httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From m..@apache.org
Subject svn commit: r1236262 - in /httpd/site/trunk: docs/security/vulnerabilities_22.html xdocs/security/vulnerabilities-httpd.xml
Date Thu, 26 Jan 2012 16:10:55 GMT
Author: mjc
Date: Thu Jan 26 16:10:55 2012
New Revision: 1236262

URL: http://svn.apache.org/viewvc?rev=1236262&view=rev
Log:
Update pages with latest -dev security commits

Modified:
    httpd/site/trunk/docs/security/vulnerabilities_22.html
    httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml

Modified: httpd/site/trunk/docs/security/vulnerabilities_22.html
URL: http://svn.apache.org/viewvc/httpd/site/trunk/docs/security/vulnerabilities_22.html?rev=1236262&r1=1236261&r2=1236262&view=diff
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities_22.html [utf-8] (original)
+++ httpd/site/trunk/docs/security/vulnerabilities_22.html [utf-8] Thu Jan 26 16:10:55 2012
@@ -103,6 +103,129 @@ Fixed in Apache httpd 2.2.22-dev</strong
   <blockquote>
 <dl>
 <dd>
+<b>low: </b>
+<b>
+<name name="CVE-2011-3607">low: mod_setenvif .htacess privilege escalation</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3607">CVE-2011-3607</a>
+<p>
+An integer overflow flaw was found which, when the mod_setenvif module
+is enabled, could allow local users to gain privileges via a .htaccess
+file.
+</p>
+</dd>
+<dd>
+<p>Acknowledgements: 
+This issue was reported by halfdog
+</p>
+</dd>
+<dd>
+  Reported to security team: 4th October 2011<br />
+  Issue public: 2nd November 2011<br />
+</dd>
+<dd>
+      Affected: 
+    2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11,
2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2012-0021">low: mod_log_config crash</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0021">CVE-2012-0021</a>
+<p>
+A flaw was found in mod_log_config.  If the '%{cookiename}C' log format string
+is in use, a remote attacker could send a specific cookie causing a crash.
+This crash would only be a denial of service if using a threaded MPM.
+</p>
+</dd>
+<dd>
+  Reported to security team: 30th December 2011<br />
+  Issue public: 28th November 2011<br />
+</dd>
+<dd>
+      Affected: 
+    2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17<p />
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2012-0031">low: scoreboard parent DoS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0031">CVE-2012-0031</a>
+<p>
+A flaw was found in the handling of the scoreboard.  An 
+unprivileged child process could cause the parent process to crash at 
+shutdown rather than terminate cleanly. 
+</p>
+</dd>
+<dd>
+<p>Acknowledgements: 
+This issue was reported by halfdog
+</p>
+</dd>
+<dd>
+  Reported to security team: 30th December 2011<br />
+  Issue public: 11th January 2012<br />
+</dd>
+<dd>
+      Affected: 
+    2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11,
2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2011-4317">moderate: mod_proxy reverse proxy exposure </name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317">CVE-2011-4317</a>
+<p>
+An additional exposure was found when using mod_proxy in reverse proxy
+mode. In certain configurations using RewriteRule with proxy flag or
+ProxyPassMatch, a remote attacker could cause the reverse proxy to
+connect to an arbitrary server, possibly disclosing sensitive
+information from internal web servers not directly accessible to
+attacker.
+</p>
+</dd>
+<dd>
+<p>Acknowledgements: 
+This issue was reported by Prutha Parikh of Qualys
+</p>
+</dd>
+<dd>
+  Reported to security team: 20th October 2011<br />
+  Issue public: 22nd January 2012<br />
+</dd>
+<dd>
+      Affected: 
+    2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11,
2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2012-0053">moderate: error responses can expose cookies</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0053">CVE-2012-0053</a>
+<p>
+A flaw was found in the default error response for status code 400.  This flaw could
+be used by an attacker to expose "httpOnly" cookies
+when no custom ErrorDocument is specified.
+</p>
+</dd>
+<dd>
+<p>Acknowledgements: 
+This issue was reported by Norman Hippert
+</p>
+</dd>
+<dd>
+  Reported to security team: 15th January 2012<br />
+  Issue public: 23rd January 2012<br />
+</dd>
+<dd>
+      Affected: 
+    2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11,
2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
+</dd>
+<dd>
 <b>moderate: </b>
 <b>
 <name name="CVE-2011-3368">mod_proxy reverse proxy exposure</name>

Modified: httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml?rev=1236262&r1=1236261&r2=1236262&view=diff
==============================================================================
--- httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml [utf-8] (original)
+++ httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml [utf-8] Thu Jan 26 16:10:55
2012
@@ -1,4 +1,164 @@
-<security updated="20111006">
+<security updated="20120126">
+
+<issue fixed="2.2.22-dev" reported="20111004" public="20111102" released="">
+<cve name="CVE-2011-3607"/>
+<severity level="4">low</severity>
+<title>low: mod_setenvif .htacess privilege escalation</title>
+<description><p>
+An integer overflow flaw was found which, when the mod_setenvif module
+is enabled, could allow local users to gain privileges via a .htaccess
+file.
+</p>
+</description>
+<acknowledgements>
+This issue was reported by halfdog
+</acknowledgements>
+<affects prod="httpd" version="2.2.21"/>
+<affects prod="httpd" version="2.2.20"/>
+<affects prod="httpd" version="2.2.19"/>
+<affects prod="httpd" version="2.2.18"/>
+<affects prod="httpd" version="2.2.17"/>
+<affects prod="httpd" version="2.2.16"/>
+<affects prod="httpd" version="2.2.15"/>
+<affects prod="httpd" version="2.2.14"/>
+<affects prod="httpd" version="2.2.13"/>
+<affects prod="httpd" version="2.2.12"/>
+<affects prod="httpd" version="2.2.11"/>
+<affects prod="httpd" version="2.2.10"/>
+<affects prod="httpd" version="2.2.9"/>
+<affects prod="httpd" version="2.2.8"/>
+<affects prod="httpd" version="2.2.6"/>
+<affects prod="httpd" version="2.2.5"/>
+<affects prod="httpd" version="2.2.4"/>
+<affects prod="httpd" version="2.2.3"/>
+<affects prod="httpd" version="2.2.2"/>
+<affects prod="httpd" version="2.2.0"/>
+</issue>
+
+<issue fixed="2.2.22-dev" reported="20111020" public="20120122" released="">
+<cve name="CVE-2011-4317"/>
+<severity level="3">moderate</severity>
+<title>moderate: mod_proxy reverse proxy exposure </title>
+<description><p>
+An additional exposure was found when using mod_proxy in reverse proxy
+mode. In certain configurations using RewriteRule with proxy flag or
+ProxyPassMatch, a remote attacker could cause the reverse proxy to
+connect to an arbitrary server, possibly disclosing sensitive
+information from internal web servers not directly accessible to
+attacker.
+</p>
+</description>
+<acknowledgements>
+This issue was reported by Prutha Parikh of Qualys
+</acknowledgements>
+<affects prod="httpd" version="2.2.21"/>
+<affects prod="httpd" version="2.2.20"/>
+<affects prod="httpd" version="2.2.19"/>
+<affects prod="httpd" version="2.2.18"/>
+<affects prod="httpd" version="2.2.17"/>
+<affects prod="httpd" version="2.2.16"/>
+<affects prod="httpd" version="2.2.15"/>
+<affects prod="httpd" version="2.2.14"/>
+<affects prod="httpd" version="2.2.13"/>
+<affects prod="httpd" version="2.2.12"/>
+<affects prod="httpd" version="2.2.11"/>
+<affects prod="httpd" version="2.2.10"/>
+<affects prod="httpd" version="2.2.9"/>
+<affects prod="httpd" version="2.2.8"/>
+<affects prod="httpd" version="2.2.6"/>
+<affects prod="httpd" version="2.2.5"/>
+<affects prod="httpd" version="2.2.4"/>
+<affects prod="httpd" version="2.2.3"/>
+<affects prod="httpd" version="2.2.2"/>
+<affects prod="httpd" version="2.2.0"/>
+</issue>
+
+<issue fixed="2.2.22-dev" reported="20111230" public="20111128" released="">
+<cve name="CVE-2012-0021"/>
+<severity level="4">low</severity>
+<title>low: mod_log_config crash</title>
+<description><p>
+A flaw was found in mod_log_config.  If the '%{cookiename}C' log format string
+is in use, a remote attacker could send a specific cookie causing a crash.
+This crash would only be a denial of service if using a threaded MPM.
+</p>
+</description>
+<affects prod="httpd" version="2.2.21"/>
+<affects prod="httpd" version="2.2.20"/>
+<affects prod="httpd" version="2.2.19"/>
+<affects prod="httpd" version="2.2.18"/>
+<affects prod="httpd" version="2.2.17"/>
+</issue>
+
+<issue fixed="2.2.22-dev" reported="20111230" public="20120111" released="">
+<cve name="CVE-2012-0031"/>
+<severity level="4">low</severity>
+<title>low: scoreboard parent DoS</title>
+<description><p>
+A flaw was found in the handling of the scoreboard.  An 
+unprivileged child process could cause the parent process to crash at 
+shutdown rather than terminate cleanly. 
+</p>
+</description>
+<acknowledgements>
+This issue was reported by halfdog
+</acknowledgements>
+<affects prod="httpd" version="2.2.21"/>
+<affects prod="httpd" version="2.2.20"/>
+<affects prod="httpd" version="2.2.19"/>
+<affects prod="httpd" version="2.2.18"/>
+<affects prod="httpd" version="2.2.17"/>
+<affects prod="httpd" version="2.2.16"/>
+<affects prod="httpd" version="2.2.15"/>
+<affects prod="httpd" version="2.2.14"/>
+<affects prod="httpd" version="2.2.13"/>
+<affects prod="httpd" version="2.2.12"/>
+<affects prod="httpd" version="2.2.11"/>
+<affects prod="httpd" version="2.2.10"/>
+<affects prod="httpd" version="2.2.9"/>
+<affects prod="httpd" version="2.2.8"/>
+<affects prod="httpd" version="2.2.6"/>
+<affects prod="httpd" version="2.2.5"/>
+<affects prod="httpd" version="2.2.4"/>
+<affects prod="httpd" version="2.2.3"/>
+<affects prod="httpd" version="2.2.2"/>
+<affects prod="httpd" version="2.2.0"/>
+</issue>
+
+<issue fixed="2.2.22-dev" reported="20120115" public="20120123" released="">
+<cve name="CVE-2012-0053"/>
+<severity level="3">moderate</severity>
+<title>moderate: error responses can expose cookies</title>
+<description><p>
+A flaw was found in the default error response for status code 400.  This flaw could
+be used by an attacker to expose "httpOnly" cookies
+when no custom ErrorDocument is specified.
+</p>
+</description>
+<acknowledgements>
+This issue was reported by Norman Hippert
+</acknowledgements>
+<affects prod="httpd" version="2.2.21"/>
+<affects prod="httpd" version="2.2.20"/>
+<affects prod="httpd" version="2.2.19"/>
+<affects prod="httpd" version="2.2.18"/>
+<affects prod="httpd" version="2.2.17"/>
+<affects prod="httpd" version="2.2.16"/>
+<affects prod="httpd" version="2.2.15"/>
+<affects prod="httpd" version="2.2.14"/>
+<affects prod="httpd" version="2.2.13"/>
+<affects prod="httpd" version="2.2.12"/>
+<affects prod="httpd" version="2.2.11"/>
+<affects prod="httpd" version="2.2.10"/>
+<affects prod="httpd" version="2.2.9"/>
+<affects prod="httpd" version="2.2.8"/>
+<affects prod="httpd" version="2.2.6"/>
+<affects prod="httpd" version="2.2.5"/>
+<affects prod="httpd" version="2.2.4"/>
+<affects prod="httpd" version="2.2.3"/>
+<affects prod="httpd" version="2.2.2"/>
+<affects prod="httpd" version="2.2.0"/>
+</issue>
 
 <issue fixed="2.2.22-dev" reported="20110916" public="20111005" released="">
 <cve name="CVE-2011-3368"/>



Mime
View raw message