httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jor...@apache.org
Subject svn commit: r1691588 - /httpd/site/trunk/content/security/vulnerabilities-httpd.xml
Date Fri, 17 Jul 2015 15:01:54 GMT
Author: jorton
Date: Fri Jul 17 15:01:54 2015
New Revision: 1691588

URL: http://svn.apache.org/r1691588
Log:
Credit Ben.

Modified:
    httpd/site/trunk/content/security/vulnerabilities-httpd.xml

Modified: httpd/site/trunk/content/security/vulnerabilities-httpd.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/security/vulnerabilities-httpd.xml?rev=1691588&r1=1691587&r2=1691588&view=diff
==============================================================================
--- httpd/site/trunk/content/security/vulnerabilities-httpd.xml (original)
+++ httpd/site/trunk/content/security/vulnerabilities-httpd.xml Fri Jul 17 15:01:54 2015
@@ -80,9 +80,9 @@ This issue was reported by Régis Lero
   2.4.x Require lines are used for authorization as well and can
   appear in configurations even when no authentication is required and
   the request is entirely unrestricted.  This could lead to modules
-  using this API to allow access when they should otherwise not do so
-  (e.g. mod_authz_svn in CVE-2015-3184).  API users should use the new
-  ap_some_authn_required API added in 2.4.16 instead.
+  using this API to allow access when they should otherwise not do so.
+  API users should use the new ap_some_authn_required API added in
+  2.4.16 instead.
   
   </p></description>
 <affects prod="httpd" version="2.4.12"/>
@@ -97,6 +97,9 @@ This issue was reported by Régis Lero
 <affects prod="httpd" version="2.4.2"/>
 <affects prod="httpd" version="2.4.1"/>
 <affects prod="httpd" version="2.4.0"/>
+<acknowledgements>
+This issue was reported by Ben Reser.
+</acknowledgements>
 </issue>
 
 <issue fixed="2.4.12" reported="20141109" public="20141109" released="20150130">



Mime
View raw message