httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rainer Jung <rainer.j...@kippdata.de>
Subject Updating 2.4 security page
Date Tue, 21 Aug 2012 15:30:13 GMT
Now that 2.4.3 is released and annouced I'm in the process of updating 
the security page (the xml file with the known vulnerabilities) to 
include the two issues that are in CHANGES.

The XSS mod_negotitation issues I think is clearly of severity level 4 
(low), but I'm a bit uncertain about the mod_proxy_ajp problem.

It can be triggered by remote and leads to response mixups, so a privacy 
issue (all disclosed via Bugzilla before the release, so no need to 
discuss privately).

I'd go for a "Important" but would like to get more opinions. The 
definitions are at:

http://httpd.apache.org/security/impact_levels.html

Regards,

Rainer

Mime
View raw message