httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From m..@apache.org
Subject svn commit: r1450144 - /httpd/site/trunk/content/security/vulnerabilities-httpd.xml
Date Tue, 26 Feb 2013 12:04:53 GMT
Author: mjc
Date: Tue Feb 26 12:04:52 2013
New Revision: 1450144

URL: http://svn.apache.org/r1450144
Log:
Add new issues from http://www.apache.org/dist/httpd/Announcement2.4.html

Modified:
    httpd/site/trunk/content/security/vulnerabilities-httpd.xml

Modified: httpd/site/trunk/content/security/vulnerabilities-httpd.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/security/vulnerabilities-httpd.xml?rev=1450144&r1=1450143&r2=1450144&view=diff
==============================================================================
--- httpd/site/trunk/content/security/vulnerabilities-httpd.xml (original)
+++ httpd/site/trunk/content/security/vulnerabilities-httpd.xml Tue Feb 26 12:04:52 2013
@@ -1,4 +1,108 @@
-<security updated="20120926">
+<security updated="20130226">
+
+<issue fixed="2.4.4" reported="20121007" public="20130218" released="20130225">
+<cve name="CVE-2012-4558"/>
+<severity level="3">moderate</severity>
+<title>XSS in mod_proxy_balancer</title>
+<description><p>
+A XSS flaw affected the mod_proxy_balancer manager interface.
+</p>
+</description>
+<acknowledgements>
+This issue was reported by Niels Heinen of google
+</acknowledgements>
+<affects prod="httpd" version="2.4.3"/>
+<affects prod="httpd" version="2.4.2"/>
+<affects prod="httpd" version="2.4.1"/>
+</issue>
+
+<issue fixed="2.4.4" reported="20120711" public="20130218" released="20130225">
+<cve name="CVE-2012-3499"/>
+<severity level="4">low</severity>
+<title>XSS due to unescaped hostnames</title>
+<description><p>
+Various XSS flaws due to unescaped hostnames and URIs HTML output in
+mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp.
+</p>
+</description>
+<acknowledgements>
+This issue was reported by Niels Heinen of Google
+</acknowledgements>
+<affects prod="httpd" version="2.4.3"/>
+<affects prod="httpd" version="2.4.2"/>
+<affects prod="httpd" version="2.4.1"/>
+</issue>
+
+<issue fixed="2.2.24-dev" reported="20121007" public="20130218" released="">
+<cve name="CVE-2012-4558"/>
+<severity level="3">moderate</severity>
+<title>XSS in mod_proxy_balancer</title>
+<description><p>
+A XSS flaw affected the mod_proxy_balancer manager interface.
+</p>
+</description>
+<acknowledgements>
+This issue was reported by Niels Heinen of google
+</acknowledgements>
+<affects prod="httpd" version="2.2.23"/>
+<affects prod="httpd" version="2.2.22"/>
+<affects prod="httpd" version="2.2.21"/>
+<affects prod="httpd" version="2.2.20"/>
+<affects prod="httpd" version="2.2.19"/>
+<affects prod="httpd" version="2.2.18"/>
+<affects prod="httpd" version="2.2.17"/>
+<affects prod="httpd" version="2.2.16"/>
+<affects prod="httpd" version="2.2.15"/>
+<affects prod="httpd" version="2.2.14"/>
+<affects prod="httpd" version="2.2.13"/>
+<affects prod="httpd" version="2.2.12"/>
+<affects prod="httpd" version="2.2.11"/>
+<affects prod="httpd" version="2.2.10"/>
+<affects prod="httpd" version="2.2.9"/>
+<affects prod="httpd" version="2.2.8"/>
+<affects prod="httpd" version="2.2.6"/>
+<affects prod="httpd" version="2.2.5"/>
+<affects prod="httpd" version="2.2.4"/>
+<affects prod="httpd" version="2.2.3"/>
+<affects prod="httpd" version="2.2.2"/>
+<affects prod="httpd" version="2.2.0"/>
+</issue>
+
+<issue fixed="2.2.24-dev" reported="20120711" public="20130218" released="">
+<cve name="CVE-2012-3499"/>
+<severity level="4">low</severity>
+<title>XSS due to unescaped hostnames</title>
+<description><p>
+Various XSS flaws due to unescaped hostnames and URIs HTML output in
+mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp.
+</p>
+</description>
+<acknowledgements>
+This issue was reported by Niels Heinen of Google
+</acknowledgements>
+<affects prod="httpd" version="2.2.23"/>
+<affects prod="httpd" version="2.2.22"/>
+<affects prod="httpd" version="2.2.21"/>
+<affects prod="httpd" version="2.2.20"/>
+<affects prod="httpd" version="2.2.19"/>
+<affects prod="httpd" version="2.2.18"/>
+<affects prod="httpd" version="2.2.17"/>
+<affects prod="httpd" version="2.2.16"/>
+<affects prod="httpd" version="2.2.15"/>
+<affects prod="httpd" version="2.2.14"/>
+<affects prod="httpd" version="2.2.13"/>
+<affects prod="httpd" version="2.2.12"/>
+<affects prod="httpd" version="2.2.11"/>
+<affects prod="httpd" version="2.2.10"/>
+<affects prod="httpd" version="2.2.9"/>
+<affects prod="httpd" version="2.2.8"/>
+<affects prod="httpd" version="2.2.6"/>
+<affects prod="httpd" version="2.2.5"/>
+<affects prod="httpd" version="2.2.4"/>
+<affects prod="httpd" version="2.2.3"/>
+<affects prod="httpd" version="2.2.2"/>
+<affects prod="httpd" version="2.2.0"/>
+</issue>
 
 <issue fixed="2.2.23" reported="20120531" public="20120613" released="20120913">
 <cve name="CVE-2012-2687"/>



Mime
View raw message