Return-Path:
Delivered-To: apmail-httpd-cvs-archive@www.apache.org
Received: (qmail 16835 invoked from network); 20 Oct 2010 12:11:25 -0000
Received: from unknown (HELO mail.apache.org) (140.211.11.3)
by 140.211.11.9 with SMTP; 20 Oct 2010 12:11:25 -0000
Received: (qmail 13245 invoked by uid 500); 20 Oct 2010 12:11:25 -0000
Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org
Received: (qmail 13134 invoked by uid 500); 20 Oct 2010 12:11:24 -0000
Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help:
list-unsubscribe:
List-Post:
List-Id:
Delivered-To: mailing list cvs@httpd.apache.org
Received: (qmail 13124 invoked by uid 99); 20 Oct 2010 12:11:24 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 20 Oct 2010 12:11:24 +0000
X-ASF-Spam-Status: No, hits=-2000.0 required=10.0
tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4)
by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 20 Oct 2010 12:11:20 +0000
Received: by eris.apache.org (Postfix, from userid 65534)
id A31F623888DD; Wed, 20 Oct 2010 12:10:22 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Subject: svn commit: r1025526 - in /httpd/site/trunk/docs/security:
vulnerabilities-oval.xml vulnerabilities_20.html vulnerabilities_22.html
Date: Wed, 20 Oct 2010 12:10:22 -0000
To: cvs@httpd.apache.org
From: mjc@apache.org
X-Mailer: svnmailer-1.0.8
Message-Id: <20101020121022.A31F623888DD@eris.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org
Author: mjc
Date: Wed Oct 20 12:10:22 2010
New Revision: 1025526
URL: http://svn.apache.org/viewvc?rev=1025526&view=rev
Log:
Make pages with updates
Modified:
httpd/site/trunk/docs/security/vulnerabilities-oval.xml
httpd/site/trunk/docs/security/vulnerabilities_20.html
httpd/site/trunk/docs/security/vulnerabilities_22.html
Modified: httpd/site/trunk/docs/security/vulnerabilities-oval.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/docs/security/vulnerabilities-oval.xml?rev=1025526&r1=1025525&r2=1025526&view=diff
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities-oval.xml (original)
+++ httpd/site/trunk/docs/security/vulnerabilities-oval.xml Wed Oct 20 12:10:22 2010
@@ -5,6 +5,194 @@
2005-10-12T18:13:45
+
+
+expat DoS
+
+
+A buffer over-read flaw was found in the bundled expat
+library. An attacker who is able to get Apache to parse
+an untrused XML document (for example through mod_dav) may
+be able to cause a crash. This crash would only
+be a denial of service if using the worker MPM.
+
+
+20090117
+20090821
+20101019
+low
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+expat DoS
+
+
+A buffer over-read flaw was found in the bundled expat
+library. An attacker who is able to get Apache to parse
+an untrused XML document (for example through mod_dav) may
+be able to cause a crash. This crash would only
+be a denial of service if using the worker MPM.
+
+
+20091202
+
+20101019
+low
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+apr_bridage_split_line DoS
+
+
+A flaw was found in the apr_brigade_split_line() function of the bundled
+APR-util library, used to process non-SSL requests. A remote attacker
+could send carefully crafted requests which would slowly consume
+memory, potentially leading to a denial of service.
+
+
+20101001
+20100303
+20101019
+low
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+mod_cache and mod_dav DoS
@@ -3715,6 +3903,10 @@ a constant rate, since the attacker has
+
+
+
+
@@ -3992,6 +4184,9 @@ a constant rate, since the attacker has
+
+2.2.16
+2.2.15
Modified: httpd/site/trunk/docs/security/vulnerabilities_20.html
URL: http://svn.apache.org/viewvc/httpd/site/trunk/docs/security/vulnerabilities_20.html?rev=1025526&r1=1025525&r2=1025526&view=diff
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities_20.html [utf-8] (original)
+++ httpd/site/trunk/docs/security/vulnerabilities_20.html [utf-8] Wed Oct 20 12:10:22 2010
@@ -129,6 +129,68 @@ proposing a patch fix for this issue.
+A buffer over-read flaw was found in the bundled expat
+library. An attacker who is able to get Apache to parse
+an untrused XML document (for example through mod_dav) may
+be able to cause a crash. This crash would only
+be a denial of service if using the worker MPM.
+
+A buffer over-read flaw was found in the bundled expat
+library. An attacker who is able to get Apache to parse
+an untrused XML document (for example through mod_dav) may
+be able to cause a crash. This crash would only
+be a denial of service if using the worker MPM.
+
+low:
+
+apr_bridage_split_line DoS
+
+CVE-2010-1623
+
+A flaw was found in the apr_brigade_split_line() function of the bundled
+APR-util library, used to process non-SSL requests. A remote attacker
+could send carefully crafted requests which would slowly consume
+memory, potentially leading to a denial of service.
+
+A buffer over-read flaw was found in the bundled expat
+library. An attacker who is able to get Apache to parse
+an untrused XML document (for example through mod_dav) may
+be able to cause a crash. This crash would only
+be a denial of service if using the worker MPM.
+
+A buffer over-read flaw was found in the bundled expat
+library. An attacker who is able to get Apache to parse
+an untrused XML document (for example through mod_dav) may
+be able to cause a crash. This crash would only
+be a denial of service if using the worker MPM.
+
+low:
+
+apr_bridage_split_line DoS
+
+CVE-2010-1623
+
+A flaw was found in the apr_brigade_split_line() function of the bundled
+APR-util library, used to process non-SSL requests. A remote attacker
+could send carefully crafted requests which would slowly consume
+memory, potentially leading to a denial of service.
+