httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject svn commit: r1170475 - /httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
Date Wed, 14 Sep 2011 08:46:47 GMT
Author: mjc
Date: Wed Sep 14 08:46:47 2011
New Revision: 1170475

Tomas Hoger pointed out that prior to patch 
revision=734703 there was no real effect or security


Modified: httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
--- httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml [utf-8] (original)
+++ httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml [utf-8] Wed Sep 14 08:46:47
@@ -7,8 +7,9 @@
 A flaw was found when mod_proxy_ajp is used together with
 mod_proxy_balancer.  Given a specific configuration, a remote attacker
-could use unrecognized HTTP methods to mark ajp: balancer members in
-an error state.  This could be used in a denial of service attack.</p>
+could send certain malformed HTTP requests, putting a backend server
+into an error state until the retry timeout expired.
+This could lead to a temporary denial of service.</p>
 <affects prod="httpd" version="2.2.20"/>
 <affects prod="httpd" version="2.2.19"/>
@@ -19,16 +20,6 @@ an error state.  This could be used in a
 <affects prod="httpd" version="2.2.14"/>
 <affects prod="httpd" version="2.2.13"/>
 <affects prod="httpd" version="2.2.12"/>
-<affects prod="httpd" version="2.2.11"/>
-<affects prod="httpd" version="2.2.10"/>
-<affects prod="httpd" version="2.2.9"/>
-<affects prod="httpd" version="2.2.8"/>
-<affects prod="httpd" version="2.2.6"/>
-<affects prod="httpd" version="2.2.5"/>
-<affects prod="httpd" version="2.2.4"/>
-<affects prod="httpd" version="2.2.3"/>
-<affects prod="httpd" version="2.2.2"/>
-<affects prod="httpd" version="2.2.0"/>
 <issue fixed="2.2.20" reported="20110820" public="20110820" released="20110830">

View raw message