Return-Path:
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
by cust-asf2.ponee.io (Postfix) with ESMTP id A3DC1200CD2
for ; Thu, 27 Jul 2017 22:26:12 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
id A1F7316B8A5; Thu, 27 Jul 2017 20:26:12 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
by cust-asf.ponee.io (Postfix) with SMTP id 1CF5516B8A4
for ; Thu, 27 Jul 2017 22:26:10 +0200 (CEST)
Received: (qmail 50792 invoked by uid 500); 27 Jul 2017 20:26:10 -0000
Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help:
list-unsubscribe:
List-Post:
List-Id:
Delivered-To: mailing list cvs@httpd.apache.org
Received: (qmail 50783 invoked by uid 99); 27 Jul 2017 20:26:10 -0000
Received: from Unknown (HELO svn01-us-west.apache.org) (209.188.14.144)
by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 27 Jul 2017 20:26:10 +0000
Received: from svn01-us-west.apache.org (localhost [127.0.0.1])
by svn01-us-west.apache.org (ASF Mail Server at svn01-us-west.apache.org) with ESMTP id 8AAAB3A0167
for ; Thu, 27 Jul 2017 20:26:09 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Subject: svn commit: r1016055 - in /websites/staging/httpd/trunk/content: ./
security/vulnerabilities-httpd.page/securitydb.xsl
security/vulnerabilities_22.html security/vulnerabilities_24.html
Date: Thu, 27 Jul 2017 20:26:09 -0000
To: cvs@httpd.apache.org
From: buildbot@apache.org
X-Mailer: svnmailer-1.0.9
Message-Id: <20170727202609.8AAAB3A0167@svn01-us-west.apache.org>
archived-at: Thu, 27 Jul 2017 20:26:12 -0000
Author: buildbot
Date: Thu Jul 27 20:26:09 2017
New Revision: 1016055
Log:
Staging update by buildbot for httpd
Modified:
websites/staging/httpd/trunk/content/ (props changed)
websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.page/securitydb.xsl
websites/staging/httpd/trunk/content/security/vulnerabilities_22.html
websites/staging/httpd/trunk/content/security/vulnerabilities_24.html
Propchange: websites/staging/httpd/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Thu Jul 27 20:26:09 2017
@@ -1 +1 @@
-1803229
+1803232
Modified: websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.page/securitydb.xsl
==============================================================================
Binary files - no diff available.
Modified: websites/staging/httpd/trunk/content/security/vulnerabilities_22.html
==============================================================================
--- websites/staging/httpd/trunk/content/security/vulnerabilities_22.html (original)
+++ websites/staging/httpd/trunk/content/security/vulnerabilities_22.html Thu Jul 27 20:26:09 2017
@@ -109,8 +109,8 @@ these vulnerabilities to the
Fixed in Apache httpd 2.2.34
-
-
important:
- Uninitialized memory reflection in mod_auth_digest
+ important:
+ Uninitialized memory reflection in mod_auth_digest
(CVE-2017-9788)
@@ -150,8 +150,8 @@ We would like to thank Robert ÅwiÄ
-
-
important:
- ap_get_basic_auth_pw() Authentication Bypass
+ important:
+ ap_get_basic_auth_pw() Authentication Bypass
(CVE-2017-3167)
@@ -191,8 +191,8 @@ We would like to thank Emmanuel Dreyfus
-
-
important:
- mod_ssl Null Pointer Dereference
+ important:
+ mod_ssl Null Pointer Dereference
(CVE-2017-3169)
@@ -225,8 +225,8 @@ reporting this issue.
-
-
important:
- ap_find_token() Buffer Overread
+ important:
+ ap_find_token() Buffer Overread
(CVE-2017-7668)
@@ -262,8 +262,8 @@ issue.
-
-
important:
- mod_mime Buffer Overread
+ important:
+ mod_mime Buffer Overread
(CVE-2017-7679)
@@ -297,8 +297,8 @@ We would like to thank ChenQin and Hanno
Fixed in Apache httpd 2.2.32
-
-
important:
- Apache HTTP Request Parsing Whitespace Defects
+ important:
+ Apache HTTP Request Parsing Whitespace Defects
(CVE-2016-8743)
@@ -379,8 +379,8 @@ as well as Régis Leroy for each repor
-
-
n/a:
- HTTP_PROXY environment variable "httpoxy" mitigation
+ n/a:
+ HTTP_PROXY environment variable "httpoxy" mitigation
(CVE-2016-5387)
@@ -422,8 +422,8 @@ for reporting and proposing a fix for th
Fixed in Apache httpd 2.2.31
-
-
low:
- HTTP request smuggling attack against chunked request parser
+ low:
+ HTTP request smuggling attack against chunked request parser
(CVE-2015-3183)
@@ -461,8 +461,8 @@ This issue was reported by Régis Lero
Fixed in Apache httpd 2.2.29
-
-
important:
- mod_cgid denial of service
+ important:
+ mod_cgid denial of service
(CVE-2014-0231)
@@ -496,8 +496,8 @@ This issue was reported by Rainer Jung o
-
-
low:
- HTTP Trailers processing bypass
+ low:
+ HTTP Trailers processing bypass
(CVE-2013-5704)
@@ -531,8 +531,8 @@ This issue was reported by Martin Holst
-
-
moderate:
- mod_deflate denial of service
+ moderate:
+ mod_deflate denial of service
(CVE-2014-0118)
@@ -567,8 +567,8 @@ This issue was reported by Giancarlo Pel
-
-
moderate:
- mod_status buffer overflow
+ moderate:
+ mod_status buffer overflow
(CVE-2014-0226)
@@ -606,8 +606,8 @@ This issue was reported by Marek Kroemek
Fixed in Apache httpd 2.2.27
-
-
low:
- mod_log_config crash
+ low:
+ mod_log_config crash
(CVE-2014-0098)
@@ -640,8 +640,8 @@ This issue was reported by Rainer M Cana
-
-
moderate:
- mod_dav crash
+ moderate:
+ mod_dav crash
(CVE-2013-6438)
@@ -677,8 +677,8 @@ This issue was reported by Ning Zhang &a
Fixed in Apache httpd 2.2.25
-
-
low:
- mod_rewrite log escape filtering
+ low:
+ mod_rewrite log escape filtering
(CVE-2013-1862)
@@ -712,8 +712,8 @@ This issue was reported by Ramiro Molina
-
-
moderate:
- mod_dav crash
+ moderate:
+ mod_dav crash
(CVE-2013-1896)
@@ -748,8 +748,8 @@ This issue was reported by Ben Reser
Fixed in Apache httpd 2.2.24
-
-
low:
- XSS due to unescaped hostnames
+ low:
+ XSS due to unescaped hostnames
(CVE-2012-3499)
@@ -781,8 +781,8 @@ This issue was reported by Niels Heinen
-
-
moderate:
- XSS in mod_proxy_balancer
+ moderate:
+ XSS in mod_proxy_balancer
(CVE-2012-4558)
@@ -815,8 +815,8 @@ This issue was reported by Niels Heinen
Fixed in Apache httpd 2.2.23
-
-
low:
- XSS in mod_negotiation when untrusted uploads are supported
+ low:
+ XSS in mod_negotiation when untrusted uploads are supported
(CVE-2012-2687)
@@ -846,8 +846,8 @@ untrusted uploads to locations which hav
-
-
low:
- insecure LD_LIBRARY_PATH handling
+ low:
+ insecure LD_LIBRARY_PATH handling
(CVE-2012-0883)
@@ -880,8 +880,8 @@ administrator runs apachectl from an unt
Fixed in Apache httpd 2.2.22
-
-
low:
- mod_proxy_ajp remote DoS
+ low:
+ mod_proxy_ajp remote DoS
(CVE-2012-4557)
@@ -913,8 +913,8 @@ temporary denial of service.
- low:
- mod_setenvif .htaccess privilege escalation
+ low:
+ mod_setenvif .htaccess privilege escalation
(CVE-2011-3607)
@@ -947,8 +947,8 @@ This issue was reported by halfdog
- low:
- mod_log_config crash
+ low:
+ mod_log_config crash
(CVE-2012-0021)
@@ -978,8 +978,8 @@ This crash would only be a denial of ser
- low:
- scoreboard parent DoS
+ low:
+ scoreboard parent DoS
(CVE-2012-0031)
@@ -1012,8 +1012,8 @@ This issue was reported by halfdog
- moderate:
- mod_proxy reverse proxy exposure
+ moderate:
+ mod_proxy reverse proxy exposure
(CVE-2011-4317)
@@ -1049,8 +1049,8 @@ This issue was reported by Prutha Parikh
- moderate:
- error responses can expose cookies
+ moderate:
+ error responses can expose cookies
(CVE-2012-0053)
@@ -1083,8 +1083,8 @@ This issue was reported by Norman Hipper
- moderate:
- mod_proxy reverse proxy exposure
+ moderate:
+ mod_proxy reverse proxy exposure
(CVE-2011-3368)
@@ -1121,8 +1121,8 @@ This issue was reported by Context Infor
Fixed in Apache httpd 2.2.21
-
-
moderate:
- mod_proxy_ajp remote DoS
+ moderate:
+ mod_proxy_ajp remote DoS
(CVE-2011-3348)
@@ -1155,8 +1155,8 @@ This could lead to a temporary denial of
Fixed in Apache httpd 2.2.20
-
-
important:
- Range header remote DoS
+ important:
+ Range header remote DoS
(CVE-2011-3192)
@@ -1188,8 +1188,8 @@ Advisory: CV
Fixed in Apache httpd 2.2.19
-
-
moderate:
- apr_fnmatch flaw leads to mod_autoindex remote DoS
+ moderate:
+ apr_fnmatch flaw leads to mod_autoindex remote DoS
(CVE-2011-0419)
@@ -1235,8 +1235,8 @@ This issue was reported by Maksymilian A
Fixed in Apache httpd 2.2.17
-
-
low:
- expat DoS
+
@@ -1268,8 +1268,8 @@ be a denial of service if using the work
-
-
low:
- expat DoS
+
@@ -1301,8 +1301,8 @@ be a denial of service if using the work
-
-
low:
- apr_bridage_split_line DoS
+ low:
+ apr_bridage_split_line DoS
(CVE-2010-1623)
@@ -1336,8 +1336,8 @@ service.
Fixed in Apache httpd 2.2.16
-
-
important:
- Timeout detection flaw (mod_proxy_http)
+ important:
+ Timeout detection flaw (mod_proxy_http)
(CVE-2010-2068)
@@ -1380,8 +1380,8 @@ reporting of this issue.
-
-
low:
- mod_cache and mod_dav DoS
+ low:
+ mod_cache and mod_dav DoS
(CVE-2010-1452)
@@ -1421,8 +1421,8 @@ This issue was reported by Mark Drayton.
Fixed in Apache httpd 2.2.15
-
-
important:
- mod_isapi module unload flaw
+ important:
+ mod_isapi module unload flaw
(CVE-2010-0425)
@@ -1459,8 +1459,8 @@ proposing a patch fix for this issue.
-
-
low:
- Subrequest handling of request headers (mod_headers)
+ low:
+ Subrequest handling of request headers (mod_headers)
(CVE-2010-0434)
@@ -1497,8 +1497,8 @@ fix for this issue.
-
-
moderate:
- mod_proxy_ajp DoS
+ moderate:
+ mod_proxy_ajp DoS
(CVE-2010-0408)
@@ -1535,8 +1535,8 @@ proposing a patch fix for this issue.
Fixed in Apache httpd 2.2.14
-
-
low:
- mod_proxy_ftp DoS
+ low:
+ mod_proxy_ftp DoS
(CVE-2009-3094)
@@ -1568,8 +1568,8 @@ service.
-
-
low:
- mod_proxy_ftp FTP command injection
+ low:
+ mod_proxy_ftp FTP command injection
(CVE-2009-3095)
@@ -1597,8 +1597,8 @@ to the FTP server.
-
-
moderate:
- Solaris pollset DoS
+ moderate:
+ Solaris pollset DoS
(CVE-2009-2699)
@@ -1630,8 +1630,8 @@ event MPMs, resulting in a denial of ser
Fixed in Apache httpd 2.2.13
-
-
low:
- APR apr_palloc heap overflow
+ low:
+ APR apr_palloc heap overflow
(CVE-2009-2412)
@@ -1666,8 +1666,8 @@ in a vulnerable way.
Fixed in Apache httpd 2.2.12
-
-
important:
- mod_proxy reverse proxy DoS
+ important:
+ mod_proxy reverse proxy DoS
(CVE-2009-1890)
@@ -1697,8 +1697,8 @@ force a proxy process to consume large a
-
-
important:
- mod_proxy_ajp information disclosure
+ important:
+ mod_proxy_ajp information disclosure
(CVE-2009-1191)
@@ -1729,8 +1729,8 @@ could return a response intended for ano
-
-
low:
- mod_deflate DoS
+
@@ -1758,8 +1758,8 @@ file.
-
-
low:
- AllowOverride Options handling bypass
+ low:
+ AllowOverride Options handling bypass
(CVE-2009-1195)
@@ -1790,8 +1790,8 @@ from executing commands from a Server-Si
-
-
low:
- CRLF injection in mod_negotiation when untrusted uploads are supported
+ low:
+ CRLF injection in mod_negotiation when untrusted uploads are supported
(CVE-2008-0456)
@@ -1821,8 +1821,8 @@ MultiViews enabled.
-
-
moderate:
- APR-util off-by-one overflow
+ moderate:
+ APR-util off-by-one overflow
(CVE-2009-1956)
@@ -1851,8 +1851,8 @@ or a denial of service.
-
-
moderate:
- APR-util XML DoS
+ moderate:
+ APR-util XML DoS
(CVE-2009-1955)
@@ -1884,8 +1884,8 @@ engine.
-
-
moderate:
- APR-util heap underwrite
+ moderate:
+ APR-util heap underwrite
(CVE-2009-0023)
@@ -1919,8 +1919,8 @@ processed by the pattern preparation eng
Fixed in Apache httpd 2.2.10
-
-
important:
- Timeout detection flaw (mod_proxy_http)
+ important:
+ Timeout detection flaw (mod_proxy_http)
(CVE-2010-2791)
@@ -1950,8 +1950,8 @@ globally configure:
-
-
low:
- mod_proxy_ftp globbing XSS
+ low:
+ mod_proxy_ftp globbing XSS
(CVE-2008-2939)
@@ -1983,8 +1983,8 @@ to cross-site scripting (XSS) attacks.
Fixed in Apache httpd 2.2.9
-
-
low:
- mod_proxy_balancer CSRF
+ low:
+ mod_proxy_balancer CSRF
(CVE-2007-6420)
@@ -2013,8 +2013,8 @@ vulnerable to cross-site request forgery
-
-
moderate:
- mod_proxy_http DoS
+ moderate:
+ mod_proxy_http DoS
(CVE-2008-2364)
@@ -2045,8 +2045,8 @@ could cause a denial of service or high
Fixed in Apache httpd 2.2.8
-
-
low:
- mod_proxy_ftp UTF-7 XSS
+ low:
+ mod_proxy_ftp UTF-7 XSS
(CVE-2008-0005)
@@ -2078,8 +2078,8 @@ RFC 2616.
-
-
low:
- mod_proxy_balancer DoS
+ low:
+ mod_proxy_balancer DoS
(CVE-2007-6422)
@@ -2110,8 +2110,8 @@ threaded Multi-Processing Module.
-
-
low:
- mod_proxy_balancer XSS
+ low:
+ mod_proxy_balancer XSS
(CVE-2007-6421)
@@ -2140,8 +2140,8 @@ authorized user is possible.
-
-
moderate:
- mod_status XSS
+ moderate:
+ mod_status XSS
(CVE-2007-6388)
@@ -2171,8 +2171,8 @@ Note that the server-status page is not
-
-
moderate:
- mod_imagemap XSS
+ moderate:
+ mod_imagemap XSS
(CVE-2007-5000)
@@ -2203,8 +2203,8 @@ cross-site scripting attack is possible.
Fixed in Apache httpd 2.2.6
-
-
moderate:
- mod_proxy crash
+ moderate:
+ mod_proxy crash
(CVE-2007-3847)
@@ -2233,8 +2233,8 @@ using a threaded Multi-Processing Module
-
-
moderate:
- mod_status cross-site scripting
+ moderate:
+ mod_status cross-site scripting
(CVE-2006-5752)
@@ -2266,8 +2266,8 @@ this publicly available.
-
-
moderate:
- Signals to arbitrary processes
+ moderate:
+ Signals to arbitrary processes
(CVE-2007-3304)
@@ -2297,8 +2297,8 @@ terminated which could lead to a denial
-
-
moderate:
- mod_cache information leak
+ moderate:
+ mod_cache information leak
(CVE-2007-1862)
@@ -2328,8 +2328,8 @@ used by remote attackers to obtain poten
-
-
moderate:
- mod_cache proxy DoS
+ moderate:
+ mod_cache proxy DoS
(CVE-2007-1863)
@@ -2361,8 +2361,8 @@ Multi-Processing Module.
Fixed in Apache httpd 2.2.3
-
-
important:
- mod_rewrite off-by-one error
+ important:
+ mod_rewrite off-by-one error
(CVE-2006-3747)
@@ -2398,8 +2398,8 @@ processes) or potentially allow arbitrar
Fixed in Apache httpd 2.2.2
-
-
low:
- mod_ssl access control DoS
+ low:
+ mod_ssl access control DoS
(CVE-2005-3357)
@@ -2431,8 +2431,8 @@ crash would only be a denial of service
-
-
moderate:
- mod_imap Referer Cross-Site Scripting
+ moderate:
+ mod_imap Referer Cross-Site Scripting
(CVE-2005-3352)
Modified: websites/staging/httpd/trunk/content/security/vulnerabilities_24.html
==============================================================================
--- websites/staging/httpd/trunk/content/security/vulnerabilities_24.html (original)
+++ websites/staging/httpd/trunk/content/security/vulnerabilities_24.html Thu Jul 27 20:26:09 2017
@@ -109,8 +109,8 @@ these vulnerabilities to the Apache httpd 2.2 vulnerabilities list for more information.
Fixed in Apache httpd 2.4.27
-
-
important:
- Read after free in mod_http2
+ important:
+ Read after free in mod_http2
(CVE-2017-9789)
@@ -143,8 +143,8 @@ We would like to thank Robert ÅwiÄ
-
-
important:
- Uninitialized memory reflection in mod_auth_digest
+ important:
+ Uninitialized memory reflection in mod_auth_digest
(CVE-2017-9788)
@@ -186,8 +186,8 @@ We would like to thank Robert ÅwiÄ
Fixed in Apache httpd 2.4.26
-
-
important:
- ap_get_basic_auth_pw() Authentication Bypass
+ important:
+ ap_get_basic_auth_pw() Authentication Bypass
(CVE-2017-3167)
@@ -227,8 +227,8 @@ We would like to thank Emmanuel Dreyfus
-
-
important:
- mod_ssl Null Pointer Dereference
+ important:
+ mod_ssl Null Pointer Dereference
(CVE-2017-3169)
@@ -261,8 +261,8 @@ reporting this issue.
-
-
important:
- mod_http2 Null Pointer Dereference
+ important:
+ mod_http2 Null Pointer Dereference
(CVE-2017-7659)
@@ -294,8 +294,8 @@ We would like to thank Robert ÅwiÄ
-
-
important:
- ap_find_token() Buffer Overread
+ important:
+ ap_find_token() Buffer Overread
(CVE-2017-7668)
@@ -331,8 +331,8 @@ issue.
-
-
important:
- mod_mime Buffer Overread
+ important:
+ mod_mime Buffer Overread
(CVE-2017-7679)
@@ -366,8 +366,8 @@ We would like to thank ChenQin and Hanno
Fixed in Apache httpd 2.4.25
-
-
important:
- Apache HTTP Request Parsing Whitespace Defects
+ important:
+ Apache HTTP Request Parsing Whitespace Defects
(CVE-2016-8743)
@@ -448,8 +448,8 @@ as well as Régis Leroy for each repor
-
-
low:
- HTTP/2 CONTINUATION denial of service
+ low:
+ HTTP/2 CONTINUATION denial of service
(CVE-2016-8740)
@@ -485,8 +485,8 @@ and CDF/SEFCOM at Arizona State Universi
-
-
low:
- DoS vulnerability in mod_auth_digest
+ low:
+ DoS vulnerability in mod_auth_digest
(CVE-2016-2161)
@@ -518,8 +518,8 @@ We would like to thank Maksim Malyutin f
-
-
low:
- Padding Oracle in Apache mod_session_crypto
+ low:
+ Padding Oracle in Apache mod_session_crypto
(CVE-2016-0736)
@@ -556,8 +556,8 @@ this issue.
-
-
n/a:
- HTTP_PROXY environment variable "httpoxy" mitigation
+ n/a:
+ HTTP_PROXY environment variable "httpoxy" mitigation
(CVE-2016-5387)
@@ -605,8 +605,8 @@ for reporting and proposing a fix for th
Fixed in Apache httpd 2.4.23
-
-
important:
- TLS/SSL X.509 client certificate auth bypass with HTTP/2
+ important:
+ TLS/SSL X.509 client certificate auth bypass with HTTP/2
(CVE-2016-4979)
@@ -644,8 +644,8 @@ This issue was reported by Erki Aring.
Fixed in Apache httpd 2.4.20
-
-
low:
- mod_http2: denial of service by thread starvation
+ low:
+ mod_http2: denial of service by thread starvation
(CVE-2016-1546)
@@ -683,8 +683,8 @@ This issue was reported by Noam Mazor.
Fixed in Apache httpd 2.4.16
-
-
low:
- mod_lua: Crash in websockets PING handling
+ low:
+ mod_lua: Crash in websockets PING handling
(CVE-2015-0228)
@@ -720,8 +720,8 @@ This issue was reported by Guido Vranken
-
-
low:
- Crash in ErrorDocument 400 handling
+ low:
+ Crash in ErrorDocument 400 handling
(CVE-2015-0253)
@@ -755,8 +755,8 @@ This issue was reported by Guido Vranken
-
-
low:
- HTTP request smuggling attack against chunked request parser
+ low:
+ HTTP request smuggling attack against chunked request parser
(CVE-2015-3183)
@@ -792,8 +792,8 @@ This issue was reported by Régis Lero
-
-
low:
- ap_some_auth_required API unusable
+ low:
+ ap_some_auth_required API unusable
(CVE-2015-3185)
@@ -837,8 +837,8 @@ This issue was reported by Ben Reser.
Fixed in Apache httpd 2.4.12
-
-
low:
- mod_lua multiple "Require" directive handling is broken
+ low:
+ mod_lua multiple "Require" directive handling is broken
(CVE-2014-8109)
@@ -864,8 +864,8 @@ lead to different authentication rules t
-
-
low:
- mod_proxy_fcgi out-of-bounds memory read
+ low:
+ mod_proxy_fcgi out-of-bounds memory read
(CVE-2014-3583)
@@ -899,8 +899,8 @@ This issue was reported by Teguh P. Alko
-
-
low:
- mod_cache crash with empty Content-Type header
+ low:
+ mod_cache crash with empty Content-Type header
(CVE-2014-3581)
@@ -926,8 +926,8 @@ This crash would only be a denial of ser
-
-
low:
- HTTP Trailers processing bypass
+ low:
+ HTTP Trailers processing bypass
(CVE-2013-5704)
@@ -963,8 +963,8 @@ This issue was reported by Martin Holst
Fixed in Apache httpd 2.4.10
-
-
important:
- mod_cgid denial of service
+ important:
+ mod_cgid denial of service
(CVE-2014-0231)
@@ -998,8 +998,8 @@ This issue was reported by Rainer Jung o
-
-
important:
- WinNT MPM denial of service
+ important:
+ WinNT MPM denial of service
(CVE-2014-3523)
@@ -1033,8 +1033,8 @@ This issue was reported by Jeff Trawick
-
-
moderate:
- mod_proxy denial of service
+ moderate:
+ mod_proxy denial of service
(CVE-2014-0117)
@@ -1067,8 +1067,8 @@ This issue was reported by Marek Kroemek
-
-
moderate:
- mod_deflate denial of service
+ moderate:
+ mod_deflate denial of service
(CVE-2014-0118)
@@ -1103,8 +1103,8 @@ This issue was reported by Giancarlo Pel
-
-
moderate:
- mod_status buffer overflow
+ moderate:
+ mod_status buffer overflow
(CVE-2014-0226)
@@ -1142,8 +1142,8 @@ This issue was reported by Marek Kroemek
Fixed in Apache httpd 2.4.7
-
-
low:
- mod_cache crash
+
@@ -1176,8 +1176,8 @@ security impact was not disclosed at the
Fixed in Apache httpd 2.4.9
-
-
low:
- mod_log_config crash
+ low:
+ mod_log_config crash
(CVE-2014-0098)
@@ -1210,8 +1210,8 @@ This issue was reported by Rainer M Cana
-
-
moderate:
- mod_dav crash
+ moderate:
+ mod_dav crash
(CVE-2013-6438)
@@ -1247,8 +1247,8 @@ This issue was reported by Ning Zhang &a
Fixed in Apache httpd 2.4.6
-
-
moderate:
- mod_dav crash
+ moderate:
+ mod_dav crash
(CVE-2013-1896)
@@ -1281,8 +1281,8 @@ This issue was reported by Ben Reser
-
-
moderate:
- mod_session_dbd session fixation flaw
+ moderate:
+ mod_session_dbd session fixation flaw
(CVE-2013-2249)
@@ -1317,8 +1317,8 @@ This issue was reported by Takashi Sato
Fixed in Apache httpd 2.4.4
-
-
low:
- XSS due to unescaped hostnames
+ low:
+ XSS due to unescaped hostnames
(CVE-2012-3499)
@@ -1350,8 +1350,8 @@ This issue was reported by Niels Heinen
-
-
moderate:
- XSS in mod_proxy_balancer
+ moderate:
+ XSS in mod_proxy_balancer
(CVE-2012-4558)
@@ -1384,8 +1384,8 @@ This issue was reported by Niels Heinen
Fixed in Apache httpd 2.4.3
-
-
important:
- Response mixup when using mod_proxy_ajp or mod_proxy_http
+ important:
+ Response mixup when using mod_proxy_ajp or mod_proxy_http
(CVE-2012-3502)
@@ -1412,8 +1412,8 @@ between users.
-
-
low:
- XSS in mod_negotiation when untrusted uploads are supported
+ low:
+ XSS in mod_negotiation when untrusted uploads are supported
(CVE-2012-2687)
@@ -1445,8 +1445,8 @@ untrusted uploads to locations which hav
Fixed in Apache httpd 2.4.2
-
-
low:
- insecure LD_LIBRARY_PATH handling
+ low:
+ insecure LD_LIBRARY_PATH handling
(CVE-2012-0883)