httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Plüm, Rüdiger, Vodafone Group <ruediger.pl...@vodafone.com>
Subject RE: Updating 2.4 security page
Date Tue, 21 Aug 2012 15:41:52 GMT


> -----Original Message-----
> From: Jeff Trawick [mailto:]
> Sent: Dienstag, 21. August 2012 17:37
> To: dev@httpd.apache.org
> Subject: Re: Updating 2.4 security page
> 
> On Tue, Aug 21, 2012 at 11:30 AM, Rainer Jung 
> wrote:
> > Now that 2.4.3 is released and annouced I'm in the process of updating
> the
> > security page (the xml file with the known vulnerabilities) to include
> the
> > two issues that are in CHANGES.
> >
> > The XSS mod_negotitation issues I think is clearly of severity level 4
> > (low), but I'm a bit uncertain about the mod_proxy_ajp problem.
> >
> > It can be triggered by remote and leads to response mixups, so a
> privacy
> > issue (all disclosed via Bugzilla before the release, so no need to
> discuss
> > privately).
> >
> > I'd go for a "Important" but would like to get more opinions. The
> > definitions are at:
> 
> +1 for "Important"

+1

Regards

Rüdiger



Mime
View raw message