httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r958699 - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_24.html
Date Fri, 17 Jul 2015 15:01:59 GMT
Author: buildbot
Date: Fri Jul 17 15:01:58 2015
New Revision: 958699

Log:
Staging update by buildbot for httpd

Modified:
    websites/staging/httpd/trunk/content/   (props changed)
    websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.xml
    websites/staging/httpd/trunk/content/security/vulnerabilities_24.html

Propchange: websites/staging/httpd/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Fri Jul 17 15:01:58 2015
@@ -1 +1 @@
-1691587
+1691588

Modified: websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.xml
==============================================================================
--- websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.xml (original)
+++ websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.xml Fri Jul 17 15:01:58
2015
@@ -80,9 +80,9 @@ This issue was reported by Régis Lero
   2.4.x Require lines are used for authorization as well and can
   appear in configurations even when no authentication is required and
   the request is entirely unrestricted.  This could lead to modules
-  using this API to allow access when they should otherwise not do so
-  (e.g. mod_authz_svn in CVE-2015-3184).  API users should use the new
-  ap_some_authn_required API added in 2.4.16 instead.
+  using this API to allow access when they should otherwise not do so.
+  API users should use the new ap_some_authn_required API added in
+  2.4.16 instead.
   
   </p></description>
 <affects prod="httpd" version="2.4.12"/>
@@ -97,6 +97,9 @@ This issue was reported by Régis Lero
 <affects prod="httpd" version="2.4.2"/>
 <affects prod="httpd" version="2.4.1"/>
 <affects prod="httpd" version="2.4.0"/>
+<acknowledgements>
+This issue was reported by Ben Reser.
+</acknowledgements>
 </issue>
 
 <issue fixed="2.4.12" reported="20141109" public="20141109" released="20150130">

Modified: websites/staging/httpd/trunk/content/security/vulnerabilities_24.html
==============================================================================
--- websites/staging/httpd/trunk/content/security/vulnerabilities_24.html (original)
+++ websites/staging/httpd/trunk/content/security/vulnerabilities_24.html Fri Jul 17 15:01:58
2015
@@ -191,13 +191,18 @@ This issue was reported by Régis Lero
   2.4.x Require lines are used for authorization as well and can
   appear in configurations even when no authentication is required and
   the request is entirely unrestricted.  This could lead to modules
-  using this API to allow access when they should otherwise not do so
-  (e.g. mod_authz_svn in CVE-2015-3184).  API users should use the new
-  ap_some_authn_required API added in 2.4.16 instead.
+  using this API to allow access when they should otherwise not do so.
+  API users should use the new ap_some_authn_required API added in
+  2.4.16 instead.
   
   </p>
   </dd>
   <dd>
+    <p>Acknowledgements: 
+This issue was reported by Ben Reser.
+</p>
+  </dd>
+  <dd>
   Reported to security team: 5th August 2013<br/>
   Issue public: 9th June 2015<br/></dd>
   <dd>



Mime
View raw message