httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject svn commit: r1179834 - /httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
Date Thu, 06 Oct 2011 20:33:54 GMT
Author: wrowe
Date: Thu Oct  6 20:33:53 2011
New Revision: 1179834

Apparently, I had cloned mod_status 1.3 vuln in r1179781 without meaning to.


Modified: httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
--- httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml [utf-8] (original)
+++ httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml [utf-8] Thu Oct  6 20:33:53
@@ -1458,42 +1458,6 @@ Note that the server-status page is not 
 <affects prod="httpd" version="1.3.2"/>
-<issue fixed="1.3.41" public="20080102" reported="20071215" released="20080119">
-<cve name="CVE-2007-6388"/>
-<severity level="3">moderate</severity>      
-<title>mod_status XSS</title>
-A flaw was found in the mod_status module. On sites where mod_status is
-enabled and the status pages were publicly accessible, a cross-site
-scripting attack is possible.
-Note that the server-status page is not enabled by default and it is best practice to not
make this publicly available.</p></description>
-<affects prod="httpd" version="1.3.39"/>
-<affects prod="httpd" version="1.3.37"/>
-<affects prod="httpd" version="1.3.36"/>
-<affects prod="httpd" version="1.3.35"/>
-<affects prod="httpd" version="1.3.34"/>
-<affects prod="httpd" version="1.3.33"/>
-<affects prod="httpd" version="1.3.32"/>
-<affects prod="httpd" version="1.3.31"/>
-<affects prod="httpd" version="1.3.29"/>
-<affects prod="httpd" version="1.3.28"/>
-<affects prod="httpd" version="1.3.27"/>
-<affects prod="httpd" version="1.3.26"/>
-<affects prod="httpd" version="1.3.24"/>
-<affects prod="httpd" version="1.3.22"/>
-<affects prod="httpd" version="1.3.20"/>
-<affects prod="httpd" version="1.3.19"/>
-<affects prod="httpd" version="1.3.17"/>
-<affects prod="httpd" version="1.3.14"/>
-<affects prod="httpd" version="1.3.12"/>
-<affects prod="httpd" version="1.3.11"/>
-<affects prod="httpd" version="1.3.9"/>
-<affects prod="httpd" version="1.3.6"/>
-<affects prod="httpd" version="1.3.4"/>
-<affects prod="httpd" version="1.3.3"/>
-<affects prod="httpd" version="1.3.2"/>
 <issue fixed="2.2.8" public="20071211" reported="20071023" released="20080119">
 <cve name="CVE-2007-5000"/>
 <severity level="3">moderate</severity>      

View raw message