httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From humbed...@apache.org
Subject svn commit: r1334723 - /httpd/site/trunk/content/security/vulnerabilities_22.mdtext
Date Sun, 06 May 2012 18:03:16 GMT
Author: humbedooh
Date: Sun May  6 18:03:15 2012
New Revision: 1334723

URL: http://svn.apache.org/viewvc?rev=1334723&view=rev
Log:
Well that was no good, reverting.

Modified:
    httpd/site/trunk/content/security/vulnerabilities_22.mdtext

Modified: httpd/site/trunk/content/security/vulnerabilities_22.mdtext
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/security/vulnerabilities_22.mdtext?rev=1334723&r1=1334722&r2=1334723&view=diff
==============================================================================
--- httpd/site/trunk/content/security/vulnerabilities_22.mdtext (original)
+++ httpd/site/trunk/content/security/vulnerabilities_22.mdtext Sun May  6 18:03:15 2012
@@ -35,7 +35,7 @@ vulnerabilities to the [Security Team](/
 
 # Fixed in Apache httpd 2.2.22 # {#2.2.22}
 
-## **low:**	**<name name="CVE-2011-3607">mod_setenvif.htaccess ##
+:     **low:**	**<name name="CVE-2011-3607">mod_setenvif.htaccess
       privilege escalation</name>** 
       [CVE-2011-3607](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3607) 
 An integer overflow flaw was found which, when the mod_setenvif module is
@@ -50,7 +50,7 @@ Acknowledgements: This issue was reporte
      2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5,
      2.2.4, 2.2.3, 2.2.2, 2.2.0
 
-## **low:**	**<name name="CVE-2012-0021">mod_log_config crash</name>**  ##
+:     **low:**	**<name name="CVE-2012-0021">mod_log_config crash</name>** 
       [CVE-2012-0021](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0021) 
 A flaw was found in mod_log_config. If the '%{cookiename}C' log format
 string is in use, a remote attacker could send a specific cookie causing a
@@ -62,7 +62,7 @@ MPM.
      31st January 2012<br></br>
 :    Affected: 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17
 
-## **low:**	**<name name="CVE-2012-0031">scoreboard parent DoS</name>** ##
+:     **low:**	**<name name="CVE-2012-0031">scoreboard parent DoS</name>**
       
       [CVE-2012-0031](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0031) 
 A flaw was found in the handling of the scoreboard. An unprivileged child
@@ -78,7 +78,7 @@ Acknowledgements: This issue was reporte
      2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5,
      2.2.4, 2.2.3, 2.2.2, 2.2.0
 
-## **moderate:**  **<name name="CVE-2011-4317">mod_proxy reverse proxy ##
+:     **moderate:**  **<name name="CVE-2011-4317">mod_proxy reverse proxy
       exposure</name>** 
       [CVE-2011-4317](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317) 
 An additional exposure was found when using mod_proxy in reverse proxy
@@ -96,7 +96,7 @@ Acknowledgements: This issue was reporte
      2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5,
      2.2.4, 2.2.3, 2.2.2, 2.2.0
 
-## **moderate:**  **<name name="CVE-2012-0053">error responses can ##
+:     **moderate:**  **<name name="CVE-2012-0053">error responses can
       expose cookies</name>** 
       [CVE-2012-0053](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0053) 
 A flaw was found in the default error response for status code 400. This
@@ -112,7 +112,7 @@ Acknowledgements: This issue was reporte
      2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5,
      2.2.4, 2.2.3, 2.2.2, 2.2.0
 
-## **moderate:**  **<name name="CVE-2011-3368">mod_proxy reverse proxy ##
+:     **moderate:**  **<name name="CVE-2011-3368">mod_proxy reverse proxy
       exposure</name>** 
       [CVE-2011-3368](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368) 
 An exposure was found when using mod_proxy in reverse proxy mode. In
@@ -133,7 +133,7 @@ Ltd
 
 # Fixed in Apache httpd 2.2.21 # {#2.2.21}
 
-## **moderate:**  **<name name="CVE-2011-3348">mod_proxy_ajp remote ##
+:     **moderate:**  **<name name="CVE-2011-3348">mod_proxy_ajp remote
       DoS</name>** 
       [CVE-2011-3348](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3348) 
 A flaw was found when mod_proxy_ajp is used together with
@@ -169,7 +169,7 @@ Advisory: [CVE-2011-3192.txt](CVE-2011-3
 
 # Fixed in Apache httpd 2.2.19 # {#2.2.19}
 
-## **moderate:**  **<name name="CVE-2011-0419">apr_fnmatch flaw leads to ##
+:     **moderate:**  **<name name="CVE-2011-0419">apr_fnmatch flaw leads to
       mod_autoindex remote DoS</name>** 
       [CVE-2011-0419](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0419) 
 A flaw was found in the apr_fnmatch() function of the bundled APR library.
@@ -193,7 +193,7 @@ Acknowledgements: This issue was reporte
 
 # Fixed in Apache httpd 2.2.17 # {#2.2.17}
 
-## **low:**	**<name name="CVE-2009-3720">expat DoS</name>**  ##
+:     **low:**	**<name name="CVE-2009-3720">expat DoS</name>** 
       [CVE-2009-3720](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720) 
 A buffer over-read flaw was found in the bundled expat library. An attacker
 who is able to get Apache to parse an untrused XML document (for example
@@ -206,7 +206,7 @@ denial of service if using the worker MP
 :    Affected: 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10,
      2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0
 
-## **low:**	**<name name="CVE-2009-3560">expat DoS</name>**  ##
+:     **low:**	**<name name="CVE-2009-3560">expat DoS</name>** 
       [CVE-2009-3560](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560) 
 A buffer over-read flaw was found in the bundled expat library. An attacker
 who is able to get Apache to parse an untrused XML document (for example
@@ -218,7 +218,7 @@ denial of service if using the worker MP
 :    Affected: 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10,
      2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0
 
-## **low:**	**<name name="CVE-2010-1623">apr_bridage_split_line ##
+:     **low:**	**<name name="CVE-2010-1623">apr_bridage_split_line
       DoS</name>** 
       [CVE-2010-1623](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1623) 
 A flaw was found in the apr_brigade_split_line() function of the bundled
@@ -268,7 +268,7 @@ analysis and reporting of this issue.
 :    Affected: 2.3.5-alpha, 2.3.4-alpha, 2.2.15, 2.2.14, 2.2.13, 2.2.12,
      2.2.11, 2.2.10, 2.2.9
 
-## **low:**	**<name name="CVE-2010-1452">mod_cache and mod_dav ##
+:     **low:**	**<name name="CVE-2010-1452">mod_cache and mod_dav
       DoS</name>** 
       [CVE-2010-1452](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1452) 
 A flaw was found in the handling of requests by mod_cache and mod_dav. A
@@ -308,7 +308,7 @@ Security for reporting and proposing a p
 :    Affected: 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6,
      2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0
 
-## **low:**	**<name name="CVE-2010-0434">Subrequest handling of request ##
+:     **low:**	**<name name="CVE-2010-0434">Subrequest handling of request
       headers (mod_headers)</name>** 
       [CVE-2010-0434](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0434) 
 A flaw in the core subrequest process code was fixed, to always provide a
@@ -331,7 +331,7 @@ reporting and proposing a fix for this i
 :    Affected: 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6,
      2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0
 
-## **moderate:**  **<name name="CVE-2010-0408">mod_proxy_ajp ##
+:     **moderate:**  **<name name="CVE-2010-0408">mod_proxy_ajp
       DoS</name>** 
       [CVE-2010-0408](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0408) 
 mod_proxy_ajp would return the wrong status code if it encountered an
@@ -349,7 +349,7 @@ for reporting and proposing a patch fix 
 
 # Fixed in Apache httpd 2.2.14 # {#2.2.14}
 
-## **low:**	**<name name="CVE-2009-3094">mod_proxy_ftp DoS</name>**  ##
+:     **low:**	**<name name="CVE-2009-3094">mod_proxy_ftp DoS</name>** 
       [CVE-2009-3094](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094) 
 A NULL pointer dereference flaw was found in the mod_proxy_ftp module. A
 malicious FTP server to which requests are being proxied could use this
@@ -361,7 +361,7 @@ PASV commands, resulting in a limited de
 :    Affected: 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5,
      2.2.4, 2.2.3, 2.2.2, 2.2.0
 
-## **low:**	**<name name="CVE-2009-3095">mod_proxy_ftp FTP command ##
+:     **low:**	**<name name="CVE-2009-3095">mod_proxy_ftp FTP command
       injection</name>** 
       [CVE-2009-3095](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095) 
 A flaw was found in the mod_proxy_ftp module. In a reverse proxy
@@ -374,7 +374,7 @@ header, allowing the attacker to send ar
 :    Affected: 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5,
      2.2.4, 2.2.3, 2.2.2, 2.2.0
 
-## **moderate:**  **<name name="CVE-2009-2699">Solaris pollset ##
+:     **moderate:**  **<name name="CVE-2009-2699">Solaris pollset
       DoS</name>** 
       [CVE-2009-2699](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2699) 
 Faulty error handling was found affecting Solaris pollset support (Event
@@ -390,7 +390,7 @@ denial of service.
 
 # Fixed in Apache httpd 2.2.13 # {#2.2.13}
 
-## **low:**	**<name name="CVE-2009-2412">APR apr_palloc heap ##
+:     **low:**	**<name name="CVE-2009-2412">APR apr_palloc heap
       overflow</name>** 
       [CVE-2009-2412](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412) 
 A flaw in apr_palloc() in the bundled copy of APR could cause heap
@@ -429,7 +429,7 @@ request, the server could return a respo
      21st April 2009<br></br>Update released: 27th July 2009<br></br>
 :    Affected: 2.2.11
 
-## **low:**	**<name name="CVE-2009-1891">mod_deflate DoS</name>**  ##
+:     **low:**	**<name name="CVE-2009-1891">mod_deflate DoS</name>** 
       [CVE-2009-1891](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891) 
 A denial of service flaw was found in the mod_deflate module. This module
 continued to compress large files until compression was complete, even if
@@ -442,7 +442,7 @@ amounts of CPU if mod_deflate was enable
 :    Affected: 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3,
      2.2.2, 2.2.0
 
-## **low:**	**<name name="CVE-2009-1195">AllowOverride Options handling ##
+:     **low:**	**<name name="CVE-2009-1195">AllowOverride Options handling
       bypass</name>** 
       [CVE-2009-1195](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1195) 
 A flaw was found in the handling of the "Options" and "AllowOverride"
@@ -455,7 +455,7 @@ executing commands from a Server-Side-In
 :    Affected: 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3,
      2.2.2, 2.2.0
 
-## **moderate:**  **<name name="CVE-2009-1956">APR-util off-by-one ##
+:     **moderate:**  **<name name="CVE-2009-1956">APR-util off-by-one
       overflow</name>** 
       [CVE-2009-1956](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1956) 
 An off-by-one overflow flaw was found in the way the bundled copy of the
@@ -469,7 +469,7 @@ to the disclosure of sensitive informati
 :    Affected: 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3,
      2.2.2, 2.2.0
 
-## **moderate:**  **<name name="CVE-2009-1955">APR-util XML DoS</name>** ##
+:     **moderate:**  **<name name="CVE-2009-1955">APR-util XML DoS</name>**
       
       [CVE-2009-1955](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955) 
 A denial of service flaw was found in the bundled copy of the APR-util
@@ -482,7 +482,7 @@ consumption when processed by the XML de
 :    Affected: 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3,
      2.2.2, 2.2.0
 
-## **moderate:**  **<name name="CVE-2009-0023">APR-util heap ##
+:     **moderate:**  **<name name="CVE-2009-0023">APR-util heap
       underwrite</name>** 
       [CVE-2009-0023](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0023) 
 A heap-based underwrite flaw was found in the way the bundled copy of the
@@ -514,7 +514,7 @@ SetEnv proxy-nokeepalive 1
      31st October 2008<br></br>
 :    Affected: 2.2.9
 
-## **low:**	**<name name="CVE-2008-2939">mod_proxy_ftp globbing ##
+:     **low:**	**<name name="CVE-2008-2939">mod_proxy_ftp globbing
       XSS</name>** 
       [CVE-2008-2939](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939) 
 A flaw was found in the handling of wildcards in the path of a FTP URL with
@@ -529,7 +529,7 @@ requests containing globbing characters 
 
 # Fixed in Apache httpd 2.2.9 # {#2.2.9}
 
-## **low:**	**<name name="CVE-2007-6420">mod_proxy_balancer ##
+:     **low:**	**<name name="CVE-2007-6420">mod_proxy_balancer
       CSRF</name>** 
       [CVE-2007-6420](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6420) 
 The mod_proxy_balancer provided an administrative interface that could be
@@ -539,7 +539,7 @@ vulnerable to cross-site request forgery
      9th January 2008<br></br>Update released: 14th June 2008<br></br>
 :    Affected: 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0
 
-## **moderate:**  **<name name="CVE-2008-2364">mod_proxy_http ##
+:     **moderate:**  **<name name="CVE-2008-2364">mod_proxy_http
       DoS</name>** 
       [CVE-2008-2364](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364) 
 A flaw was found in the handling of excessive interim responses from an
@@ -552,7 +552,7 @@ denial of service or high memory usage.
 
 # Fixed in Apache httpd 2.2.8 # {#2.2.8}
 
-## **low:**	**<name name="CVE-2008-0005">mod_proxy_ftp UTF-7 ##
+:     **low:**	**<name name="CVE-2008-0005">mod_proxy_ftp UTF-7
       XSS</name>** 
       [CVE-2008-0005](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005) 
 A workaround was added in the mod_proxy_ftp module. On sites where
@@ -565,7 +565,7 @@ derive the response character set follow
      19th January 2008<br></br>
 :    Affected: 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0
 
-## **low:**	**<name name="CVE-2007-6422">mod_proxy_balancer ##
+:     **low:**	**<name name="CVE-2007-6422">mod_proxy_balancer
       DoS</name>** 
       [CVE-2007-6422](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6422) 
 A flaw was found in the mod_proxy_balancer module. On sites where
@@ -579,7 +579,7 @@ threaded Multi-Processing Module.
      19th January 2008<br></br>
 :    Affected: 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0
 
-## **low:**	**<name name="CVE-2007-6421">mod_proxy_balancer ##
+:     **low:**	**<name name="CVE-2007-6421">mod_proxy_balancer
       XSS</name>** 
       [CVE-2007-6421](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6421) 
 A flaw was found in the mod_proxy_balancer module. On sites where
@@ -591,7 +591,7 @@ authorized user is possible.
      19th January 2008<br></br>
 :    Affected: 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0
 
-## **moderate:**  **<name name="CVE-2007-6388">mod_status XSS</name>**  ##
+:     **moderate:**  **<name name="CVE-2007-6388">mod_status XSS</name>** 
       [CVE-2007-6388](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388) 
 A flaw was found in the mod_status module. On sites where mod_status is
 enabled and the status pages were publicly accessible, a cross-site
@@ -604,7 +604,7 @@ available.
      19th January 2008<br></br>
 :    Affected: 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0
 
-## **moderate:**  **<name name="CVE-2007-5000">mod_imagemap XSS</name>** ##
+:     **moderate:**  **<name name="CVE-2007-5000">mod_imagemap XSS</name>**
       
       [CVE-2007-5000](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000) 
 A flaw was found in the mod_imagemap module. On sites where mod_imagemap is
@@ -618,7 +618,7 @@ attack is possible.
 
 # Fixed in Apache httpd 2.2.6 # {#2.2.6}
 
-## **moderate:**  **<name name="CVE-2007-3847">mod_proxy crash</name>**  ##
+:     **moderate:**  **<name name="CVE-2007-3847">mod_proxy crash</name>** 
       [CVE-2007-3847](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847) 
 A flaw was found in the Apache HTTP Server mod_proxy module. On sites where
 a reverse proxy is configured, a remote attacker could send a carefully
@@ -632,7 +632,7 @@ using a threaded Multi-Processing Module
      7th September 2007<br></br>
 :    Affected: 2.2.4, 2.2.3, 2.2.2, 2.2.0
 
-## **moderate:**  **<name name="CVE-2006-5752">mod_status cross-site ##
+:     **moderate:**  **<name name="CVE-2006-5752">mod_status cross-site
       scripting</name>** 
       [CVE-2006-5752](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752) 
 A flaw was found in the mod_status module. On sites where the server-status
@@ -646,7 +646,7 @@ available.
      7th September 2007<br></br>
 :    Affected: 2.2.4, 2.2.3, 2.2.2, 2.2.0
 
-## **moderate:**  **<name name="CVE-2007-3304">Signals to arbitrary ##
+:     **moderate:**  **<name name="CVE-2007-3304">Signals to arbitrary
       processes</name>** 
       [CVE-2007-3304](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304) 
 The Apache HTTP server did not verify that a process was an Apache child
@@ -660,7 +660,7 @@ service.
      7th September 2007<br></br>
 :    Affected: 2.2.4, 2.2.3, 2.2.2, 2.2.0
 
-## **moderate:**  **<name name="CVE-2007-1862">mod_cache information ##
+:     **moderate:**  **<name name="CVE-2007-1862">mod_cache information
       leak</name>** 
       [CVE-2007-1862](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1862) 
 The recall_headers function in mod_mem_cache in Apache 2.2.4 did not
@@ -672,7 +672,7 @@ attackers to obtain potentially sensitiv
      1st June 2007<br></br>Update released: 7th September 2007<br></br>
 :    Affected: 2.2.4
 
-## **moderate:**  **<name name="CVE-2007-1863">mod_cache proxy ##
+:     **moderate:**  **<name name="CVE-2007-1863">mod_cache proxy
       DoS</name>** 
       [CVE-2007-1863](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863) 
 A bug was found in the mod_cache module. On sites where caching is enabled,
@@ -704,7 +704,7 @@ arbitrary code execution.
 
 # Fixed in Apache httpd 2.2.2 # {#2.2.2}
 
-## **low:**	**<name name="CVE-2005-3357">mod_ssl access control ##
+:     **low:**	**<name name="CVE-2005-3357">mod_ssl access control
       DoS</name>** 
       [CVE-2005-3357](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3357) 
 A NULL pointer dereference flaw in mod_ssl was discovered affecting server
@@ -717,7 +717,7 @@ crash would only be a denial of service 
      12th December 2005<br></br>Update released: 1st May 2006<br></br>
 :    Affected: 2.2.0
 
-## **moderate:**  **<name name="CVE-2005-3352">mod_imap Referer ##
+:     **moderate:**  **<name name="CVE-2005-3352">mod_imap Referer
       Cross-Site Scripting</name>** 
       [CVE-2005-3352](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352) 
 A flaw in mod_imap when using the Referer directive with image maps. In



Mime
View raw message