httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r1015998 - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.page/securitydb.xsl security/vulnerabilities_22.html security/vulnerabilities_24.html
Date Wed, 26 Jul 2017 16:30:54 GMT
Author: buildbot
Date: Wed Jul 26 16:30:54 2017
New Revision: 1015998

Log:
Staging update by buildbot for httpd

Modified:
    websites/staging/httpd/trunk/content/   (props changed)
    websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.page/securitydb.xsl
    websites/staging/httpd/trunk/content/security/vulnerabilities_22.html
    websites/staging/httpd/trunk/content/security/vulnerabilities_24.html

Propchange: websites/staging/httpd/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Wed Jul 26 16:30:54 2017
@@ -1 +1 @@
-1802599
+1803072

Modified: websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.page/securitydb.xsl
==============================================================================
Binary files - no diff available.

Modified: websites/staging/httpd/trunk/content/security/vulnerabilities_22.html
==============================================================================
--- websites/staging/httpd/trunk/content/security/vulnerabilities_22.html (original)
+++ websites/staging/httpd/trunk/content/security/vulnerabilities_22.html Wed Jul 26 16:30:54
2017
@@ -111,6 +111,7 @@ Fixed in Apache httpd 2.2.34</h1><dl>
   <dd>
     <b>important: </b>
     <b>
+      <a name="CVE-2017-9788"/>
       <name name="CVE-2017-9788">Uninitialized memory reflection in mod_auth_digest</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9788">CVE-2017-9788</a>
@@ -143,6 +144,7 @@ We would like to thank Robert Świę
   <dd>
     <b>important: </b>
     <b>
+      <a name="CVE-2017-3167"/>
       <name name="CVE-2017-3167">ap_get_basic_auth_pw() Authentication Bypass</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167">CVE-2017-3167</a>
@@ -175,6 +177,7 @@ We would like to thank Emmanuel Dreyfus
   <dd>
     <b>important: </b>
     <b>
+      <a name="CVE-2017-3169"/>
       <name name="CVE-2017-3169">mod_ssl Null Pointer Dereference</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169">CVE-2017-3169</a>
@@ -200,6 +203,7 @@ reporting this issue.
   <dd>
     <b>important: </b>
     <b>
+      <a name="CVE-2017-7668"/>
       <name name="CVE-2017-7668">ap_find_token() Buffer Overread</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668">CVE-2017-7668</a>
@@ -228,6 +232,7 @@ issue.
   <dd>
     <b>important: </b>
     <b>
+      <a name="CVE-2017-7679"/>
       <name name="CVE-2017-7679">mod_mime Buffer Overread</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679">CVE-2017-7679</a>
@@ -254,6 +259,7 @@ Fixed in Apache httpd 2.2.32</h1><dl>
   <dd>
     <b>important: </b>
     <b>
+      <a name="CVE-2016-8743"/>
       <name name="CVE-2016-8743">Apache HTTP Request Parsing Whitespace Defects</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743">CVE-2016-8743</a>
@@ -323,6 +329,7 @@ as well as Régis Leroy for each repor
   <dd>
     <b>n/a: </b>
     <b>
+      <a name="CVE-2016-5387"/>
       <name name="CVE-2016-5387">HTTP_PROXY environment variable "httpoxy" mitigation</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5387">CVE-2016-5387</a>
@@ -357,6 +364,7 @@ Fixed in Apache httpd 2.2.31</h1><dl>
   <dd>
     <b>low: </b>
     <b>
+      <a name="CVE-2015-3183"/>
       <name name="CVE-2015-3183">HTTP request smuggling attack against chunked request
parser</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3183">CVE-2015-3183</a>
@@ -387,6 +395,7 @@ Fixed in Apache httpd 2.2.29</h1><dl>
   <dd>
     <b>important: </b>
     <b>
+      <a name="CVE-2014-0231"/>
       <name name="CVE-2014-0231">mod_cgid denial of service</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0231">CVE-2014-0231</a>
@@ -413,6 +422,7 @@ This issue was reported by Rainer Jung o
   <dd>
     <b>low: </b>
     <b>
+      <a name="CVE-2013-5704"/>
       <name name="CVE-2013-5704">HTTP Trailers processing bypass</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5704">CVE-2013-5704</a>
@@ -439,6 +449,7 @@ This issue was reported by Martin Holst
   <dd>
     <b>moderate: </b>
     <b>
+      <a name="CVE-2014-0118"/>
       <name name="CVE-2014-0118">mod_deflate denial of service</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0118">CVE-2014-0118</a>
@@ -466,6 +477,7 @@ This issue was reported by Giancarlo Pel
   <dd>
     <b>moderate: </b>
     <b>
+      <a name="CVE-2014-0226"/>
       <name name="CVE-2014-0226">mod_status buffer overflow</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0226">CVE-2014-0226</a>
@@ -496,6 +508,7 @@ Fixed in Apache httpd 2.2.27</h1><dl>
   <dd>
     <b>low: </b>
     <b>
+      <a name="CVE-2014-0098"/>
       <name name="CVE-2014-0098">mod_log_config crash</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0098">CVE-2014-0098</a>
@@ -521,6 +534,7 @@ This issue was reported by Rainer M Cana
   <dd>
     <b>moderate: </b>
     <b>
+      <a name="CVE-2013-6438"/>
       <name name="CVE-2013-6438">mod_dav crash</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6438">CVE-2013-6438</a>
@@ -549,6 +563,7 @@ Fixed in Apache httpd 2.2.25</h1><dl>
   <dd>
     <b>low: </b>
     <b>
+      <a name="CVE-2013-1862"/>
       <name name="CVE-2013-1862">mod_rewrite log escape filtering</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1862">CVE-2013-1862</a>
@@ -575,6 +590,7 @@ This issue was reported by Ramiro Molina
   <dd>
     <b>moderate: </b>
     <b>
+      <a name="CVE-2013-1896"/>
       <name name="CVE-2013-1896">mod_dav crash</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1896">CVE-2013-1896</a>
@@ -602,6 +618,7 @@ Fixed in Apache httpd 2.2.24</h1><dl>
   <dd>
     <b>low: </b>
     <b>
+      <a name="CVE-2012-3499"/>
       <name name="CVE-2012-3499">XSS due to unescaped hostnames</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3499">CVE-2012-3499</a>
@@ -626,6 +643,7 @@ This issue was reported by Niels Heinen
   <dd>
     <b>moderate: </b>
     <b>
+      <a name="CVE-2012-4558"/>
       <name name="CVE-2012-4558">XSS in mod_proxy_balancer</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4558">CVE-2012-4558</a>
@@ -651,6 +669,7 @@ Fixed in Apache httpd 2.2.23</h1><dl>
   <dd>
     <b>low: </b>
     <b>
+      <a name="CVE-2012-2687"/>
       <name name="CVE-2012-2687">XSS in mod_negotiation when untrusted uploads are
supported</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2687">CVE-2012-2687</a>
@@ -671,6 +690,7 @@ untrusted uploads to locations which hav
   <dd>
     <b>low: </b>
     <b>
+      <a name="CVE-2012-0883"/>
       <name name="CVE-2012-0883">insecure LD_LIBRARY_PATH handling</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0883">CVE-2012-0883</a>
@@ -694,6 +714,7 @@ Fixed in Apache httpd 2.2.22</h1><dl>
   <dd>
     <b>low: </b>
     <b>
+      <a name="CVE-2012-4557"/>
       <name name="CVE-2012-4557">mod_proxy_ajp remote DoS</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4557">CVE-2012-4557</a>
@@ -716,6 +737,7 @@ temporary denial of service.</p>
   <dd>
     <b>low: </b>
     <b>
+      <a name="CVE-2011-3607"/>
       <name name="CVE-2011-3607">mod_setenvif .htaccess privilege escalation</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3607">CVE-2011-3607</a>
@@ -741,6 +763,7 @@ This issue was reported by halfdog
   <dd>
     <b>low: </b>
     <b>
+      <a name="CVE-2012-0021"/>
       <name name="CVE-2012-0021">mod_log_config crash</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0021">CVE-2012-0021</a>
@@ -761,6 +784,7 @@ This crash would only be a denial of ser
   <dd>
     <b>low: </b>
     <b>
+      <a name="CVE-2012-0031"/>
       <name name="CVE-2012-0031">scoreboard parent DoS</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0031">CVE-2012-0031</a>
@@ -786,6 +810,7 @@ This issue was reported by halfdog
   <dd>
     <b>moderate: </b>
     <b>
+      <a name="CVE-2011-4317"/>
       <name name="CVE-2011-4317">mod_proxy reverse proxy exposure </name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317">CVE-2011-4317</a>
@@ -814,6 +839,7 @@ This issue was reported by Prutha Parikh
   <dd>
     <b>moderate: </b>
     <b>
+      <a name="CVE-2012-0053"/>
       <name name="CVE-2012-0053">error responses can expose cookies</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0053">CVE-2012-0053</a>
@@ -839,6 +865,7 @@ This issue was reported by Norman Hipper
   <dd>
     <b>moderate: </b>
     <b>
+      <a name="CVE-2011-3368"/>
       <name name="CVE-2011-3368">mod_proxy reverse proxy exposure</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368">CVE-2011-3368</a>
@@ -868,6 +895,7 @@ Fixed in Apache httpd 2.2.21</h1><dl>
   <dd>
     <b>moderate: </b>
     <b>
+      <a name="CVE-2011-3348"/>
       <name name="CVE-2011-3348">mod_proxy_ajp remote DoS</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3348">CVE-2011-3348</a>
@@ -891,6 +919,7 @@ Fixed in Apache httpd 2.2.20</h1><dl>
   <dd>
     <b>important: </b>
     <b>
+      <a name="CVE-2011-3192"/>
       <name name="CVE-2011-3192">Range header remote DoS</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192">CVE-2011-3192</a>
@@ -916,6 +945,7 @@ Fixed in Apache httpd 2.2.19</h1><dl>
   <dd>
     <b>moderate: </b>
     <b>
+      <a name="CVE-2011-0419"/>
       <name name="CVE-2011-0419">apr_fnmatch flaw leads to mod_autoindex remote DoS</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0419">CVE-2011-0419</a>
@@ -954,6 +984,7 @@ Fixed in Apache httpd 2.2.17</h1><dl>
   <dd>
     <b>low: </b>
     <b>
+      <a name="CVE-2009-3720"/>
       <name name="CVE-2009-3720">expat DoS</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720">CVE-2009-3720</a>
@@ -976,6 +1007,7 @@ be a denial of service if using the work
   <dd>
     <b>low: </b>
     <b>
+      <a name="CVE-2009-3560"/>
       <name name="CVE-2009-3560">expat DoS</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560">CVE-2009-3560</a>
@@ -998,6 +1030,7 @@ be a denial of service if using the work
   <dd>
     <b>low: </b>
     <b>
+      <a name="CVE-2010-1623"/>
       <name name="CVE-2010-1623">apr_bridage_split_line DoS</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1623">CVE-2010-1623</a>
@@ -1022,6 +1055,7 @@ Fixed in Apache httpd 2.2.16</h1><dl>
   <dd>
     <b>important: </b>
     <b>
+      <a name="CVE-2010-2068"/>
       <name name="CVE-2010-2068">Timeout detection flaw (mod_proxy_http)</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2068">CVE-2010-2068</a>
@@ -1060,6 +1094,7 @@ reporting of this issue.
   <dd>
     <b>low: </b>
     <b>
+      <a name="CVE-2010-1452"/>
       <name name="CVE-2010-1452">mod_cache and mod_dav DoS</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1452">CVE-2010-1452</a>
@@ -1092,6 +1127,7 @@ Fixed in Apache httpd 2.2.15</h1><dl>
   <dd>
     <b>important: </b>
     <b>
+      <a name="CVE-2010-0425"/>
       <name name="CVE-2010-0425">mod_isapi module unload flaw</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0425">CVE-2010-0425</a>
@@ -1121,6 +1157,7 @@ proposing a patch fix for this issue.
   <dd>
     <b>low: </b>
     <b>
+      <a name="CVE-2010-0434"/>
       <name name="CVE-2010-0434">Subrequest handling of request headers (mod_headers)</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0434">CVE-2010-0434</a>
@@ -1153,6 +1190,7 @@ fix for this issue.
   <dd>
     <b>moderate: </b>
     <b>
+      <a name="CVE-2010-0408"/>
       <name name="CVE-2010-0408">mod_proxy_ajp DoS</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0408">CVE-2010-0408</a>
@@ -1182,6 +1220,7 @@ Fixed in Apache httpd 2.2.14</h1><dl>
   <dd>
     <b>low: </b>
     <b>
+      <a name="CVE-2009-3094"/>
       <name name="CVE-2009-3094">mod_proxy_ftp DoS</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094">CVE-2009-3094</a>
@@ -1204,6 +1243,7 @@ service.
   <dd>
     <b>low: </b>
     <b>
+      <a name="CVE-2009-3095"/>
       <name name="CVE-2009-3095">mod_proxy_ftp FTP command injection</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095">CVE-2009-3095</a>
@@ -1225,6 +1265,7 @@ to the FTP server.
   <dd>
     <b>moderate: </b>
     <b>
+      <a name="CVE-2009-2699"/>
       <name name="CVE-2009-2699">Solaris pollset DoS</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2699">CVE-2009-2699</a>
@@ -1247,6 +1288,7 @@ Fixed in Apache httpd 2.2.13</h1><dl>
   <dd>
     <b>low: </b>
     <b>
+      <a name="CVE-2009-2412"/>
       <name name="CVE-2009-2412">APR apr_palloc heap overflow</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412">CVE-2009-2412</a>
@@ -1272,6 +1314,7 @@ Fixed in Apache httpd 2.2.12</h1><dl>
   <dd>
     <b>important: </b>
     <b>
+      <a name="CVE-2009-1890"/>
       <name name="CVE-2009-1890">mod_proxy reverse proxy DoS</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1890">CVE-2009-1890</a>
@@ -1292,6 +1335,7 @@ force a proxy process to consume large a
   <dd>
     <b>important: </b>
     <b>
+      <a name="CVE-2009-1191"/>
       <name name="CVE-2009-1191">mod_proxy_ajp information disclosure</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1191">CVE-2009-1191</a>
@@ -1313,6 +1357,7 @@ could return a response intended for ano
   <dd>
     <b>low: </b>
     <b>
+      <a name="CVE-2009-1891"/>
       <name name="CVE-2009-1891">mod_deflate DoS</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891">CVE-2009-1891</a>
@@ -1334,6 +1379,7 @@ file.</p>
   <dd>
     <b>low: </b>
     <b>
+      <a name="CVE-2009-1195"/>
       <name name="CVE-2009-1195">AllowOverride Options handling bypass</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1195">CVE-2009-1195</a>
@@ -1355,6 +1401,7 @@ from executing commands from a Server-Si
   <dd>
     <b>low: </b>
     <b>
+      <a name="CVE-2008-0456"/>
       <name name="CVE-2008-0456">CRLF injection in mod_negotiation when untrusted uploads
are supported</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0456">CVE-2008-0456</a>
@@ -1375,6 +1422,7 @@ MultiViews enabled.
   <dd>
     <b>moderate: </b>
     <b>
+      <a name="CVE-2009-1956"/>
       <name name="CVE-2009-1956">APR-util off-by-one overflow</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1956">CVE-2009-1956</a>
@@ -1397,6 +1445,7 @@ or a denial of service.
   <dd>
     <b>moderate: </b>
     <b>
+      <a name="CVE-2009-1955"/>
       <name name="CVE-2009-1955">APR-util XML DoS</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955">CVE-2009-1955</a>
@@ -1419,6 +1468,7 @@ engine.
   <dd>
     <b>moderate: </b>
     <b>
+      <a name="CVE-2009-0023"/>
       <name name="CVE-2009-0023">APR-util heap underwrite</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0023">CVE-2009-0023</a>
@@ -1443,6 +1493,7 @@ Fixed in Apache httpd 2.2.10</h1><dl>
   <dd>
     <b>important: </b>
     <b>
+      <a name="CVE-2010-2791"/>
       <name name="CVE-2010-2791">Timeout detection flaw (mod_proxy_http)</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2791">CVE-2010-2791</a>
@@ -1466,6 +1517,7 @@ globally configure:</p>
   <dd>
     <b>low: </b>
     <b>
+      <a name="CVE-2008-2939"/>
       <name name="CVE-2008-2939">mod_proxy_ftp globbing XSS</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939">CVE-2008-2939</a>
@@ -1488,6 +1540,7 @@ Fixed in Apache httpd 2.2.9</h1><dl>
   <dd>
     <b>low: </b>
     <b>
+      <a name="CVE-2007-6420"/>
       <name name="CVE-2007-6420">mod_proxy_balancer CSRF</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6420">CVE-2007-6420</a>
@@ -1507,6 +1560,7 @@ vulnerable to cross-site request forgery
   <dd>
     <b>moderate: </b>
     <b>
+      <a name="CVE-2008-2364"/>
       <name name="CVE-2008-2364">mod_proxy_http DoS</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364">CVE-2008-2364</a>
@@ -1528,6 +1582,7 @@ Fixed in Apache httpd 2.2.8</h1><dl>
   <dd>
     <b>low: </b>
     <b>
+      <a name="CVE-2008-0005"/>
       <name name="CVE-2008-0005">mod_proxy_ftp UTF-7 XSS</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005">CVE-2008-0005</a>
@@ -1550,6 +1605,7 @@ RFC 2616.
   <dd>
     <b>low: </b>
     <b>
+      <a name="CVE-2007-6422"/>
       <name name="CVE-2007-6422">mod_proxy_balancer DoS</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6422">CVE-2007-6422</a>
@@ -1571,6 +1627,7 @@ threaded Multi-Processing Module. </p>
   <dd>
     <b>low: </b>
     <b>
+      <a name="CVE-2007-6421"/>
       <name name="CVE-2007-6421">mod_proxy_balancer XSS</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6421">CVE-2007-6421</a>
@@ -1590,6 +1647,7 @@ authorized user is possible. </p>
   <dd>
     <b>moderate: </b>
     <b>
+      <a name="CVE-2007-6388"/>
       <name name="CVE-2007-6388">mod_status XSS</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388">CVE-2007-6388</a>
@@ -1610,6 +1668,7 @@ Note that the server-status page is not
   <dd>
     <b>moderate: </b>
     <b>
+      <a name="CVE-2007-5000"/>
       <name name="CVE-2007-5000">mod_imagemap XSS</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000">CVE-2007-5000</a>
@@ -1631,6 +1690,7 @@ Fixed in Apache httpd 2.2.6</h1><dl>
   <dd>
     <b>moderate: </b>
     <b>
+      <a name="CVE-2007-3847"/>
       <name name="CVE-2007-3847">mod_proxy crash</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847">CVE-2007-3847</a>
@@ -1653,6 +1713,7 @@ using a threaded Multi-Processing Module
   <dd>
     <b>moderate: </b>
     <b>
+      <a name="CVE-2006-5752"/>
       <name name="CVE-2006-5752">mod_status cross-site scripting</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752">CVE-2006-5752</a>
@@ -1675,6 +1736,7 @@ this publicly available.</p>
   <dd>
     <b>moderate: </b>
     <b>
+      <a name="CVE-2007-3304"/>
       <name name="CVE-2007-3304">Signals to arbitrary processes</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304">CVE-2007-3304</a>
@@ -1695,6 +1757,7 @@ terminated which could lead to a denial
   <dd>
     <b>moderate: </b>
     <b>
+      <a name="CVE-2007-1862"/>
       <name name="CVE-2007-1862">mod_cache information leak</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1862">CVE-2007-1862</a>
@@ -1715,6 +1778,7 @@ used by remote attackers to obtain poten
   <dd>
     <b>moderate: </b>
     <b>
+      <a name="CVE-2007-1863"/>
       <name name="CVE-2007-1863">mod_cache proxy DoS</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863">CVE-2007-1863</a>
@@ -1737,6 +1801,7 @@ Fixed in Apache httpd 2.2.3</h1><dl>
   <dd>
     <b>important: </b>
     <b>
+      <a name="CVE-2006-3747"/>
       <name name="CVE-2006-3747">mod_rewrite off-by-one error</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3747">CVE-2006-3747</a>
@@ -1763,6 +1828,7 @@ Fixed in Apache httpd 2.2.2</h1><dl>
   <dd>
     <b>low: </b>
     <b>
+      <a name="CVE-2005-3357"/>
       <name name="CVE-2005-3357">mod_ssl access control DoS</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3357">CVE-2005-3357</a>
@@ -1785,6 +1851,7 @@ crash would only be a denial of service
   <dd>
     <b>moderate: </b>
     <b>
+      <a name="CVE-2005-3352"/>
       <name name="CVE-2005-3352">mod_imap Referer Cross-Site Scripting</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352">CVE-2005-3352</a>

Modified: websites/staging/httpd/trunk/content/security/vulnerabilities_24.html
==============================================================================
--- websites/staging/httpd/trunk/content/security/vulnerabilities_24.html (original)
+++ websites/staging/httpd/trunk/content/security/vulnerabilities_24.html Wed Jul 26 16:30:54
2017
@@ -111,6 +111,7 @@ Fixed in Apache httpd 2.4.27</h1><dl>
   <dd>
     <b>important: </b>
     <b>
+      <a name="CVE-2017-9789"/>
       <name name="CVE-2017-9789">Read after free in mod_http2</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9789">CVE-2017-9789</a>
@@ -136,6 +137,7 @@ We would like to thank Robert Świę
   <dd>
     <b>important: </b>
     <b>
+      <a name="CVE-2017-9788"/>
       <name name="CVE-2017-9788">Uninitialized memory reflection in mod_auth_digest</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9788">CVE-2017-9788</a>
@@ -170,6 +172,7 @@ Fixed in Apache httpd 2.4.26</h1><dl>
   <dd>
     <b>important: </b>
     <b>
+      <a name="CVE-2017-3167"/>
       <name name="CVE-2017-3167">ap_get_basic_auth_pw() Authentication Bypass</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167">CVE-2017-3167</a>
@@ -202,6 +205,7 @@ We would like to thank Emmanuel Dreyfus
   <dd>
     <b>important: </b>
     <b>
+      <a name="CVE-2017-3169"/>
       <name name="CVE-2017-3169">mod_ssl Null Pointer Dereference</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169">CVE-2017-3169</a>
@@ -227,6 +231,7 @@ reporting this issue.
   <dd>
     <b>important: </b>
     <b>
+      <a name="CVE-2017-7659"/>
       <name name="CVE-2017-7659">mod_http2 Null Pointer Dereference</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7659">CVE-2017-7659</a>
@@ -251,6 +256,7 @@ We would like to thank Robert Świę
   <dd>
     <b>important: </b>
     <b>
+      <a name="CVE-2017-7668"/>
       <name name="CVE-2017-7668">ap_find_token() Buffer Overread</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668">CVE-2017-7668</a>
@@ -279,6 +285,7 @@ issue.
   <dd>
     <b>important: </b>
     <b>
+      <a name="CVE-2017-7679"/>
       <name name="CVE-2017-7679">mod_mime Buffer Overread</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679">CVE-2017-7679</a>
@@ -305,6 +312,7 @@ Fixed in Apache httpd 2.4.25</h1><dl>
   <dd>
     <b>important: </b>
     <b>
+      <a name="CVE-2016-8743"/>
       <name name="CVE-2016-8743">Apache HTTP Request Parsing Whitespace Defects</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743">CVE-2016-8743</a>
@@ -374,6 +382,7 @@ as well as Régis Leroy for each repor
   <dd>
     <b>low: </b>
     <b>
+      <a name="CVE-2016-8740"/>
       <name name="CVE-2016-8740">HTTP/2 CONTINUATION denial of service</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8740">CVE-2016-8740</a>
@@ -402,6 +411,7 @@ and CDF/SEFCOM at Arizona State Universi
   <dd>
     <b>low: </b>
     <b>
+      <a name="CVE-2016-2161"/>
       <name name="CVE-2016-2161">DoS vulnerability in mod_auth_digest</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2161">CVE-2016-2161</a>
@@ -426,6 +436,7 @@ We would like to thank Maksim Malyutin f
   <dd>
     <b>low: </b>
     <b>
+      <a name="CVE-2016-0736"/>
       <name name="CVE-2016-0736">Padding Oracle in Apache mod_session_crypto</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0736">CVE-2016-0736</a>
@@ -455,6 +466,7 @@ this issue.
   <dd>
     <b>n/a: </b>
     <b>
+      <a name="CVE-2016-5387"/>
       <name name="CVE-2016-5387">HTTP_PROXY environment variable "httpoxy" mitigation</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5387">CVE-2016-5387</a>
@@ -495,6 +507,7 @@ Fixed in Apache httpd 2.4.23</h1><dl>
   <dd>
     <b>important: </b>
     <b>
+      <a name="CVE-2016-4979"/>
       <name name="CVE-2016-4979">TLS/SSL X.509 client certificate auth bypass with
HTTP/2</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4979">CVE-2016-4979</a>
@@ -525,6 +538,7 @@ Fixed in Apache httpd 2.4.20</h1><dl>
   <dd>
     <b>low: </b>
     <b>
+      <a name="CVE-2016-1546"/>
       <name name="CVE-2016-1546">mod_http2: denial of service by thread starvation</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1546">CVE-2016-1546</a>
@@ -555,6 +569,7 @@ Fixed in Apache httpd 2.4.16</h1><dl>
   <dd>
     <b>low: </b>
     <b>
+      <a name="CVE-2015-0228"/>
       <name name="CVE-2015-0228">mod_lua: Crash in websockets PING handling</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0228">CVE-2015-0228</a>
@@ -583,6 +598,7 @@ This issue was reported by Guido Vranken
   <dd>
     <b>low: </b>
     <b>
+      <a name="CVE-2015-0253"/>
       <name name="CVE-2015-0253">Crash in ErrorDocument 400 handling</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0253">CVE-2015-0253</a>
@@ -607,6 +623,7 @@ This issue was reported by Guido Vranken
   <dd>
     <b>low: </b>
     <b>
+      <a name="CVE-2015-3183"/>
       <name name="CVE-2015-3183">HTTP request smuggling attack against chunked request
parser</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3183">CVE-2015-3183</a>
@@ -635,6 +652,7 @@ This issue was reported by Régis Lero
   <dd>
     <b>low: </b>
     <b>
+      <a name="CVE-2015-3185"/>
       <name name="CVE-2015-3185">ap_some_auth_required API unusable</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3185">CVE-2015-3185</a>
@@ -671,6 +689,7 @@ Fixed in Apache httpd 2.4.12</h1><dl>
   <dd>
     <b>low: </b>
     <b>
+      <a name="CVE-2014-8109"/>
       <name name="CVE-2014-8109">mod_lua multiple "Require" directive handling is broken</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8109">CVE-2014-8109</a>
@@ -690,6 +709,7 @@ lead to different authentication rules t
   <dd>
     <b>low: </b>
     <b>
+      <a name="CVE-2014-3583"/>
       <name name="CVE-2014-3583">mod_proxy_fcgi out-of-bounds memory read</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3583">CVE-2014-3583</a>
@@ -716,6 +736,7 @@ This issue was reported by Teguh P. Alko
   <dd>
     <b>low: </b>
     <b>
+      <a name="CVE-2014-3581"/>
       <name name="CVE-2014-3581">mod_cache crash with empty Content-Type header</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3581">CVE-2014-3581</a>
@@ -735,6 +756,7 @@ This crash would only be a denial of ser
   <dd>
     <b>low: </b>
     <b>
+      <a name="CVE-2013-5704"/>
       <name name="CVE-2013-5704">HTTP Trailers processing bypass</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5704">CVE-2013-5704</a>
@@ -763,6 +785,7 @@ Fixed in Apache httpd 2.4.10</h1><dl>
   <dd>
     <b>important: </b>
     <b>
+      <a name="CVE-2014-0231"/>
       <name name="CVE-2014-0231">mod_cgid denial of service</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0231">CVE-2014-0231</a>
@@ -789,6 +812,7 @@ This issue was reported by Rainer Jung o
   <dd>
     <b>important: </b>
     <b>
+      <a name="CVE-2014-3523"/>
       <name name="CVE-2014-3523">WinNT MPM denial of service</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3523">CVE-2014-3523</a>
@@ -815,6 +839,7 @@ This issue was reported by Jeff Trawick
   <dd>
     <b>moderate: </b>
     <b>
+      <a name="CVE-2014-0117"/>
       <name name="CVE-2014-0117">mod_proxy denial of service</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0117">CVE-2014-0117</a>
@@ -840,6 +865,7 @@ This issue was reported by Marek Kroemek
   <dd>
     <b>moderate: </b>
     <b>
+      <a name="CVE-2014-0118"/>
       <name name="CVE-2014-0118">mod_deflate denial of service</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0118">CVE-2014-0118</a>
@@ -867,6 +893,7 @@ This issue was reported by Giancarlo Pel
   <dd>
     <b>moderate: </b>
     <b>
+      <a name="CVE-2014-0226"/>
       <name name="CVE-2014-0226">mod_status buffer overflow</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0226">CVE-2014-0226</a>
@@ -897,6 +924,7 @@ Fixed in Apache httpd 2.4.7</h1><dl>
   <dd>
     <b>low: </b>
     <b>
+      <a name="CVE-2013-4352"/>
       <name name="CVE-2013-4352">mod_cache crash</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4352">CVE-2013-4352</a>
@@ -920,6 +948,7 @@ Fixed in Apache httpd 2.4.9</h1><dl>
   <dd>
     <b>low: </b>
     <b>
+      <a name="CVE-2014-0098"/>
       <name name="CVE-2014-0098">mod_log_config crash</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0098">CVE-2014-0098</a>
@@ -945,6 +974,7 @@ This issue was reported by Rainer M Cana
   <dd>
     <b>moderate: </b>
     <b>
+      <a name="CVE-2013-6438"/>
       <name name="CVE-2013-6438">mod_dav crash</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6438">CVE-2013-6438</a>
@@ -973,6 +1003,7 @@ Fixed in Apache httpd 2.4.6</h1><dl>
   <dd>
     <b>moderate: </b>
     <b>
+      <a name="CVE-2013-1896"/>
       <name name="CVE-2013-1896">mod_dav crash</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1896">CVE-2013-1896</a>
@@ -998,6 +1029,7 @@ This issue was reported by Ben Reser
   <dd>
     <b>moderate: </b>
     <b>
+      <a name="CVE-2013-2249"/>
       <name name="CVE-2013-2249">mod_session_dbd session fixation flaw</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2249">CVE-2013-2249</a>
@@ -1025,6 +1057,7 @@ Fixed in Apache httpd 2.4.4</h1><dl>
   <dd>
     <b>low: </b>
     <b>
+      <a name="CVE-2012-3499"/>
       <name name="CVE-2012-3499">XSS due to unescaped hostnames</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3499">CVE-2012-3499</a>
@@ -1049,6 +1082,7 @@ This issue was reported by Niels Heinen
   <dd>
     <b>moderate: </b>
     <b>
+      <a name="CVE-2012-4558"/>
       <name name="CVE-2012-4558">XSS in mod_proxy_balancer</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4558">CVE-2012-4558</a>
@@ -1074,6 +1108,7 @@ Fixed in Apache httpd 2.4.3</h1><dl>
   <dd>
     <b>important: </b>
     <b>
+      <a name="CVE-2012-3502"/>
       <name name="CVE-2012-3502">Response mixup when using mod_proxy_ajp or mod_proxy_http</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3502">CVE-2012-3502</a>
@@ -1094,6 +1129,7 @@ between users.
   <dd>
     <b>low: </b>
     <b>
+      <a name="CVE-2012-2687"/>
       <name name="CVE-2012-2687">XSS in mod_negotiation when untrusted uploads are
supported</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2687">CVE-2012-2687</a>
@@ -1116,6 +1152,7 @@ Fixed in Apache httpd 2.4.2</h1><dl>
   <dd>
     <b>low: </b>
     <b>
+      <a name="CVE-2012-0883"/>
       <name name="CVE-2012-0883">insecure LD_LIBRARY_PATH handling</name>
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0883">CVE-2012-0883</a>



Mime
View raw message