httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From humbed...@apache.org
Subject svn commit: r1334714 - /httpd/site/trunk/content/security/vulnerabilities_22.mdtext
Date Sun, 06 May 2012 17:44:41 GMT
Author: humbedooh
Date: Sun May  6 17:44:41 2012
New Revision: 1334714

URL: http://svn.apache.org/viewvc?rev=1334714&view=rev
Log:
utf8 conversion

Modified:
    httpd/site/trunk/content/security/vulnerabilities_22.mdtext

Modified: httpd/site/trunk/content/security/vulnerabilities_22.mdtext
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/security/vulnerabilities_22.mdtext?rev=1334714&r1=1334713&r2=1334714&view=diff
==============================================================================
--- httpd/site/trunk/content/security/vulnerabilities_22.mdtext (original)
+++ httpd/site/trunk/content/security/vulnerabilities_22.mdtext Sun May  6 17:44:41 2012
@@ -1,4 +1,4 @@
-Title: Apache httpd 2.2 vulnerabilities
+Title: Apache httpd 2.2 vulnerabilities
 Notice:    Licensed to the Apache Software Foundation (ASF) under one
            or more contributor license agreements.  See the NOTICE file
            distributed with this work for additional information
@@ -43,9 +43,9 @@ enabled, could allow local users to gain
 
 Acknowledgements: This issue was reported by halfdog
 
-:    Reported to security team: 4th October 2011<br></br>Issue public:
-     2nd November 2011<br></br>Update released:
-     31st January 2012<br></br>
+:    Reported to security team: 4th October 2011<br></br>Issue public:
+     2nd November 2011<br></br>Update released:
+     31st January 2012<br></br>
 :    Affected: 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15,
      2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5,
      2.2.4, 2.2.3, 2.2.2, 2.2.0
@@ -57,9 +57,9 @@ string is in use, a remote attacker coul
 crash. This crash would only be a denial of service if using a threaded
 MPM.
 
-:    Reported to security team: 30th December 2011<br></br>Issue public:
-     28th November 2011<br></br>Update released:
-     31st January 2012<br></br>
+:    Reported to security team: 30th December 2011<br></br>Issue public:
+     28th November 2011<br></br>Update released:
+     31st January 2012<br></br>
 :    Affected: 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17
 
 :     **low:**	**<name name="CVE-2012-0031">scoreboard parent DoS</name>**
@@ -71,9 +71,9 @@ terminate cleanly.
 
 Acknowledgements: This issue was reported by halfdog
 
-:    Reported to security team: 30th December 2011<br></br>Issue public:
-     11th January 2012<br></br>Update released:
-     31st January 2012<br></br>
+:    Reported to security team: 30th December 2011<br></br>Issue public:
+     11th January 2012<br></br>Update released:
+     31st January 2012<br></br>
 :    Affected: 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15,
      2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5,
      2.2.4, 2.2.3, 2.2.2, 2.2.0
@@ -89,9 +89,9 @@ internal web servers not directly access
 
 Acknowledgements: This issue was reported by Prutha Parikh of Qualys
 
-:    Reported to security team: 20th October 2011<br></br>Issue public:
-     22nd January 2012<br></br>Update released:
-     31st January 2012<br></br>
+:    Reported to security team: 20th October 2011<br></br>Issue public:
+     22nd January 2012<br></br>Update released:
+     31st January 2012<br></br>
 :    Affected: 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15,
      2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5,
      2.2.4, 2.2.3, 2.2.2, 2.2.0
@@ -105,9 +105,9 @@ custom ErrorDocument is specified.
 
 Acknowledgements: This issue was reported by Norman Hippert
 
-:    Reported to security team: 15th January 2012<br></br>Issue public:
-     23rd January 2012<br></br>Update released:
-     31st January 2012<br></br>
+:    Reported to security team: 15th January 2012<br></br>Issue public:
+     23rd January 2012<br></br>Update released:
+     31st January 2012<br></br>
 :    Affected: 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15,
      2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5,
      2.2.4, 2.2.3, 2.2.2, 2.2.0
@@ -124,9 +124,9 @@ not directly accessible to attacker.
 Acknowledgements: This issue was reported by Context Information Security
 Ltd
 
-:    Reported to security team: 16th September 2011<br></br>Issue public:
-     5th October 2011<br></br>Update released:
-     31st January 2012<br></br>
+:    Reported to security team: 16th September 2011<br></br>Issue public:
+     5th October 2011<br></br>Update released:
+     31st January 2012<br></br>
 :    Affected: 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15,
      2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5,
      2.2.4, 2.2.3, 2.2.2, 2.2.0
@@ -142,9 +142,9 @@ send certain malformed HTTP requests, pu
 error state until the retry timeout expired. This could lead to a temporary
 denial of service.
 
-:    Reported to security team: 7th September 2011<br></br>Issue public:
-     14th September 2011<br></br>Update released:
-     14th September 2011<br></br>
+:    Reported to security team: 7th September 2011<br></br>Issue public:
+     14th September 2011<br></br>Update released:
+     14th September 2011<br></br>
 :    Affected: 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14,
      2.2.13, 2.2.12
 
@@ -161,8 +161,8 @@ attack.
 
 Advisory: [CVE-2011-3192.txt](CVE-2011-3192.txt) 
 
-:    Issue public: 20th August 2011<br></br>Update released:
-     30th August 2011<br></br>
+:    Issue public: 20th August 2011<br></br>Update released:
+     30th August 2011<br></br>
 :    Affected: 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13,
      2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3,
      2.2.2, 2.2.0
@@ -186,8 +186,8 @@ Resolution: Update APR to release 1.4.5 
 
 Acknowledgements: This issue was reported by Maksymilian Arciemowicz
 
-:    Reported to security team: 2nd March 2011<br></br>Issue public:
-     10th May 2011<br></br>Update released: 21st May 2011<br></br>
+:    Reported to security team: 2nd March 2011<br></br>Issue public:
+     10th May 2011<br></br>Update released: 21st May 2011<br></br>
 :    Affected: 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12,
      2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0
 
@@ -200,9 +200,9 @@ who is able to get Apache to parse an un
 through mod_dav) may be able to cause a crash. This crash would only be a
 denial of service if using the worker MPM.
 
-:    Reported to security team: 21st August 2009<br></br>Issue public:
-     17th January 2009<br></br>Update released:
-     19th October 2010<br></br>
+:    Reported to security team: 21st August 2009<br></br>Issue public:
+     17th January 2009<br></br>Update released:
+     19th October 2010<br></br>
 :    Affected: 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10,
      2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0
 
@@ -213,8 +213,8 @@ who is able to get Apache to parse an un
 through mod_dav) may be able to cause a crash. This crash would only be a
 denial of service if using the worker MPM.
 
-:    Issue public: 2nd December 2009<br></br>Update released:
-     19th October 2010<br></br>
+:    Issue public: 2nd December 2009<br></br>Update released:
+     19th October 2010<br></br>
 :    Affected: 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10,
      2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0
 
@@ -226,9 +226,9 @@ APR-util library, used to process non-SS
 send requests, carefully crafting the timing of individual bytes, which
 would slowly consume memory, potentially leading to a denial of service.
 
-:    Reported to security team: 3rd March 2010<br></br>Issue public:
-     1st October 2010<br></br>Update released:
-     19th October 2010<br></br>
+:    Reported to security team: 3rd March 2010<br></br>Issue public:
+     1st October 2010<br></br>Update released:
+     19th October 2010<br></br>
 :    Affected: 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10,
      2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0
 
@@ -263,8 +263,8 @@ Binary replacement modules are at
 Acknowledgements: We would like to thank Loren Anderson for the detailed
 analysis and reporting of this issue.
 
-:    Issue public: 9th June 2010<br></br>Update released:
-     25th July 2010<br></br>
+:    Issue public: 9th June 2010<br></br>Update released:
+     25th July 2010<br></br>
 :    Affected: 2.3.5-alpha, 2.3.4-alpha, 2.2.15, 2.2.14, 2.2.13, 2.2.12,
      2.2.11, 2.2.10, 2.2.9
 
@@ -282,8 +282,8 @@ is used.
 
 Acknowledgements: This issue was reported by Mark Drayton.
 
-:    Reported to security team: 4th May 2010<br></br>Issue public:
-     25th July 2010<br></br>Update released: 25th July 2010<br></br>
+:    Reported to security team: 4th May 2010<br></br>Issue public:
+     25th July 2010<br></br>Update released: 25th July 2010<br></br>
 :    Affected: 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9,
      2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0
 
@@ -303,8 +303,8 @@ execution.
 Acknowledgements: We would like to thank Brett Gervasoni of Sense of
 Security for reporting and proposing a patch fix for this issue.
 
-:    Reported to security team: 9th February 2010<br></br>Issue public:
-     2nd March 2010<br></br>Update released: 5th March 2010<br></br>
+:    Reported to security team: 9th February 2010<br></br>Issue public:
+     2nd March 2010<br></br>Update released: 5th March 2010<br></br>
 :    Affected: 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6,
      2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0
 
@@ -326,8 +326,8 @@ or winnt MPMs.
 Acknowledgements: We would like to thank Philip Pickett of VMware for
 reporting and proposing a fix for this issue.
 
-:    Issue public: 9th December 2009<br></br>Update released:
-     5th March 2010<br></br>
+:    Issue public: 9th December 2009<br></br>Update released:
+     5th March 2010<br></br>
 :    Affected: 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6,
      2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0
 
@@ -342,8 +342,8 @@ trigger this issue, resulting in denial 
 Acknowledgements: We would like to thank Niku Toivola of Sulake Corporation
 for reporting and proposing a patch fix for this issue.
 
-:    Reported to security team: 2nd February 2010<br></br>Issue public:
-     2nd March 2010<br></br>Update released: 5th March 2010<br></br>
+:    Reported to security team: 2nd February 2010<br></br>Issue public:
+     2nd March 2010<br></br>Update released: 5th March 2010<br></br>
 :    Affected: 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6,
      2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0
 
@@ -356,8 +356,8 @@ malicious FTP server to which requests a
 flaw to crash an httpd child process via a malformed reply to the EPSV or
 PASV commands, resulting in a limited denial of service.
 
-:    Reported to security team: 4th September 2009<br></br>Issue public:
-     2nd August 2009<br></br>Update released: 5th October 2009<br></br>
+:    Reported to security team: 4th September 2009<br></br>Issue public:
+     2nd August 2009<br></br>Update released: 5th October 2009<br></br>
 :    Affected: 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5,
      2.2.4, 2.2.3, 2.2.2, 2.2.0
 
@@ -369,8 +369,8 @@ configuration, a remote attacker could u
 access restrictions by creating a carefully-crafted HTTP Authorization
 header, allowing the attacker to send arbitrary commands to the FTP server.
 
-:    Reported to security team: 3rd September 2009<br></br>Issue public:
-     3rd August 2009<br></br>Update released: 5th October 2009<br></br>
+:    Reported to security team: 3rd September 2009<br></br>Issue public:
+     3rd August 2009<br></br>Update released: 5th October 2009<br></br>
 :    Affected: 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5,
      2.2.4, 2.2.3, 2.2.2, 2.2.0
 
@@ -382,9 +382,9 @@ Port backend) caused by a bug in APR. A 
 issue on Solaris servers which used prefork or event MPMs, resulting in a
 denial of service.
 
-:    Reported to security team: 5th August 2009<br></br>Issue public:
-     23rd September 2009<br></br>Update released:
-     5th October 2009<br></br>
+:    Reported to security team: 5th August 2009<br></br>Issue public:
+     23rd September 2009<br></br>Update released:
+     5th October 2009<br></br>
 :    Affected: 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5,
      2.2.4, 2.2.3, 2.2.2, 2.2.0
 
@@ -399,8 +399,8 @@ Apache HTTP Server itself does not pass 
 this function, so it could only be triggered through some other application
 which uses apr_palloc() in a vulnerable way.
 
-:    Reported to security team: 27th July 2009<br></br>Issue public:
-     4th August 2009<br></br>Update released: 9th August 2009<br></br>
+:    Reported to security team: 27th July 2009<br></br>Issue public:
+     4th August 2009<br></br>Update released: 9th August 2009<br></br>
 :    Affected: 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4,
      2.2.3, 2.2.2, 2.2.0
 
@@ -413,8 +413,8 @@ A denial of service flaw was found in th
 as a reverse proxy. A remote attacker could use this flaw to force a proxy
 process to consume large amounts of CPU time.
 
-:    Reported to security team: 30th June 2009<br></br>Issue public:
-     2nd July 2009<br></br>Update released: 27th July 2009<br></br>
+:    Reported to security team: 30th June 2009<br></br>Issue public:
+     2nd July 2009<br></br>Update released: 27th July 2009<br></br>
 :    Affected: 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3,
      2.2.2, 2.2.0
 
@@ -425,8 +425,8 @@ An information disclosure flaw was found
 only. In certain situations, if a user sent a carefully crafted HTTP
 request, the server could return a response intended for another user.
 
-:    Reported to security team: 5th March 2009<br></br>Issue public:
-     21st April 2009<br></br>Update released: 27th July 2009<br></br>
+:    Reported to security team: 5th March 2009<br></br>Issue public:
+     21st April 2009<br></br>Update released: 27th July 2009<br></br>
 :    Affected: 2.2.11
 
 :     **low:**	**<name name="CVE-2009-1891">mod_deflate DoS</name>** 
@@ -437,8 +437,8 @@ the network connection that requested th
 compression completed. This would cause mod_deflate to consume large
 amounts of CPU if mod_deflate was enabled for a large file.
 
-:    Issue public: 26th June 2009<br></br>Update released:
-     27th July 2009<br></br>
+:    Issue public: 26th June 2009<br></br>Update released:
+     27th July 2009<br></br>
 :    Affected: 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3,
      2.2.2, 2.2.0
 
@@ -450,8 +450,8 @@ directives. In configurations using the 
 certain "Options=" arguments, local users were not restricted from
 executing commands from a Server-Side-Include script as intended.
 
-:    Reported to security team: 9th March 2009<br></br>Issue public:
-     22nd April 2009<br></br>Update released: 27th July 2009<br></br>
+:    Reported to security team: 9th March 2009<br></br>Issue public:
+     22nd April 2009<br></br>Update released: 27th July 2009<br></br>
 :    Affected: 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3,
      2.2.2, 2.2.0
 
@@ -464,8 +464,8 @@ provide a specially-crafted string as in
 conversion routine, which could, on big-endian platforms, potentially lead
 to the disclosure of sensitive information or a denial of service.
 
-:    Issue public: 24th April 2009<br></br>Update released:
-     72th  2009<br></br>
+:    Issue public: 24th April 2009<br></br>Update released:
+     72th  2009<br></br>
 :    Affected: 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3,
      2.2.2, 2.2.0
 
@@ -477,8 +477,8 @@ library Extensible Markup Language (XML)
 create a specially-crafted XML document that would cause excessive memory
 consumption when processed by the XML decoding engine.
 
-:    Issue public: 1st June 2009<br></br>Update released:
-     27th July 2009<br></br>
+:    Issue public: 1st June 2009<br></br>Update released:
+     27th July 2009<br></br>
 :    Affected: 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3,
      2.2.2, 2.2.0
 
@@ -491,8 +491,8 @@ attacker could formulate a specially-cra
 overwrite arbitrary heap memory locations when processed by the pattern
 preparation engine.
 
-:    Issue public: 1st June 2009<br></br>Update released:
-     27th July 2009<br></br>
+:    Issue public: 1st June 2009<br></br>Update released:
+     27th July 2009<br></br>
 :    Affected: 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3,
      2.2.2, 2.2.0
 
@@ -510,8 +510,8 @@ The simplest workaround is to globally c
 
 SetEnv proxy-nokeepalive 1
 
-:    Issue public: 23rd July 2010<br></br>Update released:
-     31st October 2008<br></br>
+:    Issue public: 23rd July 2010<br></br>Update released:
+     31st October 2008<br></br>
 :    Affected: 2.2.9
 
 :     **low:**	**<name name="CVE-2008-2939">mod_proxy_ftp globbing
@@ -522,9 +522,9 @@ mod_proxy_ftp. If mod_proxy_ftp is enabl
 requests containing globbing characters could lead to cross-site scripting
 (XSS) attacks.
 
-:    Reported to security team: 28th July 2008<br></br>Issue public:
-     5th August 2008<br></br>Update released:
-     31st October 2008<br></br>
+:    Reported to security team: 28th July 2008<br></br>Issue public:
+     5th August 2008<br></br>Update released:
+     31st October 2008<br></br>
 :    Affected: 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0
 
 # Fixed in Apache httpd 2.2.9 # {#2.2.9}
@@ -535,8 +535,8 @@ requests containing globbing characters 
 The mod_proxy_balancer provided an administrative interface that could be
 vulnerable to cross-site request forgery (CSRF) attacks.
 
-:    Reported to security team: 12th October 2007<br></br>Issue public:
-     9th January 2008<br></br>Update released: 14th June 2008<br></br>
+:    Reported to security team: 12th October 2007<br></br>Issue public:
+     9th January 2008<br></br>Update released: 14th June 2008<br></br>
 :    Affected: 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0
 
 :     **moderate:**  **<name name="CVE-2008-2364">mod_proxy_http
@@ -546,8 +546,8 @@ A flaw was found in the handling of exce
 origin server when using mod_proxy_http. A remote attacker could cause a
 denial of service or high memory usage.
 
-:    Reported to security team: 29th May 2008<br></br>Issue public:
-     10th June 2008<br></br>Update released: 14th June 2008<br></br>
+:    Reported to security team: 29th May 2008<br></br>Issue public:
+     10th June 2008<br></br>Update released: 14th June 2008<br></br>
 :    Affected: 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0
 
 # Fixed in Apache httpd 2.2.8 # {#2.2.8}
@@ -560,9 +560,9 @@ mod_proxy_ftp is enabled and a forward p
 scripting attack is possible against Web browsers which do not correctly
 derive the response character set following the rules in RFC 2616.
 
-:    Reported to security team: 15th December 2007<br></br>Issue public:
-     8th January 2008<br></br>Update released:
-     19th January 2008<br></br>
+:    Reported to security team: 15th December 2007<br></br>Issue public:
+     8th January 2008<br></br>Update released:
+     19th January 2008<br></br>
 :    Affected: 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0
 
 :     **low:**	**<name name="CVE-2007-6422">mod_proxy_balancer
@@ -574,9 +574,9 @@ crafted request that would cause the Apa
 request to crash. This could lead to a denial of service if using a
 threaded Multi-Processing Module.
 
-:    Reported to security team: 12th December 2007<br></br>Issue public:
-     2nd January 2008<br></br>Update released:
-     19th January 2008<br></br>
+:    Reported to security team: 12th December 2007<br></br>Issue public:
+     2nd January 2008<br></br>Update released:
+     19th January 2008<br></br>
 :    Affected: 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0
 
 :     **low:**	**<name name="CVE-2007-6421">mod_proxy_balancer
@@ -586,9 +586,9 @@ A flaw was found in the mod_proxy_balanc
 mod_proxy_balancer is enabled, a cross-site scripting attack against an
 authorized user is possible.
 
-:    Reported to security team: 12th December 2007<br></br>Issue public:
-     2nd January 2008<br></br>Update released:
-     19th January 2008<br></br>
+:    Reported to security team: 12th December 2007<br></br>Issue public:
+     2nd January 2008<br></br>Update released:
+     19th January 2008<br></br>
 :    Affected: 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0
 
 :     **moderate:**  **<name name="CVE-2007-6388">mod_status XSS</name>** 
@@ -599,9 +599,9 @@ scripting attack is possible. Note that 
 enabled by default and it is best practice to not make this publicly
 available.
 
-:    Reported to security team: 15th December 2007<br></br>Issue public:
-     2nd January 2008<br></br>Update released:
-     19th January 2008<br></br>
+:    Reported to security team: 15th December 2007<br></br>Issue public:
+     2nd January 2008<br></br>Update released:
+     19th January 2008<br></br>
 :    Affected: 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0
 
 :     **moderate:**  **<name name="CVE-2007-5000">mod_imagemap XSS</name>**
@@ -611,9 +611,9 @@ A flaw was found in the mod_imagemap mod
 enabled and an imagemap file is publicly available, a cross-site scripting
 attack is possible.
 
-:    Reported to security team: 23rd October 2007<br></br>Issue public:
-     11th December 2007<br></br>Update released:
-     19th January 2008<br></br>
+:    Reported to security team: 23rd October 2007<br></br>Issue public:
+     11th December 2007<br></br>Update released:
+     19th January 2008<br></br>
 :    Affected: 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0
 
 # Fixed in Apache httpd 2.2.6 # {#2.2.6}
@@ -628,8 +628,8 @@ could cause a similar crash if a user co
 malicious site using the proxy. This could lead to a denial of service if
 using a threaded Multi-Processing Module.
 
-:    Issue public: 10th December 2006<br></br>Update released:
-     7th September 2007<br></br>
+:    Issue public: 10th December 2006<br></br>Update released:
+     7th September 2007<br></br>
 :    Affected: 2.2.4, 2.2.3, 2.2.2, 2.2.0
 
 :     **moderate:**  **<name name="CVE-2006-5752">mod_status cross-site
@@ -641,9 +641,9 @@ to a cross-site scripting attack. Note t
 enabled by default and it is best practice to not make this publicly
 available.
 
-:    Reported to security team: 19th October 2006<br></br>Issue public:
-     20th June 2007<br></br>Update released:
-     7th September 2007<br></br>
+:    Reported to security team: 19th October 2006<br></br>Issue public:
+     20th June 2007<br></br>Update released:
+     7th September 2007<br></br>
 :    Affected: 2.2.4, 2.2.3, 2.2.2, 2.2.0
 
 :     **moderate:**  **<name name="CVE-2007-3304">Signals to arbitrary
@@ -655,9 +655,9 @@ scripts on the HTTP server could manipul
 arbitrary processes to be terminated which could lead to a denial of
 service.
 
-:    Reported to security team: 15th May 2006<br></br>Issue public:
-     19th June 2007<br></br>Update released:
-     7th September 2007<br></br>
+:    Reported to security team: 15th May 2006<br></br>Issue public:
+     19th June 2007<br></br>Update released:
+     7th September 2007<br></br>
 :    Affected: 2.2.4, 2.2.3, 2.2.2, 2.2.0
 
 :     **moderate:**  **<name name="CVE-2007-1862">mod_cache information
@@ -668,8 +668,8 @@ properly copy all levels of header data,
 HTTP headers containing previously used data, which could be used by remote
 attackers to obtain potentially sensitive information.
 
-:    Reported to security team: 26th April 2007<br></br>Issue public:
-     1st June 2007<br></br>Update released: 7th September 2007<br></br>
+:    Reported to security team: 26th April 2007<br></br>Issue public:
+     1st June 2007<br></br>Update released: 7th September 2007<br></br>
 :    Affected: 2.2.4
 
 :     **moderate:**  **<name name="CVE-2007-1863">mod_cache proxy
@@ -680,9 +680,9 @@ a remote attacker could send a carefully
 the Apache child process handling that request to crash. This could lead to
 a denial of service if using a threaded Multi-Processing Module.
 
-:    Reported to security team: 2nd May 2007<br></br>Issue public:
-     18th June 2007<br></br>Update released:
-     7th September 2007<br></br>
+:    Reported to security team: 2nd May 2007<br></br>Issue public:
+     18th June 2007<br></br>Update released:
+     7th September 2007<br></br>
 :    Affected: 2.2.4, 2.2.3, 2.2.2, 2.2.0
 
 # Fixed in Apache httpd 2.2.3 # {#2.2.3}
@@ -698,8 +698,8 @@ remotely. For vulnerable builds, the nat
 denial of service (crashing of web server processes) or potentially allow
 arbitrary code execution.
 
-:    Reported to security team: 21st July 2006<br></br>Issue public:
-     27th July 2006<br></br>Update released: 27th July 2006<br></br>
+:    Reported to security team: 21st July 2006<br></br>Issue public:
+     27th July 2006<br></br>Update released: 27th July 2006<br></br>
 :    Affected: 2.2.2, 2.2.0
 
 # Fixed in Apache httpd 2.2.2 # {#2.2.2}
@@ -713,8 +713,8 @@ and a custom 400 error document. A remot
 crafted request to trigger this issue which would lead to a crash. This
 crash would only be a denial of service if using the worker MPM.
 
-:    Reported to security team: 5th December 2005<br></br>Issue public:
-     12th December 2005<br></br>Update released: 1st May 2006<br></br>
+:    Reported to security team: 5th December 2005<br></br>Issue public:
+     12th December 2005<br></br>Update released: 1st May 2006<br></br>
 :    Affected: 2.2.0
 
 :     **moderate:**  **<name name="CVE-2005-3352">mod_imap Referer
@@ -725,7 +725,7 @@ certain site configurations a remote att
 scripting attack if a victim can be forced to visit a malicious URL using
 certain web browsers.
 
-:    Reported to security team: 1st November 2005<br></br>Issue public:
-     12th December 2005<br></br>Update released: 1st May 2006<br></br>
+:    Reported to security team: 1st November 2005<br></br>Issue public:
+     12th December 2005<br></br>Update released: 1st May 2006<br></br>
 :    Affected: 2.2.0
 



Mime
View raw message