httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r816081 - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities_24.html security/vulnerabilities_24.xml
Date Sun, 06 May 2012 17:09:31 GMT
Author: buildbot
Date: Sun May  6 17:09:31 2012
New Revision: 816081

Log:
Staging update by buildbot for httpd

Added:
    websites/staging/httpd/trunk/content/security/vulnerabilities_24.html
Removed:
    websites/staging/httpd/trunk/content/security/vulnerabilities_24.xml
Modified:
    websites/staging/httpd/trunk/content/   (props changed)

Propchange: websites/staging/httpd/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Sun May  6 17:09:31 2012
@@ -1 +1 @@
-1334699
+1334700

Added: websites/staging/httpd/trunk/content/security/vulnerabilities_24.html
==============================================================================
--- websites/staging/httpd/trunk/content/security/vulnerabilities_24.html (added)
+++ websites/staging/httpd/trunk/content/security/vulnerabilities_24.html Sun May  6 17:09:31
2012
@@ -0,0 +1,122 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+               "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+    <head>
+        <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
+        <link href="/css/apsite.css" rel="stylesheet" media="all" type="text/css" title="Main
stylesheet" />
+        <meta name="author" content="Documentation Group" /><meta name="email" content="docs@httpd.apache.org"
/>
+        <title>Apache httpd 2.4 vulnerabilities - The Apache HTTP Server Project</title>
+    </head>
+    <body>
+        
+        <div id="page-header">
+            <p class="menu">&nbsp;</p>
+            <p class="apache">&nbsp;</p>
+            <a href="/">
+            <img alt="" width="800" height="72" src="/images/httpd_logo_wide_new.png"
border="0" />
+            </a>
+        </div>
+        
+
+        <!-- LEFT SIDE NAVIGATION -->
+        <div id="apmenu">
+            
+            <h1 id="essentials">Essentials</h1>
+<ul>
+<li><a href="/ABOUT_APACHE.html">About</a></li>
+<li><a href="http://www.apache.org/licenses/">License</a></li>
+<li><a href="http://wiki.apache.org/httpd/FAQ">FAQ</a></li>
+<li><a href="/security_report.html">Security Reports</a></li>
+</ul>
+<h1 id="download">Download!</h1>
+<ul>
+<li><a href="/download.cgi">From a Mirror</a></li>
+</ul>
+<h1 id="documentation"><a href="/docs/">Documentation</a></h1>
+<ul>
+<li><a href="/docs/2.4/">Version 2.4</a></li>
+<li><a href="/docs/2.2/">Version 2.2</a></li>
+<li><a href="/docs/2.0/">Version 2.0</a></li>
+<li><a href="/docs/trunk/">Trunk (dev)</a></li>
+</ul>
+<h1 id="get-support">Get Support</h1>
+<ul>
+<li><a href="/support.html">Support</a></li>
+</ul>
+<h1 id="get-involved">Get Involved</h1>
+<ul>
+<li><a href="/lists.html">Mailing Lists</a></li>
+<li><a href="/bug_report.html">Bug Reports</a></li>
+<li><a href="/dev/">Developer Info</a></li>
+</ul>
+<h1 id="subprojects">Subprojects</h1>
+<ul>
+<li><a href="/docs-project/">Docs</a></li>
+<li><a href="/test/">Test</a></li>
+<li><a href="/test/flood/">Flood</a></li>
+<li><a href="/apreq/">libapreq</a></li>
+<li><a href="/modules">Modules</a></li>
+<li><a href="/mod_fcgid/">mod_fcgid</a></li>
+<li><a href="/mod_ftp/">mod_ftp</a></li>
+</ul>
+<h1 id="miscellaneous"><a href="/info/">Miscellaneous</a></h1>
+<ul>
+<li><a href="/contributors/">Contributors</a></li>
+<li><a href="http://www.apache.org/foundation/thanks.html">Sponsors</a></li>
+<li><a href="http://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li>
+</ul>
+            
+        </div>
+
+
+        <!-- RIGHT SIDE INFORMATION -->
+        <div id="apcontents">
+            
+            <h1 id="top">Apache httpd 2.4 vulnerabilities</h1>
+<p>This page lists all security vulnerabilities fixed in released versions of
+Apache httpd 2.4. Each vulnerability is given a security <a href="/security/impact_levels.html">impact
+rating</a> by the Apache security team - please
+note that this rating may well vary from platform to platform. We also list
+the versions of Apache httpd the flaw is known to affect, and where a flaw
+has not been verified list the version with a question mark.</p>
+<p>Please note that if a vulnerability is shown below as being fixed in a
+"-dev" release then this means that a fix has been applied to the
+development source tree and will be part of an upcoming full release.</p>
+<p>This page is created from a database of vulnerabilities originally
+populated by Apache Week. Please send comments or corrections for these
+vulnerabilities to the <a href="/security_report.html">Security Team</a>.</p>
+<p><em>The initial GA release, Apache httpd 2.4.1, includes fixes for all
+vulnerabilities which have been resolved in Apache httpd 2.2.22 and all
+older releases. Consult the <a href="vulnerabilities_22.html">Apache httpd 2.2 vulnerabilities
+list</a> for more information.</em> </p>
+<h1 id="2.4.2">Fixed in Apache httpd 2.4.2</h1>
+<dl>
+<dd><strong>low:</strong>  <strong><name name="CVE-2012-0883">insecure
LD_LIBRARY_PATH
+  handling</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0883">CVE-2012-0883</a>
</dd>
+<dt>Insecure handling of LD_LIBRARY_PATH was found that could lead to the</dt>
+<dt>current working directory to be searched for DSOs. This could allow a local</dt>
+<dt>user to execute code as root if an administrator runs apachectl from an</dt>
+<dt>untrusted directory.</dt>
+<dd>
+<p>Reported to security team: 14th February 2012<br></br>Issue public:
+ 2nd March 2012<br></br>Update released: 17th April 2012<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.4.1</p>
+</dd>
+</dl>
+            
+
+            <!-- FOOTER -->
+            <div id="footer">
+                <p class="apache">
+                    
+                    <p>Copyright &copy; 2012 The Apache Software Foundation
+Apache HTTP Server, Apache, and the Apache feather logo are trademarks of The Apache Software
Foundation.</p>
+                    
+                </p>
+            </div>
+        </div>
+    </body>
+    </html>



Mime
View raw message