httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Trawick <traw...@gmail.com>
Subject Re: Updating 2.4 security page
Date Tue, 21 Aug 2012 15:37:14 GMT
On Tue, Aug 21, 2012 at 11:30 AM, Rainer Jung <rainer.jung@kippdata.de> wrote:
> Now that 2.4.3 is released and annouced I'm in the process of updating the
> security page (the xml file with the known vulnerabilities) to include the
> two issues that are in CHANGES.
>
> The XSS mod_negotitation issues I think is clearly of severity level 4
> (low), but I'm a bit uncertain about the mod_proxy_ajp problem.
>
> It can be triggered by remote and leads to response mixups, so a privacy
> issue (all disclosed via Bugzilla before the release, so no need to discuss
> privately).
>
> I'd go for a "Important" but would like to get more opinions. The
> definitions are at:

+1 for "Important"

>
> http://httpd.apache.org/security/impact_levels.html
>
> Regards,
>
> Rainer



-- 
Born in Roswell... married an alien...
http://emptyhammock.com/

Mime
View raw message