httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From m..@apache.org
Subject svn commit: r1025525 - /httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
Date Wed, 20 Oct 2010 12:09:28 GMT
Author: mjc
Date: Wed Oct 20 12:09:28 2010
New Revision: 1025525

URL: http://svn.apache.org/viewvc?rev=1025525&view=rev
Log:
Add expat issues

Modified:
    httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml

Modified: httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml?rev=1025525&r1=1025524&r2=1025525&view=diff
==============================================================================
--- httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml [utf-8] (original)
+++ httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml [utf-8] Wed Oct 20 12:09:28
2010
@@ -1,5 +1,137 @@
 <security updated="20101020">
 
+<issue fixed="2.2.17" reported="20090821" public="20090117" released="20101019">
+<cve name="CVE-2009-3720"/>
+<severity level="4">low</severity>
+<title>expat DoS</title>
+<description><p>
+A buffer over-read flaw was found in the bundled expat
+library.  An attacker who is able to get Apache to parse
+an untrused XML document (for example through mod_dav) may
+be able to cause a crash.  This crash would only                                        
                                                                         
+be a denial of service if using the worker MPM.
+</p>
+</description>
+<affects prod="httpd" version="2.2.16"/>
+<affects prod="httpd" version="2.2.15"/>
+<affects prod="httpd" version="2.2.14"/>
+<affects prod="httpd" version="2.2.13"/>
+<affects prod="httpd" version="2.2.12"/>
+<affects prod="httpd" version="2.2.11"/>
+<affects prod="httpd" version="2.2.10"/>
+<affects prod="httpd" version="2.2.9"/>
+<affects prod="httpd" version="2.2.8"/>
+<affects prod="httpd" version="2.2.6"/>
+<affects prod="httpd" version="2.2.5"/>
+<affects prod="httpd" version="2.2.4"/>
+<affects prod="httpd" version="2.2.3"/>
+<affects prod="httpd" version="2.2.2"/>
+<affects prod="httpd" version="2.2.0"/>
+</issue>
+
+<issue fixed="2.0.64" reported="20090821" public="20090117" released="20101019">
+<cve name="CVE-2009-3720"/>
+<severity level="4">low</severity>
+<title>expat DoS</title>
+<description><p>
+A buffer over-read flaw was found in the bundled expat
+library.  An attacker who is able to get Apache to parse
+an untrused XML document (for example through mod_dav) may
+be able to cause a crash.  This crash would only                                        
                                                                         
+be a denial of service if using the worker MPM.
+</p>
+</description>
+<affects prod="httpd" version="2.0.63"/>
+<affects prod="httpd" version="2.0.61"/>
+<affects prod="httpd" version="2.0.59"/>
+<affects prod="httpd" version="2.0.58"/>
+<affects prod="httpd" version="2.0.55"/>
+<affects prod="httpd" version="2.0.54"/>
+<affects prod="httpd" version="2.0.53"/>
+<affects prod="httpd" version="2.0.52"/>
+<affects prod="httpd" version="2.0.51"/>
+<affects prod="httpd" version="2.0.50"/>
+<affects prod="httpd" version="2.0.49"/>
+<affects prod="httpd" version="2.0.48"/>
+<affects prod="httpd" version="2.0.47"/>
+<affects prod="httpd" version="2.0.46"/>
+<affects prod="httpd" version="2.0.45"/>
+<affects prod="httpd" version="2.0.44"/>
+<affects prod="httpd" version="2.0.43"/>
+<affects prod="httpd" version="2.0.42"/>
+<affects prod="httpd" version="2.0.40"/>
+<affects prod="httpd" version="2.0.39"/>
+<affects prod="httpd" version="2.0.37"/>
+<affects prod="httpd" version="2.0.36"/>
+<affects prod="httpd" version="2.0.35"/>
+</issue>
+
+<issue fixed="2.2.17" public="20091202" released="20101019">
+<cve name="CVE-2009-3560"/>
+<severity level="4">low</severity>
+<title>expat DoS</title>
+<description><p>
+A buffer over-read flaw was found in the bundled expat
+library.  An attacker who is able to get Apache to parse
+an untrused XML document (for example through mod_dav) may
+be able to cause a crash.  This crash would only                                        
                                                                         
+be a denial of service if using the worker MPM.
+</p>
+</description>
+<affects prod="httpd" version="2.2.16"/>
+<affects prod="httpd" version="2.2.15"/>
+<affects prod="httpd" version="2.2.14"/>
+<affects prod="httpd" version="2.2.13"/>
+<affects prod="httpd" version="2.2.12"/>
+<affects prod="httpd" version="2.2.11"/>
+<affects prod="httpd" version="2.2.10"/>
+<affects prod="httpd" version="2.2.9"/>
+<affects prod="httpd" version="2.2.8"/>
+<affects prod="httpd" version="2.2.6"/>
+<affects prod="httpd" version="2.2.5"/>
+<affects prod="httpd" version="2.2.4"/>
+<affects prod="httpd" version="2.2.3"/>
+<affects prod="httpd" version="2.2.2"/>
+<affects prod="httpd" version="2.2.0"/>
+</issue>
+
+<issue fixed="2.0.64" public="20091202" released="20101019">
+<cve name="CVE-2009-3560"/>
+<severity level="4">low</severity>
+<title>expat DoS</title>
+<description><p>
+A buffer over-read flaw was found in the bundled expat
+library.  An attacker who is able to get Apache to parse
+an untrused XML document (for example through mod_dav) may
+be able to cause a crash.  This crash would only                                        
                                                                         
+be a denial of service if using the worker MPM.
+</p>
+</description>
+<affects prod="httpd" version="2.0.63"/>
+<affects prod="httpd" version="2.0.61"/>
+<affects prod="httpd" version="2.0.59"/>
+<affects prod="httpd" version="2.0.58"/>
+<affects prod="httpd" version="2.0.55"/>
+<affects prod="httpd" version="2.0.54"/>
+<affects prod="httpd" version="2.0.53"/>
+<affects prod="httpd" version="2.0.52"/>
+<affects prod="httpd" version="2.0.51"/>
+<affects prod="httpd" version="2.0.50"/>
+<affects prod="httpd" version="2.0.49"/>
+<affects prod="httpd" version="2.0.48"/>
+<affects prod="httpd" version="2.0.47"/>
+<affects prod="httpd" version="2.0.46"/>
+<affects prod="httpd" version="2.0.45"/>
+<affects prod="httpd" version="2.0.44"/>
+<affects prod="httpd" version="2.0.43"/>
+<affects prod="httpd" version="2.0.42"/>
+<affects prod="httpd" version="2.0.40"/>
+<affects prod="httpd" version="2.0.39"/>
+<affects prod="httpd" version="2.0.37"/>
+<affects prod="httpd" version="2.0.36"/>
+<affects prod="httpd" version="2.0.35"/>
+</issue>
+
 <issue fixed="2.2.17" reported="20100303" public="20101001" released="20101019">
 <cve name="CVE-2010-1623"/>
 <severity level="4">low</severity>



Mime
View raw message