httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rainer Jung <rainer.j...@kippdata.de>
Subject Re: Updating 2.4 security page
Date Tue, 21 Aug 2012 16:50:18 GMT
Done.

On 21.08.2012 17:41, Plüm, Rüdiger, Vodafone Group wrote:
>
>
>> -----Original Message-----
>> From: Jeff Trawick [mailto:]
>> Sent: Dienstag, 21. August 2012 17:37
>> To: dev@httpd.apache.org
>> Subject: Re: Updating 2.4 security page
>>
>> On Tue, Aug 21, 2012 at 11:30 AM, Rainer Jung
>> wrote:
>>> Now that 2.4.3 is released and annouced I'm in the process of updating
>> the
>>> security page (the xml file with the known vulnerabilities) to include
>> the
>>> two issues that are in CHANGES.
>>>
>>> The XSS mod_negotitation issues I think is clearly of severity level 4
>>> (low), but I'm a bit uncertain about the mod_proxy_ajp problem.
>>>
>>> It can be triggered by remote and leads to response mixups, so a
>> privacy
>>> issue (all disclosed via Bugzilla before the release, so no need to
>> discuss
>>> privately).
>>>
>>> I'd go for a "Important" but would like to get more opinions. The
>>> definitions are at:
>>
>> +1 for "Important"
>
> +1
>
> Regards
>
> Rüdiger

Mime
View raw message