httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jor...@apache.org
Subject svn commit: r1691570 - /httpd/site/trunk/content/security/vulnerabilities-httpd.xml
Date Fri, 17 Jul 2015 14:26:25 GMT
Author: jorton
Date: Fri Jul 17 14:26:24 2015
New Revision: 1691570

URL: http://svn.apache.org/r1691570
Log:
Add CVE-2015-0253.

Modified:
    httpd/site/trunk/content/security/vulnerabilities-httpd.xml

Modified: httpd/site/trunk/content/security/vulnerabilities-httpd.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/security/vulnerabilities-httpd.xml?rev=1691570&r1=1691569&r2=1691570&view=diff
==============================================================================
--- httpd/site/trunk/content/security/vulnerabilities-httpd.xml (original)
+++ httpd/site/trunk/content/security/vulnerabilities-httpd.xml Fri Jul 17 14:26:24 2015
@@ -1,5 +1,22 @@
 <security updated="20150717">
+
+<issue fixed="2.4.16" reported="20150203" public="20150305" released="20150715">
+<cve name="CVE-2015-0253"/>
+<severity level="4">low</severity>
+<title>Crash in ErrorDocument 400 handling</title>
+<description><p>
+
+  A crash in ErrorDocument handling was found.  If ErrorDocument 400
+  was configured pointing to a local URL-path with the INCLUDES filter
+  active, a NULL dereference would occur when handling the error,
+  causing the child process to crash.  This issue affected the 2.4.12
+  release only.
   
+</p></description>
+<affects prod="httpd" version="2.4.12"/>
+</issue>
+
+
 <issue fixed="2.4.16" reported="20150404" public="20150609" released="20150715">
 <cve name="CVE-2015-3183"/>
 <severity level="4">low</severity>



Mime
View raw message