httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From m..@apache.org
Subject svn commit: r1507780 - /httpd/site/trunk/content/security/vulnerabilities-httpd.xml
Date Sun, 28 Jul 2013 11:08:00 GMT
Author: mjc
Date: Sun Jul 28 11:08:00 2013
New Revision: 1507780

URL: http://svn.apache.org/r1507780
Log:
Update vulndb for 2.2.24, 2.2.25, 2.4.6.  Still to do 2.0.65

Modified:
    httpd/site/trunk/content/security/vulnerabilities-httpd.xml

Modified: httpd/site/trunk/content/security/vulnerabilities-httpd.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/security/vulnerabilities-httpd.xml?rev=1507780&r1=1507779&r2=1507780&view=diff
==============================================================================
--- httpd/site/trunk/content/security/vulnerabilities-httpd.xml (original)
+++ httpd/site/trunk/content/security/vulnerabilities-httpd.xml Sun Jul 28 11:08:00 2013
@@ -1,4 +1,113 @@
-<security updated="20130226">
+<security updated="20130728">
+
+<issue fixed="2.4.6" reported="20130307" public="20130523" released="20130722">
+<cve name="CVE-2013-1896"/>
+<severity level="3">moderate</severity>
+<title>mod_dav crash</title>
+<description><p>
+Sending a MERGE request against a URI handled by mod_dav_svn with the
+source href (sent as part of the request body as XML) pointing to a
+URI that is not configured for DAV will trigger a segfault.
+</p></description>
+<acknowledgements>
+This issue was reported by Ben Reser
+</acknowledgements>
+<affects prod="httpd" version="2.4.4"/>
+<affects prod="httpd" version="2.4.3"/>
+<affects prod="httpd" version="2.4.2"/>
+<affects prod="httpd" version="2.4.1"/>
+</issue>
+
+<issue fixed="2.2.25" reported="20130307" public="20130523" released="20130722">
+<cve name="CVE-2013-1896"/>
+<severity level="3">moderate</severity>
+<title>mod_dav crash</title>
+<description><p>
+Sending a MERGE request against a URI handled by mod_dav_svn with the
+source href (sent as part of the request body as XML) pointing to a
+URI that is not configured for DAV will trigger a segfault.
+</p></description>
+<acknowledgements>
+This issue was reported by Ben Reser
+</acknowledgements>
+<affects prod="httpd" version="2.2.23"/>
+<affects prod="httpd" version="2.2.22"/>
+<affects prod="httpd" version="2.2.21"/>
+<affects prod="httpd" version="2.2.20"/>
+<affects prod="httpd" version="2.2.19"/>
+<affects prod="httpd" version="2.2.18"/>
+<affects prod="httpd" version="2.2.17"/>
+<affects prod="httpd" version="2.2.16"/>
+<affects prod="httpd" version="2.2.15"/>
+<affects prod="httpd" version="2.2.14"/>
+<affects prod="httpd" version="2.2.13"/>
+<affects prod="httpd" version="2.2.12"/>
+<affects prod="httpd" version="2.2.11"/>
+<affects prod="httpd" version="2.2.10"/>
+<affects prod="httpd" version="2.2.9"/>
+<affects prod="httpd" version="2.2.8"/>
+<affects prod="httpd" version="2.2.6"/>
+<affects prod="httpd" version="2.2.5"/>
+<affects prod="httpd" version="2.2.4"/>
+<affects prod="httpd" version="2.2.3"/>
+<affects prod="httpd" version="2.2.2"/>
+<affects prod="httpd" version="2.2.0"/>
+</issue>
+
+<issue fixed="2.2.25" reported="20130313" public="20130419" released="20130722">
+<cve name="CVE-2013-1862"/>
+<severity level="4">low</severity>
+<title>mod_rewrite log escape filtering</title>
+<description><p>
+mod_rewrite does not filter terminal escape sequences from logs,
+which could make it easier for attackers to insert those sequences
+into terminal emulators containing vulnerabilities related to escape
+sequences.
+</p></description>
+<acknowledgements>
+This issue was reported by Ramiro Molina
+</acknowledgements>
+<affects prod="httpd" version="2.2.23"/>
+<affects prod="httpd" version="2.2.22"/>
+<affects prod="httpd" version="2.2.21"/>
+<affects prod="httpd" version="2.2.20"/>
+<affects prod="httpd" version="2.2.19"/>
+<affects prod="httpd" version="2.2.18"/>
+<affects prod="httpd" version="2.2.17"/>
+<affects prod="httpd" version="2.2.16"/>
+<affects prod="httpd" version="2.2.15"/>
+<affects prod="httpd" version="2.2.14"/>
+<affects prod="httpd" version="2.2.13"/>
+<affects prod="httpd" version="2.2.12"/>
+<affects prod="httpd" version="2.2.11"/>
+<affects prod="httpd" version="2.2.10"/>
+<affects prod="httpd" version="2.2.9"/>
+<affects prod="httpd" version="2.2.8"/>
+<affects prod="httpd" version="2.2.6"/>
+<affects prod="httpd" version="2.2.5"/>
+<affects prod="httpd" version="2.2.4"/>
+<affects prod="httpd" version="2.2.3"/>
+<affects prod="httpd" version="2.2.2"/>
+<affects prod="httpd" version="2.2.0"/>
+</issue>
+
+<issue fixed="2.4.6" reported="20130529" public="20130722" released="20130722">
+<cve name="CVE-2013-2249"/>
+<severity level="3">moderate</severity>
+<title>mod_session_dbd session fixation flaw</title>
+<description><p>
+A flaw in mod_session_dbd caused it to proceed with save operations for a session
+without considering the dirty flag and the requirement for a new
+session ID.  
+</p></description>
+<acknowledgements>
+This issue was reported by Takashi Sato
+</acknowledgements>
+<affects prod="httpd" version="2.4.4"/>
+<affects prod="httpd" version="2.4.3"/>
+<affects prod="httpd" version="2.4.2"/>
+<affects prod="httpd" version="2.4.1"/>
+</issue>
 
 <issue fixed="2.4.4" reported="20121007" public="20130218" released="20130225">
 <cve name="CVE-2012-4558"/>
@@ -9,7 +118,7 @@ A XSS flaw affected the mod_proxy_balanc
 </p>
 </description>
 <acknowledgements>
-This issue was reported by Niels Heinen of google
+This issue was reported by Niels Heinen of Google
 </acknowledgements>
 <affects prod="httpd" version="2.4.3"/>
 <affects prod="httpd" version="2.4.2"/>
@@ -33,7 +142,7 @@ This issue was reported by Niels Heinen 
 <affects prod="httpd" version="2.4.1"/>
 </issue>
 
-<issue fixed="2.2.24-dev" reported="20121007" public="20130218" released="">
+<issue fixed="2.2.24" reported="20121007" public="20130218" released="20130225">
 <cve name="CVE-2012-4558"/>
 <severity level="3">moderate</severity>
 <title>XSS in mod_proxy_balancer</title>
@@ -42,7 +151,7 @@ A XSS flaw affected the mod_proxy_balanc
 </p>
 </description>
 <acknowledgements>
-This issue was reported by Niels Heinen of google
+This issue was reported by Niels Heinen of Google
 </acknowledgements>
 <affects prod="httpd" version="2.2.23"/>
 <affects prod="httpd" version="2.2.22"/>
@@ -68,7 +177,7 @@ This issue was reported by Niels Heinen 
 <affects prod="httpd" version="2.2.0"/>
 </issue>
 
-<issue fixed="2.2.24-dev" reported="20120711" public="20130218" released="">
+<issue fixed="2.2.24" reported="20120711" public="20130218" released="20130225">
 <cve name="CVE-2012-3499"/>
 <severity level="4">low</severity>
 <title>XSS due to unescaped hostnames</title>
@@ -436,7 +545,7 @@ This issue was reported by Context Infor
 <affects prod="httpd" version="2.2.0"/>
 </issue>
 
-<issue fixed="2.0.65-dev" reported="20110916" public="20111005" released="">
+<issue fixed="2.0.65" reported="20110916" public="20111005" released="20130712">
 <cve name="CVE-2011-3368"/>
 <severity level="3">moderate</severity>
 <title>mod_proxy reverse proxy exposure</title>
@@ -580,7 +689,7 @@ Advisory: <a href="CVE-2011-3192.txt">CV
 <affects prod="httpd" version="2.2.0"/>
 </issue>
 
-<issue fixed="2.0.65-dev" reported="20110820" public="20110820" released="20110830">
+<issue fixed="2.0.65" reported="20110820" public="20110820" released="20130712">
 <cve name="CVE-2011-3192"/>
 <severity level="2">important</severity>
 <title>Range header remote DoS</title>



Mime
View raw message