Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id A3DC1200CD2 for ; Thu, 27 Jul 2017 22:26:12 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id A1F7316B8A5; Thu, 27 Jul 2017 20:26:12 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 1CF5516B8A4 for ; Thu, 27 Jul 2017 22:26:10 +0200 (CEST) Received: (qmail 50792 invoked by uid 500); 27 Jul 2017 20:26:10 -0000 Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list cvs@httpd.apache.org Received: (qmail 50783 invoked by uid 99); 27 Jul 2017 20:26:10 -0000 Received: from Unknown (HELO svn01-us-west.apache.org) (209.188.14.144) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 27 Jul 2017 20:26:10 +0000 Received: from svn01-us-west.apache.org (localhost [127.0.0.1]) by svn01-us-west.apache.org (ASF Mail Server at svn01-us-west.apache.org) with ESMTP id 8AAAB3A0167 for ; Thu, 27 Jul 2017 20:26:09 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: svn commit: r1016055 - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.page/securitydb.xsl security/vulnerabilities_22.html security/vulnerabilities_24.html Date: Thu, 27 Jul 2017 20:26:09 -0000 To: cvs@httpd.apache.org From: buildbot@apache.org X-Mailer: svnmailer-1.0.9 Message-Id: <20170727202609.8AAAB3A0167@svn01-us-west.apache.org> archived-at: Thu, 27 Jul 2017 20:26:12 -0000 Author: buildbot Date: Thu Jul 27 20:26:09 2017 New Revision: 1016055 Log: Staging update by buildbot for httpd Modified: websites/staging/httpd/trunk/content/ (props changed) websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.page/securitydb.xsl websites/staging/httpd/trunk/content/security/vulnerabilities_22.html websites/staging/httpd/trunk/content/security/vulnerabilities_24.html Propchange: websites/staging/httpd/trunk/content/ ------------------------------------------------------------------------------ --- cms:source-revision (original) +++ cms:source-revision Thu Jul 27 20:26:09 2017 @@ -1 +1 @@ -1803229 +1803232 Modified: websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.page/securitydb.xsl ============================================================================== Binary files - no diff available. Modified: websites/staging/httpd/trunk/content/security/vulnerabilities_22.html ============================================================================== --- websites/staging/httpd/trunk/content/security/vulnerabilities_22.html (original) +++ websites/staging/httpd/trunk/content/security/vulnerabilities_22.html Thu Jul 27 20:26:09 2017 @@ -109,8 +109,8 @@ these vulnerabilities to the Fixed in Apache httpd 2.2.34
-

important: - Uninitialized memory reflection in mod_auth_digest +

important: + Uninitialized memory reflection in mod_auth_digest (CVE-2017-9788)

@@ -150,8 +150,8 @@ We would like to thank Robert Świę
-

important: - ap_get_basic_auth_pw() Authentication Bypass +

important: + ap_get_basic_auth_pw() Authentication Bypass (CVE-2017-3167)

@@ -191,8 +191,8 @@ We would like to thank Emmanuel Dreyfus
-

important: - mod_ssl Null Pointer Dereference +

important: + mod_ssl Null Pointer Dereference (CVE-2017-3169)

@@ -225,8 +225,8 @@ reporting this issue.
-

important: - ap_find_token() Buffer Overread +

important: + ap_find_token() Buffer Overread (CVE-2017-7668)

@@ -262,8 +262,8 @@ issue.
-

important: - mod_mime Buffer Overread +

important: + mod_mime Buffer Overread (CVE-2017-7679)

@@ -297,8 +297,8 @@ We would like to thank ChenQin and Hanno

Fixed in Apache httpd 2.2.32

-

important: - Apache HTTP Request Parsing Whitespace Defects +

important: + Apache HTTP Request Parsing Whitespace Defects (CVE-2016-8743)

@@ -379,8 +379,8 @@ as well as Régis Leroy for each repor
-

n/a: - HTTP_PROXY environment variable "httpoxy" mitigation +

n/a: + HTTP_PROXY environment variable "httpoxy" mitigation (CVE-2016-5387)

@@ -422,8 +422,8 @@ for reporting and proposing a fix for th

Fixed in Apache httpd 2.2.31

-

low: - HTTP request smuggling attack against chunked request parser +

low: + HTTP request smuggling attack against chunked request parser (CVE-2015-3183)

@@ -461,8 +461,8 @@ This issue was reported by Régis Lero

Fixed in Apache httpd 2.2.29

-

important: - mod_cgid denial of service +

important: + mod_cgid denial of service (CVE-2014-0231)

@@ -496,8 +496,8 @@ This issue was reported by Rainer Jung o
-

low: - HTTP Trailers processing bypass +

low: + HTTP Trailers processing bypass (CVE-2013-5704)

@@ -531,8 +531,8 @@ This issue was reported by Martin Holst
-

moderate: - mod_deflate denial of service +

moderate: + mod_deflate denial of service (CVE-2014-0118)

@@ -567,8 +567,8 @@ This issue was reported by Giancarlo Pel
-

moderate: - mod_status buffer overflow +

moderate: + mod_status buffer overflow (CVE-2014-0226)

@@ -606,8 +606,8 @@ This issue was reported by Marek Kroemek

Fixed in Apache httpd 2.2.27

-

low: - mod_log_config crash +

low: + mod_log_config crash (CVE-2014-0098)

@@ -640,8 +640,8 @@ This issue was reported by Rainer M Cana
-

moderate: - mod_dav crash +

moderate: + mod_dav crash (CVE-2013-6438)

@@ -677,8 +677,8 @@ This issue was reported by Ning Zhang &a

Fixed in Apache httpd 2.2.25

-

low: - mod_rewrite log escape filtering +

low: + mod_rewrite log escape filtering (CVE-2013-1862)

@@ -712,8 +712,8 @@ This issue was reported by Ramiro Molina
-

moderate: - mod_dav crash +

moderate: + mod_dav crash (CVE-2013-1896)

@@ -748,8 +748,8 @@ This issue was reported by Ben Reser

Fixed in Apache httpd 2.2.24

-

low: - XSS due to unescaped hostnames +

low: + XSS due to unescaped hostnames (CVE-2012-3499)

@@ -781,8 +781,8 @@ This issue was reported by Niels Heinen
-

moderate: - XSS in mod_proxy_balancer +

moderate: + XSS in mod_proxy_balancer (CVE-2012-4558)

@@ -815,8 +815,8 @@ This issue was reported by Niels Heinen

Fixed in Apache httpd 2.2.23

-

low: - XSS in mod_negotiation when untrusted uploads are supported +

low: + XSS in mod_negotiation when untrusted uploads are supported (CVE-2012-2687)

@@ -846,8 +846,8 @@ untrusted uploads to locations which hav
-

low: - insecure LD_LIBRARY_PATH handling +

low: + insecure LD_LIBRARY_PATH handling (CVE-2012-0883)

@@ -880,8 +880,8 @@ administrator runs apachectl from an unt

Fixed in Apache httpd 2.2.22

-

low: - mod_proxy_ajp remote DoS +

low: + mod_proxy_ajp remote DoS (CVE-2012-4557)

@@ -913,8 +913,8 @@ temporary denial of service.

-

low: - mod_setenvif .htaccess privilege escalation +

low: + mod_setenvif .htaccess privilege escalation (CVE-2011-3607)

@@ -947,8 +947,8 @@ This issue was reported by halfdog
-

low: - mod_log_config crash +

low: + mod_log_config crash (CVE-2012-0021)

@@ -978,8 +978,8 @@ This crash would only be a denial of ser
-

low: - scoreboard parent DoS +

low: + scoreboard parent DoS (CVE-2012-0031)

@@ -1012,8 +1012,8 @@ This issue was reported by halfdog
-

moderate: - mod_proxy reverse proxy exposure +

moderate: + mod_proxy reverse proxy exposure (CVE-2011-4317)

@@ -1049,8 +1049,8 @@ This issue was reported by Prutha Parikh
-

moderate: - error responses can expose cookies +

moderate: + error responses can expose cookies (CVE-2012-0053)

@@ -1083,8 +1083,8 @@ This issue was reported by Norman Hipper
-

moderate: - mod_proxy reverse proxy exposure +

moderate: + mod_proxy reverse proxy exposure (CVE-2011-3368)

@@ -1121,8 +1121,8 @@ This issue was reported by Context Infor

Fixed in Apache httpd 2.2.21

-

moderate: - mod_proxy_ajp remote DoS +

moderate: + mod_proxy_ajp remote DoS (CVE-2011-3348)

@@ -1155,8 +1155,8 @@ This could lead to a temporary denial of

Fixed in Apache httpd 2.2.20

-

important: - Range header remote DoS +

important: + Range header remote DoS (CVE-2011-3192)

@@ -1188,8 +1188,8 @@ Advisory: CV

Fixed in Apache httpd 2.2.19

-

moderate: - apr_fnmatch flaw leads to mod_autoindex remote DoS +

moderate: + apr_fnmatch flaw leads to mod_autoindex remote DoS (CVE-2011-0419)

@@ -1235,8 +1235,8 @@ This issue was reported by Maksymilian A

Fixed in Apache httpd 2.2.17

-

low: - expat DoS +

low: + expat DoS (CVE-2009-3720)

@@ -1268,8 +1268,8 @@ be a denial of service if using the work
-

low: - expat DoS +

low: + expat DoS (CVE-2009-3560)

@@ -1301,8 +1301,8 @@ be a denial of service if using the work
-

low: - apr_bridage_split_line DoS +

low: + apr_bridage_split_line DoS (CVE-2010-1623)

@@ -1336,8 +1336,8 @@ service.

Fixed in Apache httpd 2.2.16

-

important: - Timeout detection flaw (mod_proxy_http) +

important: + Timeout detection flaw (mod_proxy_http) (CVE-2010-2068)

@@ -1380,8 +1380,8 @@ reporting of this issue.
-

low: - mod_cache and mod_dav DoS +

low: + mod_cache and mod_dav DoS (CVE-2010-1452)

@@ -1421,8 +1421,8 @@ This issue was reported by Mark Drayton.

Fixed in Apache httpd 2.2.15

-

important: - mod_isapi module unload flaw +

important: + mod_isapi module unload flaw (CVE-2010-0425)

@@ -1459,8 +1459,8 @@ proposing a patch fix for this issue.
-

low: - Subrequest handling of request headers (mod_headers) +

low: + Subrequest handling of request headers (mod_headers) (CVE-2010-0434)

@@ -1497,8 +1497,8 @@ fix for this issue.
-

moderate: - mod_proxy_ajp DoS +

moderate: + mod_proxy_ajp DoS (CVE-2010-0408)

@@ -1535,8 +1535,8 @@ proposing a patch fix for this issue.

Fixed in Apache httpd 2.2.14

-

low: - mod_proxy_ftp DoS +

low: + mod_proxy_ftp DoS (CVE-2009-3094)

@@ -1568,8 +1568,8 @@ service.
-

low: - mod_proxy_ftp FTP command injection +

low: + mod_proxy_ftp FTP command injection (CVE-2009-3095)

@@ -1597,8 +1597,8 @@ to the FTP server.
-

moderate: - Solaris pollset DoS +

moderate: + Solaris pollset DoS (CVE-2009-2699)

@@ -1630,8 +1630,8 @@ event MPMs, resulting in a denial of ser

Fixed in Apache httpd 2.2.13

-

low: - APR apr_palloc heap overflow +

low: + APR apr_palloc heap overflow (CVE-2009-2412)

@@ -1666,8 +1666,8 @@ in a vulnerable way.

Fixed in Apache httpd 2.2.12

-

important: - mod_proxy reverse proxy DoS +

important: + mod_proxy reverse proxy DoS (CVE-2009-1890)

@@ -1697,8 +1697,8 @@ force a proxy process to consume large a
-

important: - mod_proxy_ajp information disclosure +

important: + mod_proxy_ajp information disclosure (CVE-2009-1191)

@@ -1729,8 +1729,8 @@ could return a response intended for ano
-

low: - mod_deflate DoS +

low: + mod_deflate DoS (CVE-2009-1891)

@@ -1758,8 +1758,8 @@ file.

-

low: - AllowOverride Options handling bypass +

low: + AllowOverride Options handling bypass (CVE-2009-1195)

@@ -1790,8 +1790,8 @@ from executing commands from a Server-Si
-

low: - CRLF injection in mod_negotiation when untrusted uploads are supported +

low: + CRLF injection in mod_negotiation when untrusted uploads are supported (CVE-2008-0456)

@@ -1821,8 +1821,8 @@ MultiViews enabled.
-

moderate: - APR-util off-by-one overflow +

moderate: + APR-util off-by-one overflow (CVE-2009-1956)

@@ -1851,8 +1851,8 @@ or a denial of service.
-

moderate: - APR-util XML DoS +

moderate: + APR-util XML DoS (CVE-2009-1955)

@@ -1884,8 +1884,8 @@ engine.
-

moderate: - APR-util heap underwrite +

moderate: + APR-util heap underwrite (CVE-2009-0023)

@@ -1919,8 +1919,8 @@ processed by the pattern preparation eng

Fixed in Apache httpd 2.2.10

-

important: - Timeout detection flaw (mod_proxy_http) +

important: + Timeout detection flaw (mod_proxy_http) (CVE-2010-2791)

@@ -1950,8 +1950,8 @@ globally configure:

-

low: - mod_proxy_ftp globbing XSS +

low: + mod_proxy_ftp globbing XSS (CVE-2008-2939)

@@ -1983,8 +1983,8 @@ to cross-site scripting (XSS) attacks.

Fixed in Apache httpd 2.2.9

-

low: - mod_proxy_balancer CSRF +

low: + mod_proxy_balancer CSRF (CVE-2007-6420)

@@ -2013,8 +2013,8 @@ vulnerable to cross-site request forgery
-

moderate: - mod_proxy_http DoS +

moderate: + mod_proxy_http DoS (CVE-2008-2364)

@@ -2045,8 +2045,8 @@ could cause a denial of service or high

Fixed in Apache httpd 2.2.8

-

low: - mod_proxy_ftp UTF-7 XSS +

low: + mod_proxy_ftp UTF-7 XSS (CVE-2008-0005)

@@ -2078,8 +2078,8 @@ RFC 2616.
-

low: - mod_proxy_balancer DoS +

low: + mod_proxy_balancer DoS (CVE-2007-6422)

@@ -2110,8 +2110,8 @@ threaded Multi-Processing Module.

-

low: - mod_proxy_balancer XSS +

low: + mod_proxy_balancer XSS (CVE-2007-6421)

@@ -2140,8 +2140,8 @@ authorized user is possible.

-

moderate: - mod_status XSS +

moderate: + mod_status XSS (CVE-2007-6388)

@@ -2171,8 +2171,8 @@ Note that the server-status page is not
-

moderate: - mod_imagemap XSS +

moderate: + mod_imagemap XSS (CVE-2007-5000)

@@ -2203,8 +2203,8 @@ cross-site scripting attack is possible.

Fixed in Apache httpd 2.2.6

-

moderate: - mod_proxy crash +

moderate: + mod_proxy crash (CVE-2007-3847)

@@ -2233,8 +2233,8 @@ using a threaded Multi-Processing Module
-

moderate: - mod_status cross-site scripting +

moderate: + mod_status cross-site scripting (CVE-2006-5752)

@@ -2266,8 +2266,8 @@ this publicly available.

-

moderate: - Signals to arbitrary processes +

moderate: + Signals to arbitrary processes (CVE-2007-3304)

@@ -2297,8 +2297,8 @@ terminated which could lead to a denial
-

moderate: - mod_cache information leak +

moderate: + mod_cache information leak (CVE-2007-1862)

@@ -2328,8 +2328,8 @@ used by remote attackers to obtain poten
-

moderate: - mod_cache proxy DoS +

moderate: + mod_cache proxy DoS (CVE-2007-1863)

@@ -2361,8 +2361,8 @@ Multi-Processing Module.


Fixed in Apache httpd 2.2.3

-

important: - mod_rewrite off-by-one error +

important: + mod_rewrite off-by-one error (CVE-2006-3747)

@@ -2398,8 +2398,8 @@ processes) or potentially allow arbitrar

Fixed in Apache httpd 2.2.2

-

low: - mod_ssl access control DoS +

low: + mod_ssl access control DoS (CVE-2005-3357)

@@ -2431,8 +2431,8 @@ crash would only be a denial of service
-

moderate: - mod_imap Referer Cross-Site Scripting +

moderate: + mod_imap Referer Cross-Site Scripting (CVE-2005-3352)

Modified: websites/staging/httpd/trunk/content/security/vulnerabilities_24.html ============================================================================== --- websites/staging/httpd/trunk/content/security/vulnerabilities_24.html (original) +++ websites/staging/httpd/trunk/content/security/vulnerabilities_24.html Thu Jul 27 20:26:09 2017 @@ -109,8 +109,8 @@ these vulnerabilities to the Apache httpd 2.2 vulnerabilities list for more information.


Fixed in Apache httpd 2.4.27

-

important: - Read after free in mod_http2 +

important: + Read after free in mod_http2 (CVE-2017-9789)

@@ -143,8 +143,8 @@ We would like to thank Robert Świę
-

important: - Uninitialized memory reflection in mod_auth_digest +

important: + Uninitialized memory reflection in mod_auth_digest (CVE-2017-9788)

@@ -186,8 +186,8 @@ We would like to thank Robert Świę

Fixed in Apache httpd 2.4.26

-

important: - ap_get_basic_auth_pw() Authentication Bypass +

important: + ap_get_basic_auth_pw() Authentication Bypass (CVE-2017-3167)

@@ -227,8 +227,8 @@ We would like to thank Emmanuel Dreyfus
-

important: - mod_ssl Null Pointer Dereference +

important: + mod_ssl Null Pointer Dereference (CVE-2017-3169)

@@ -261,8 +261,8 @@ reporting this issue.
-

important: - mod_http2 Null Pointer Dereference +

important: + mod_http2 Null Pointer Dereference (CVE-2017-7659)

@@ -294,8 +294,8 @@ We would like to thank Robert Świę
-

important: - ap_find_token() Buffer Overread +

important: + ap_find_token() Buffer Overread (CVE-2017-7668)

@@ -331,8 +331,8 @@ issue.
-

important: - mod_mime Buffer Overread +

important: + mod_mime Buffer Overread (CVE-2017-7679)

@@ -366,8 +366,8 @@ We would like to thank ChenQin and Hanno

Fixed in Apache httpd 2.4.25

-

important: - Apache HTTP Request Parsing Whitespace Defects +

important: + Apache HTTP Request Parsing Whitespace Defects (CVE-2016-8743)

@@ -448,8 +448,8 @@ as well as Régis Leroy for each repor
-

low: - HTTP/2 CONTINUATION denial of service +

low: + HTTP/2 CONTINUATION denial of service (CVE-2016-8740)

@@ -485,8 +485,8 @@ and CDF/SEFCOM at Arizona State Universi
-

low: - DoS vulnerability in mod_auth_digest +

low: + DoS vulnerability in mod_auth_digest (CVE-2016-2161)

@@ -518,8 +518,8 @@ We would like to thank Maksim Malyutin f
-

low: - Padding Oracle in Apache mod_session_crypto +

low: + Padding Oracle in Apache mod_session_crypto (CVE-2016-0736)

@@ -556,8 +556,8 @@ this issue.
-

n/a: - HTTP_PROXY environment variable "httpoxy" mitigation +

n/a: + HTTP_PROXY environment variable "httpoxy" mitigation (CVE-2016-5387)

@@ -605,8 +605,8 @@ for reporting and proposing a fix for th

Fixed in Apache httpd 2.4.23

-

important: - TLS/SSL X.509 client certificate auth bypass with HTTP/2 +

important: + TLS/SSL X.509 client certificate auth bypass with HTTP/2 (CVE-2016-4979)

@@ -644,8 +644,8 @@ This issue was reported by Erki Aring.

Fixed in Apache httpd 2.4.20

-

low: - mod_http2: denial of service by thread starvation +

low: + mod_http2: denial of service by thread starvation (CVE-2016-1546)

@@ -683,8 +683,8 @@ This issue was reported by Noam Mazor.

Fixed in Apache httpd 2.4.16

-

low: - mod_lua: Crash in websockets PING handling +

low: + mod_lua: Crash in websockets PING handling (CVE-2015-0228)

@@ -720,8 +720,8 @@ This issue was reported by Guido Vranken
-

low: - Crash in ErrorDocument 400 handling +

low: + Crash in ErrorDocument 400 handling (CVE-2015-0253)

@@ -755,8 +755,8 @@ This issue was reported by Guido Vranken
-

low: - HTTP request smuggling attack against chunked request parser +

low: + HTTP request smuggling attack against chunked request parser (CVE-2015-3183)

@@ -792,8 +792,8 @@ This issue was reported by Régis Lero
-

low: - ap_some_auth_required API unusable +

low: + ap_some_auth_required API unusable (CVE-2015-3185)

@@ -837,8 +837,8 @@ This issue was reported by Ben Reser.

Fixed in Apache httpd 2.4.12

-

low: - mod_lua multiple "Require" directive handling is broken +

low: + mod_lua multiple "Require" directive handling is broken (CVE-2014-8109)

@@ -864,8 +864,8 @@ lead to different authentication rules t
-

low: - mod_proxy_fcgi out-of-bounds memory read +

low: + mod_proxy_fcgi out-of-bounds memory read (CVE-2014-3583)

@@ -899,8 +899,8 @@ This issue was reported by Teguh P. Alko
-

low: - mod_cache crash with empty Content-Type header +

low: + mod_cache crash with empty Content-Type header (CVE-2014-3581)

@@ -926,8 +926,8 @@ This crash would only be a denial of ser
-

low: - HTTP Trailers processing bypass +

low: + HTTP Trailers processing bypass (CVE-2013-5704)

@@ -963,8 +963,8 @@ This issue was reported by Martin Holst

Fixed in Apache httpd 2.4.10

-

important: - mod_cgid denial of service +

important: + mod_cgid denial of service (CVE-2014-0231)

@@ -998,8 +998,8 @@ This issue was reported by Rainer Jung o
-

important: - WinNT MPM denial of service +

important: + WinNT MPM denial of service (CVE-2014-3523)

@@ -1033,8 +1033,8 @@ This issue was reported by Jeff Trawick
-

moderate: - mod_proxy denial of service +

moderate: + mod_proxy denial of service (CVE-2014-0117)

@@ -1067,8 +1067,8 @@ This issue was reported by Marek Kroemek
-

moderate: - mod_deflate denial of service +

moderate: + mod_deflate denial of service (CVE-2014-0118)

@@ -1103,8 +1103,8 @@ This issue was reported by Giancarlo Pel
-

moderate: - mod_status buffer overflow +

moderate: + mod_status buffer overflow (CVE-2014-0226)

@@ -1142,8 +1142,8 @@ This issue was reported by Marek Kroemek

Fixed in Apache httpd 2.4.7

-

low: - mod_cache crash +

low: + mod_cache crash (CVE-2013-4352)

@@ -1176,8 +1176,8 @@ security impact was not disclosed at the

Fixed in Apache httpd 2.4.9

-

low: - mod_log_config crash +

low: + mod_log_config crash (CVE-2014-0098)

@@ -1210,8 +1210,8 @@ This issue was reported by Rainer M Cana
-

moderate: - mod_dav crash +

moderate: + mod_dav crash (CVE-2013-6438)

@@ -1247,8 +1247,8 @@ This issue was reported by Ning Zhang &a

Fixed in Apache httpd 2.4.6

-

moderate: - mod_dav crash +

moderate: + mod_dav crash (CVE-2013-1896)

@@ -1281,8 +1281,8 @@ This issue was reported by Ben Reser
-

moderate: - mod_session_dbd session fixation flaw +

moderate: + mod_session_dbd session fixation flaw (CVE-2013-2249)

@@ -1317,8 +1317,8 @@ This issue was reported by Takashi Sato

Fixed in Apache httpd 2.4.4

-

low: - XSS due to unescaped hostnames +

low: + XSS due to unescaped hostnames (CVE-2012-3499)

@@ -1350,8 +1350,8 @@ This issue was reported by Niels Heinen
-

moderate: - XSS in mod_proxy_balancer +

moderate: + XSS in mod_proxy_balancer (CVE-2012-4558)

@@ -1384,8 +1384,8 @@ This issue was reported by Niels Heinen

Fixed in Apache httpd 2.4.3

-

important: - Response mixup when using mod_proxy_ajp or mod_proxy_http +

important: + Response mixup when using mod_proxy_ajp or mod_proxy_http (CVE-2012-3502)

@@ -1412,8 +1412,8 @@ between users.
-

low: - XSS in mod_negotiation when untrusted uploads are supported +

low: + XSS in mod_negotiation when untrusted uploads are supported (CVE-2012-2687)

@@ -1445,8 +1445,8 @@ untrusted uploads to locations which hav

Fixed in Apache httpd 2.4.2

-

low: - insecure LD_LIBRARY_PATH handling +

low: + insecure LD_LIBRARY_PATH handling (CVE-2012-0883)