httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From m..@apache.org
Subject svn commit: r1507783 - /httpd/site/trunk/content/security/vulnerabilities-httpd.xml
Date Sun, 28 Jul 2013 11:22:27 GMT
Author: mjc
Date: Sun Jul 28 11:22:27 2013
New Revision: 1507783

URL: http://svn.apache.org/r1507783
Log:
Bring 2.0.65 vuln page up to date

Modified:
    httpd/site/trunk/content/security/vulnerabilities-httpd.xml

Modified: httpd/site/trunk/content/security/vulnerabilities-httpd.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/security/vulnerabilities-httpd.xml?rev=1507783&r1=1507782&r2=1507783&view=diff
==============================================================================
--- httpd/site/trunk/content/security/vulnerabilities-httpd.xml (original)
+++ httpd/site/trunk/content/security/vulnerabilities-httpd.xml Sun Jul 28 11:22:27 2013
@@ -91,6 +91,45 @@ This issue was reported by Ramiro Molina
 <affects prod="httpd" version="2.2.0"/>
 </issue>
 
+<issue fixed="2.0.65" reported="20130313" public="20130419" released="20130722">
+<cve name="CVE-2013-1862"/>
+<severity level="4">low</severity>
+<title>mod_rewrite log escape filtering</title>
+<description><p>
+mod_rewrite does not filter terminal escape sequences from logs,
+which could make it easier for attackers to insert those sequences
+into terminal emulators containing vulnerabilities related to escape
+sequences.
+</p></description>
+<acknowledgements>
+This issue was reported by Ramiro Molina
+</acknowledgements>
+<affects prod="httpd" version="2.0.64"/>
+<affects prod="httpd" version="2.0.63"/>
+<affects prod="httpd" version="2.0.61"/>
+<affects prod="httpd" version="2.0.59"/>
+<affects prod="httpd" version="2.0.58"/>
+<affects prod="httpd" version="2.0.55"/>
+<affects prod="httpd" version="2.0.54"/>
+<affects prod="httpd" version="2.0.53"/>
+<affects prod="httpd" version="2.0.52"/>
+<affects prod="httpd" version="2.0.51"/>
+<affects prod="httpd" version="2.0.50"/>
+<affects prod="httpd" version="2.0.49"/>
+<affects prod="httpd" version="2.0.48"/>
+<affects prod="httpd" version="2.0.47"/>
+<affects prod="httpd" version="2.0.46"/>
+<affects prod="httpd" version="2.0.45"/>
+<affects prod="httpd" version="2.0.44"/>
+<affects prod="httpd" version="2.0.43"/>
+<affects prod="httpd" version="2.0.42"/>
+<affects prod="httpd" version="2.0.40"/>
+<affects prod="httpd" version="2.0.39"/>
+<affects prod="httpd" version="2.0.37"/>
+<affects prod="httpd" version="2.0.36"/>
+<affects prod="httpd" version="2.0.35"/>
+</issue>
+
 <issue fixed="2.4.6" reported="20130529" public="20130722" released="20130722">
 <cve name="CVE-2013-2249"/>
 <severity level="3">moderate</severity>
@@ -383,6 +422,46 @@ This issue was reported by halfdog
 <affects prod="httpd" version="2.2.0"/>
 </issue>
 
+
+<issue fixed="2.0.65" reported="20111004" public="20111102" released="20130722">
+<cve name="CVE-2011-3607"/>
+<severity level="4">low</severity>
+<title>mod_setenvif .htaccess privilege escalation</title>
+<description><p>
+An integer overflow flaw was found which, when the mod_setenvif module
+is enabled, could allow local users to gain privileges via a .htaccess
+file.
+</p>
+</description>
+<acknowledgements>
+This issue was reported by halfdog
+</acknowledgements>
+<affects prod="httpd" version="2.0.64"/>
+<affects prod="httpd" version="2.0.63"/>
+<affects prod="httpd" version="2.0.61"/>
+<affects prod="httpd" version="2.0.59"/>
+<affects prod="httpd" version="2.0.58"/>
+<affects prod="httpd" version="2.0.55"/>
+<affects prod="httpd" version="2.0.54"/>
+<affects prod="httpd" version="2.0.53"/>
+<affects prod="httpd" version="2.0.52"/>
+<affects prod="httpd" version="2.0.51"/>
+<affects prod="httpd" version="2.0.50"/>
+<affects prod="httpd" version="2.0.49"/>
+<affects prod="httpd" version="2.0.48"/>
+<affects prod="httpd" version="2.0.47"/>
+<affects prod="httpd" version="2.0.46"/>
+<affects prod="httpd" version="2.0.45"/>
+<affects prod="httpd" version="2.0.44"/>
+<affects prod="httpd" version="2.0.43"/>
+<affects prod="httpd" version="2.0.42"/>
+<affects prod="httpd" version="2.0.40"/>
+<affects prod="httpd" version="2.0.39"/>
+<affects prod="httpd" version="2.0.37"/>
+<affects prod="httpd" version="2.0.36"/>
+<affects prod="httpd" version="2.0.35"/>
+</issue>
+
 <issue fixed="2.2.22" reported="20111020" public="20120122" released="20120131">
 <cve name="CVE-2011-4317"/>
 <severity level="3">moderate</severity>
@@ -473,6 +552,45 @@ This issue was reported by halfdog
 <affects prod="httpd" version="2.2.0"/>
 </issue>
 
+<issue fixed="2.0.65" reported="20111230" public="20120111" released="20130722">
+<cve name="CVE-2012-0031"/>
+<severity level="4">low</severity>
+<title>scoreboard parent DoS</title>
+<description><p>
+A flaw was found in the handling of the scoreboard.  An 
+unprivileged child process could cause the parent process to crash at 
+shutdown rather than terminate cleanly. 
+</p>
+</description>
+<acknowledgements>
+This issue was reported by halfdog
+</acknowledgements>
+<affects prod="httpd" version="2.0.64"/>
+<affects prod="httpd" version="2.0.63"/>
+<affects prod="httpd" version="2.0.61"/>
+<affects prod="httpd" version="2.0.59"/>
+<affects prod="httpd" version="2.0.58"/>
+<affects prod="httpd" version="2.0.55"/>
+<affects prod="httpd" version="2.0.54"/>
+<affects prod="httpd" version="2.0.53"/>
+<affects prod="httpd" version="2.0.52"/>
+<affects prod="httpd" version="2.0.51"/>
+<affects prod="httpd" version="2.0.50"/>
+<affects prod="httpd" version="2.0.49"/>
+<affects prod="httpd" version="2.0.48"/>
+<affects prod="httpd" version="2.0.47"/>
+<affects prod="httpd" version="2.0.46"/>
+<affects prod="httpd" version="2.0.45"/>
+<affects prod="httpd" version="2.0.44"/>
+<affects prod="httpd" version="2.0.43"/>
+<affects prod="httpd" version="2.0.42"/>
+<affects prod="httpd" version="2.0.40"/>
+<affects prod="httpd" version="2.0.39"/>
+<affects prod="httpd" version="2.0.37"/>
+<affects prod="httpd" version="2.0.36"/>
+<affects prod="httpd" version="2.0.35"/>
+</issue>
+
 <issue fixed="2.2.22" reported="20120115" public="20120123" released="20120131">
 <cve name="CVE-2012-0053"/>
 <severity level="3">moderate</severity>
@@ -508,6 +626,45 @@ This issue was reported by Norman Hipper
 <affects prod="httpd" version="2.2.0"/>
 </issue>
 
+<issue fixed="2.0.65" reported="20120115" public="20120123" released="20130722">
+<cve name="CVE-2012-0053"/>
+<severity level="3">moderate</severity>
+<title>error responses can expose cookies</title>
+<description><p>
+A flaw was found in the default error response for status code 400.  This flaw could
+be used by an attacker to expose "httpOnly" cookies
+when no custom ErrorDocument is specified.
+</p>
+</description>
+<acknowledgements>
+This issue was reported by Norman Hippert
+</acknowledgements>
+<affects prod="httpd" version="2.0.64"/>
+<affects prod="httpd" version="2.0.63"/>
+<affects prod="httpd" version="2.0.61"/>
+<affects prod="httpd" version="2.0.59"/>
+<affects prod="httpd" version="2.0.58"/>
+<affects prod="httpd" version="2.0.55"/>
+<affects prod="httpd" version="2.0.54"/>
+<affects prod="httpd" version="2.0.53"/>
+<affects prod="httpd" version="2.0.52"/>
+<affects prod="httpd" version="2.0.51"/>
+<affects prod="httpd" version="2.0.50"/>
+<affects prod="httpd" version="2.0.49"/>
+<affects prod="httpd" version="2.0.48"/>
+<affects prod="httpd" version="2.0.47"/>
+<affects prod="httpd" version="2.0.46"/>
+<affects prod="httpd" version="2.0.45"/>
+<affects prod="httpd" version="2.0.44"/>
+<affects prod="httpd" version="2.0.43"/>
+<affects prod="httpd" version="2.0.42"/>
+<affects prod="httpd" version="2.0.40"/>
+<affects prod="httpd" version="2.0.39"/>
+<affects prod="httpd" version="2.0.37"/>
+<affects prod="httpd" version="2.0.36"/>
+<affects prod="httpd" version="2.0.35"/>
+</issue>
+
 <issue fixed="2.2.22" reported="20110916" public="20111005" released="20120131">
 <cve name="CVE-2011-3368"/>
 <severity level="3">moderate</severity>
@@ -770,7 +927,7 @@ This issue was reported by Maksymilian A
 <affects prod="httpd" version="2.2.0"/>
 </issue>
 
-<issue fixed="2.0.65-dev" reported="20110302" public="20110510" released="20110521">
+<issue fixed="2.0.65" reported="20110302" public="20110510" released="20110521">
 <cve name="CVE-2011-0419"/>
 <severity level="3">moderate</severity>
 <title>apr_fnmatch flaw leads to mod_autoindex remote DoS</title>



Mime
View raw message