.36"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2035" comment="the version of httpd is
2.0.35"/>
+</criteria>
 </criteria>
 </definition>
 <definition id="oval:org.apache.httpd:def:20100425" version="1" class="vulnerability">
@@ -616,12 +641,37 @@ could cause a denial of service or high 
 <apache_httpd_repository>
 <public>20080610</public>
 <reported>20080529</reported>
-<released>20080614</released>
+<released/>
 <severity level="3">moderate</severity>
 </apache_httpd_repository>
 </metadata>
 <criteria operator="OR">
 <criteria operator="OR">
+<criterion test_ref="oval:org.apache.httpd:tst:2063" comment="the version of httpd is
2.0.63"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2061" comment="the version of httpd is
2.0.61"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2059" comment="the version of httpd is
2.0.59"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2058" comment="the version of httpd is
2.0.58"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2055" comment="the version of httpd is
2.0.55"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2054" comment="the version of httpd is
2.0.54"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2053" comment="the version of httpd is
2.0.53"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2052" comment="the version of httpd is
2.0.52"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2051" comment="the version of httpd is
2.0.51"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2050" comment="the version of httpd is
2.0.50"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2049" comment="the version of httpd is
2.0.49"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2048" comment="the version of httpd is
2.0.48"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2047" comment="the version of httpd is
2.0.47"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2046" comment="the version of httpd is
2.0.46"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2045" comment="the version of httpd is
2.0.45"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2044" comment="the version of httpd is
2.0.44"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2043" comment="the version of httpd is
2.0.43"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2042" comment="the version of httpd is
2.0.42"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2040" comment="the version of httpd is
2.0.40"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2039" comment="the version of httpd is
2.0.39"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2037" comment="the version of httpd is
2.0.37"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2036" comment="the version of httpd is
2.0.36"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2035" comment="the version of httpd is
2.0.35"/>
+</criteria>
+<criteria operator="OR">
 <criterion test_ref="oval:org.apache.httpd:tst:228" comment="the version of httpd is 2.2.8"/>
 <criterion test_ref="oval:org.apache.httpd:tst:226" comment="the version of httpd is 2.2.6"/>
 <criterion test_ref="oval:org.apache.httpd:tst:225" comment="the version of httpd is 2.2.5"/>

Modified: httpd/site/trunk/docs/security/vulnerabilities_20.html
URL: http://svn.apache.org/viewvc/httpd/site/trunk/docs/security/vulnerabilities_20.html?rev=921915&r1=921914&r2=921915&view=diff
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities_20.html [utf-8] (original)
+++ httpd/site/trunk/docs/security/vulnerabilities_20.html [utf-8] Thu Mar 11 16:12:38 2010
@@ -127,6 +127,36 @@ proposing a patch fix for this issue.
 <dd>
 <b>low: </b>
 <b>
+<name name="CVE-2010-0434">Subrequest handling of request headers (mod_headers)</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0434">CVE-2010-0434</a>
+<p>
+A flaw in the core subrequest process code was fixed, to always provide a shallow copy of
the headers_in
+array to the subrequest, instead of a pointer to the parent request's array
+as it had for requests without request bodies.  This meant all modules such
+as mod_headers which may manipulate the input headers for a subrequest would
+poison the parent request in two ways, one by modifying the parent request,
+which might not be intended, and second by leaving pointers to modified header
+fields in memory allocated to the subrequest scope, which could be freed
+before the main request processing was finished, resulting in a segfault or
+in revealing data from another request on threaded servers, such as the worker
+or winnt MPMs.
+</p>
+</dd>
+<dd>
+<p>Acknowledgements: 
+We would like to thank Philip Pickett of VMware for reporting and proposing a 
+fix for this issue.
+</p>
+</dd>
+<dd />
+<dd>
+      Affects: 
+    2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49,
2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p
/>
+</dd>
+<dd>
+<b>low: </b>
+<b>
 <name name="CVE-2008-2939">mod_proxy_ftp globbing XSS</name>
 </b>
 <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939">CVE-2008-2939</a>
@@ -141,6 +171,22 @@ to cross-site scripting (XSS) attacks.</
       Affects: 
     2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49,
2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p
/>
 </dd>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2008-2364">mod_proxy_http DoS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364">CVE-2008-2364</a>
+<p>
+A flaw was found in the handling of excessive interim responses
+from an origin server when using mod_proxy_http.  A remote attacker
+could cause a denial of service or high memory usage.</p>
+</dd>
+<dd />
+<dd>
+      Affects: 
+    2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49,
2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p
/>
+</dd>
 </dl>
   </blockquote>
  </td></tr>

Modified: httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml?rev=921915&r1=921914&r2=921915&view=diff
==============================================================================
--- httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml [utf-8] (original)
+++ httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml [utf-8] Thu Mar 11 16:12:38
2010
@@ -1,4 +1,4 @@
-<security updated="20100302">
+<security updated="20100311">
 
 
 <issue fixed="2.2.15" reported="20091209" public="20091209" released="20100305">
@@ -410,6 +410,51 @@ to cross-site scripting (XSS) attacks.</
 <affects prod="httpd" version="2.2.0"/>
 </issue>
 
+<issue fixed="2.0.64-dev" reported="20091209" public="20091209" released="">
+<cve name="CVE-2010-0434"/>
+<severity level="4">low</severity>
+<title>Subrequest handling of request headers (mod_headers)</title>
+<description><p>
+A flaw in the core subrequest process code was fixed, to always provide a shallow copy of
the headers_in
+array to the subrequest, instead of a pointer to the parent request's array
+as it had for requests without request bodies.  This meant all modules such
+as mod_headers which may manipulate the input headers for a subrequest would
+poison the parent request in two ways, one by modifying the parent request,
+which might not be intended, and second by leaving pointers to modified header
+fields in memory allocated to the subrequest scope, which could be freed
+before the main request processing was finished, resulting in a segfault or
+in revealing data from another request on threaded servers, such as the worker
+or winnt MPMs.
+</p></description>
+<acknowledgements>
+We would like to thank Philip Pickett of VMware for reporting and proposing a 
+fix for this issue.
+</acknowledgements>
+<affects prod="httpd" version="2.0.63"/>
+<affects prod="httpd" version="2.0.61"/>
+<affects prod="httpd" version="2.0.59"/>
+<affects prod="httpd" version="2.0.58"/>
+<affects prod="httpd" version="2.0.55"/>
+<affects prod="httpd" version="2.0.54"/>
+<affects prod="httpd" version="2.0.53"/>
+<affects prod="httpd" version="2.0.52"/>
+<affects prod="httpd" version="2.0.51"/>
+<affects prod="httpd" version="2.0.50"/>
+<affects prod="httpd" version="2.0.49"/>
+<affects prod="httpd" version="2.0.48"/>
+<affects prod="httpd" version="2.0.47"/>
+<affects prod="httpd" version="2.0.46"/>
+<affects prod="httpd" version="2.0.45"/>
+<affects prod="httpd" version="2.0.44"/>
+<affects prod="httpd" version="2.0.43"/>
+<affects prod="httpd" version="2.0.42"/>
+<affects prod="httpd" version="2.0.40"/>
+<affects prod="httpd" version="2.0.39"/>
+<affects prod="httpd" version="2.0.37"/>
+<affects prod="httpd" version="2.0.36"/>
+<affects prod="httpd" version="2.0.35"/>
+</issue>
+
 <issue fixed="2.0.64-dev" public="20100302" reported="20100209" released="">
 <cve name="CVE-2010-0425"/>
 <severity level="2">important</severity>
@@ -449,6 +494,39 @@ proposing a patch fix for this issue.
 <affects prod="httpd" version="2.0.37"/>
 </issue>
 
+<issue fixed="2.0.64-dev" public="20080610" reported="20080529" released="">
+<cve name="CVE-2008-2364"/>
+<severity level="3">moderate</severity>
+<title>mod_proxy_http DoS</title>
+<description><p>
+A flaw was found in the handling of excessive interim responses
+from an origin server when using mod_proxy_http.  A remote attacker
+could cause a denial of service or high memory usage.</p></description>
+<affects prod="httpd" version="2.0.63"/>
+<affects prod="httpd" version="2.0.61"/>
+<affects prod="httpd" version="2.0.59"/>
+<affects prod="httpd" version="2.0.58"/>
+<affects prod="httpd" version="2.0.55"/>
+<affects prod="httpd" version="2.0.54"/>
+<affects prod="httpd" version="2.0.53"/>
+<affects prod="httpd" version="2.0.52"/>
+<affects prod="httpd" version="2.0.51"/>
+<affects prod="httpd" version="2.0.50"/>
+<affects prod="httpd" version="2.0.49"/>
+<affects prod="httpd" version="2.0.48"/>
+<affects prod="httpd" version="2.0.47"/>
+<affects prod="httpd" version="2.0.46"/>
+<affects prod="httpd" version="2.0.45"/>
+<affects prod="httpd" version="2.0.44"/>
+<affects prod="httpd" version="2.0.43"/>
+<affects prod="httpd" version="2.0.42"/>
+<affects prod="httpd" version="2.0.40"/>
+<affects prod="httpd" version="2.0.39"/>
+<affects prod="httpd" version="2.0.37"/>
+<affects prod="httpd" version="2.0.36"/>
+<affects prod="httpd" version="2.0.35"/>
+</issue>
+
 <issue fixed="2.0.64-dev" public="20080805" reported="20080728" released="">
 <cve name="CVE-2008-2939"/>
 <severity level="4">low</severity>



Mime
View raw message