httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From traw...@apache.org
Subject svn commit: r943966 - in /httpd/site/trunk: docs/security/vulnerabilities-oval.xml docs/security/vulnerabilities_20.html xdocs/security/vulnerabilities-httpd.xml
Date Thu, 13 May 2010 18:24:22 GMT
Author: trawick
Date: Thu May 13 18:24:22 2010
New Revision: 943966

URL: http://svn.apache.org/viewvc?rev=943966&view=rev
Log:
list CVE-2009-3094 for 2.0.64-dev

Modified:
    httpd/site/trunk/docs/security/vulnerabilities-oval.xml
    httpd/site/trunk/docs/security/vulnerabilities_20.html
    httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml

Modified: httpd/site/trunk/docs/security/vulnerabilities-oval.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/docs/security/vulnerabilities-oval.xml?rev=943966&r1=943965&r2=943966&view=diff
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities-oval.xml (original)
+++ httpd/site/trunk/docs/security/vulnerabilities-oval.xml Thu May 13 18:24:22 2010
@@ -241,6 +241,31 @@ service.
 <criterion test_ref="oval:org.apache.httpd:tst:222" comment="the version of httpd is 2.2.2"/>
 <criterion test_ref="oval:org.apache.httpd:tst:220" comment="the version of httpd is 2.2.0"/>
 </criteria>
+<criteria operator="OR">
+<criterion test_ref="oval:org.apache.httpd:tst:2063" comment="the version of httpd is
2.0.63"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2061" comment="the version of httpd is
2.0.61"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2059" comment="the version of httpd is
2.0.59"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2058" comment="the version of httpd is
2.0.58"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2055" comment="the version of httpd is
2.0.55"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2054" comment="the version of httpd is
2.0.54"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2053" comment="the version of httpd is
2.0.53"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2052" comment="the version of httpd is
2.0.52"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2051" comment="the version of httpd is
2.0.51"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2050" comment="the version of httpd is
2.0.50"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2049" comment="the version of httpd is
2.0.49"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2048" comment="the version of httpd is
2.0.48"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2047" comment="the version of httpd is
2.0.47"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2046" comment="the version of httpd is
2.0.46"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2045" comment="the version of httpd is
2.0.45"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2044" comment="the version of httpd is
2.0.44"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2043" comment="the version of httpd is
2.0.43"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2042" comment="the version of httpd is
2.0.42"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2040" comment="the version of httpd is
2.0.40"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2039" comment="the version of httpd is
2.0.39"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2037" comment="the version of httpd is
2.0.37"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2036" comment="the version of httpd is
2.0.36"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2035" comment="the version of httpd is
2.0.35"/>
+</criteria>
 </criteria>
 </definition>
 <definition id="oval:org.apache.httpd:def:20093095" version="1" class="vulnerability">

Modified: httpd/site/trunk/docs/security/vulnerabilities_20.html
URL: http://svn.apache.org/viewvc/httpd/site/trunk/docs/security/vulnerabilities_20.html?rev=943966&r1=943965&r2=943966&view=diff
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities_20.html [utf-8] (original)
+++ httpd/site/trunk/docs/security/vulnerabilities_20.html [utf-8] Thu May 13 18:24:22 2010
@@ -127,6 +127,25 @@ proposing a patch fix for this issue.
 <dd>
 <b>low: </b>
 <b>
+<name name="CVE-2009-3094">mod_proxy_ftp DoS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094">CVE-2009-3094</a>
+<p>
+A NULL pointer dereference flaw was found in the mod_proxy_ftp
+module. A malicious FTP server to which requests are being proxied
+could use this flaw to crash an httpd child process via a malformed
+reply to the EPSV or PASV commands, resulting in a limited denial of
+service.
+</p>
+</dd>
+<dd />
+<dd>
+      Affects: 
+    2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49,
2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p
/>
+</dd>
+<dd>
+<b>low: </b>
+<b>
 <name name="CVE-2010-0434">Subrequest handling of request headers (mod_headers)</name>
 </b>
 <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0434">CVE-2010-0434</a>

Modified: httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml?rev=943966&r1=943965&r2=943966&view=diff
==============================================================================
--- httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml [utf-8] (original)
+++ httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml [utf-8] Thu May 13 18:24:22
2010
@@ -366,6 +366,42 @@ to cross-site scripting (XSS) attacks.</
 <affects prod="httpd" version="2.2.0"/>
 </issue>
 
+<issue fixed="2.0.64-dev" reported="20090904" public="20090802" released="">
+<cve name="CVE-2009-3094"/>
+<severity level="4">low</severity>
+<title>mod_proxy_ftp DoS</title>
+<description><p>
+A NULL pointer dereference flaw was found in the mod_proxy_ftp
+module. A malicious FTP server to which requests are being proxied
+could use this flaw to crash an httpd child process via a malformed
+reply to the EPSV or PASV commands, resulting in a limited denial of
+service.
+</p></description>
+<affects prod="httpd" version="2.0.63"/>
+<affects prod="httpd" version="2.0.61"/>
+<affects prod="httpd" version="2.0.59"/>
+<affects prod="httpd" version="2.0.58"/>
+<affects prod="httpd" version="2.0.55"/>
+<affects prod="httpd" version="2.0.54"/>
+<affects prod="httpd" version="2.0.53"/>
+<affects prod="httpd" version="2.0.52"/>
+<affects prod="httpd" version="2.0.51"/>
+<affects prod="httpd" version="2.0.50"/>
+<affects prod="httpd" version="2.0.49"/>
+<affects prod="httpd" version="2.0.48"/>
+<affects prod="httpd" version="2.0.47"/>
+<affects prod="httpd" version="2.0.46"/>
+<affects prod="httpd" version="2.0.45"/>
+<affects prod="httpd" version="2.0.44"/>
+<affects prod="httpd" version="2.0.43"/>
+<affects prod="httpd" version="2.0.42"/>
+<affects prod="httpd" version="2.0.40"/>
+<affects prod="httpd" version="2.0.39"/>
+<affects prod="httpd" version="2.0.37"/>
+<affects prod="httpd" version="2.0.36"/>
+<affects prod="httpd" version="2.0.35"/>
+</issue>
+
 <issue fixed="2.0.64-dev" reported="20091209" public="20091209" released="">
 <cve name="CVE-2010-0434"/>
 <severity level="4">low</severity>



Mime
View raw message