httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rj...@apache.org
Subject svn commit: r1375655 - /httpd/site/trunk/content/security/vulnerabilities-httpd.xml
Date Tue, 21 Aug 2012 16:45:16 GMT
Author: rjung
Date: Tue Aug 21 16:45:15 2012
New Revision: 1375655

URL: http://svn.apache.org/viewvc?rev=1375655&view=rev
Log:
Add vulnerabilities closed with 2.4.3.

Modified:
    httpd/site/trunk/content/security/vulnerabilities-httpd.xml

Modified: httpd/site/trunk/content/security/vulnerabilities-httpd.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/security/vulnerabilities-httpd.xml?rev=1375655&r1=1375654&r2=1375655&view=diff
==============================================================================
--- httpd/site/trunk/content/security/vulnerabilities-httpd.xml (original)
+++ httpd/site/trunk/content/security/vulnerabilities-httpd.xml Tue Aug 21 16:45:15 2012
@@ -1,5 +1,33 @@
 <security updated="20120418">
 
+<issue fixed="2.4.3" reported="20120531" public="20120613" released="20120821">
+<cve name="CVE-2012-2687"/>
+<severity level="4">low</severity>
+<title>XSS in mod_negotiation when untrusted uploads are supported</title>
+<description><p>
+Possible XSS for sites which use mod_negotiation and allow
+untrusted uploads to locations which have MultiViews enabled.
+</p>
+</description>
+<affects prod="httpd" version="2.4.2"/>
+<affects prod="httpd" version="2.4.1"/>
+</issue>
+
+<issue fixed="2.4.3" reported="20120816" public="20120816" released="20120821">
+<cve name="CVE-2012-3502"/>
+<severity level="2">important</severity>
+<title>Response mixup when using mod_proxy_ajp or mod_proxy_http</title>
+<description><p>
+The modules mod_proxy_ajp and mod_proxy_http did not always close
+the connection to the back end server when necessary as part of error
+handling. This could lead to an information disclosure due to a response mixup
+between users.
+</p>
+</description>
+<affects prod="httpd" version="2.4.2"/>
+<affects prod="httpd" version="2.4.1"/>
+</issue>
+
 <issue fixed="2.4.2" reported="20120214" public="20120302" released="20120417">
 <cve name="CVE-2012-0883"/>
 <severity level="4">low</severity>



Mime
View raw message