httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jaillet...@apache.org
Subject svn commit: r1890411 - in /httpd/site/trunk/content/security/json: CVE-2019-17567.json CVE-2020-13938.json CVE-2020-13950.json CVE-2020-35452.json CVE-2021-26690.json CVE-2021-26691.json CVE-2021-30641.json CVE-2021-31618.json
Date Thu, 03 Jun 2021 06:06:17 GMT
Author: jailletc36
Date: Thu Jun  3 06:06:17 2021
New Revision: 1890411

URL: http://svn.apache.org/viewvc?rev=1890411&view=rev
Log:
Add json files to /security/jason/

Added:
    httpd/site/trunk/content/security/json/CVE-2019-17567.json
    httpd/site/trunk/content/security/json/CVE-2020-13938.json
    httpd/site/trunk/content/security/json/CVE-2020-13950.json
    httpd/site/trunk/content/security/json/CVE-2020-35452.json
    httpd/site/trunk/content/security/json/CVE-2021-26690.json
    httpd/site/trunk/content/security/json/CVE-2021-26691.json
    httpd/site/trunk/content/security/json/CVE-2021-30641.json
    httpd/site/trunk/content/security/json/CVE-2021-31618.json

Added: httpd/site/trunk/content/security/json/CVE-2019-17567.json
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/security/json/CVE-2019-17567.json?rev=1890411&view=auto
==============================================================================
--- httpd/site/trunk/content/security/json/CVE-2019-17567.json (added)
+++ httpd/site/trunk/content/security/json/CVE-2019-17567.json Thu Jun  3 06:06:17 2021
@@ -0,0 +1,213 @@
+{
+  "data_type": "CVE",
+  "data_format": "MITRE",
+  "data_version": "4.0",
+  "generator": {
+    "engine": "xmltojsonmjc 1.0"
+  },
+  "references": {},
+  "timeline": [
+    {
+      "time": "2019-10-05",
+      "lang": "eng",
+      "value": "reported"
+    },
+    {
+      "time": "--",
+      "lang": "eng",
+      "value": "public"
+    },
+    {
+      "time": "--",
+      "lang": "eng",
+      "value": "2.4.47 released"
+    }
+  ],
+  "CNA_private": {
+    "owner": "httpd"
+  },
+  "CVE_data_meta": {
+    "ASSIGNER": "security@apache.org",
+    "AKA": "",
+    "STATE": "PUBLIC",
+    "DATE_PUBLIC": "--",
+    "ID": "CVE-2019-17567",
+    "TITLE": "mod_proxy_wstunnel tunneling of non Upgraded connections"
+  },
+  "source": {
+    "defect": [],
+    "advisory": "",
+    "discovery": "UNKNOWN"
+  },
+  "problemtype": {
+    "problemtype_data": [
+      {
+        "description": [
+          {
+            "lang": "eng",
+            "value": "mod_proxy_wstunnel tunneling of non Upgraded connections"
+          }
+        ]
+      }
+    ]
+  },
+  "credit": [
+    {
+      "lang": "eng",
+      "value": "Reported by Mikhail Egorov (<0ang3el gmail.com>)"
+    }
+  ],
+  "description": {
+    "description_data": [
+      {
+        "lang": "eng",
+        "value": "Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured
on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection
regardless, thus allowing for subsequent requests on the same connection to pass through with
no HTTP validation, authentication or authorization possibly configured."
+      }
+    ]
+  },
+  "impact": [
+    {
+      "other": "moderate"
+    }
+  ],
+  "affects": {
+    "vendor": {
+      "vendor_data": [
+        {
+          "vendor_name": "Apache Software Foundation",
+          "product": {
+            "product_data": [
+              {
+                "product_name": "Apache HTTP Server",
+                "version": {
+                  "version_data": [
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.46"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.43"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.41"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.39"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.38"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.37"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.35"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.34"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.33"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.29"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.28"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.27"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.26"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.25"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.23"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.20"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.18"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.17"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.16"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.12"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.10"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.9"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.7"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.6"
+                    }
+                  ]
+                }
+              }
+            ]
+          }
+        }
+      ]
+    }
+  }
+}
\ No newline at end of file

Added: httpd/site/trunk/content/security/json/CVE-2020-13938.json
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/security/json/CVE-2020-13938.json?rev=1890411&view=auto
==============================================================================
--- httpd/site/trunk/content/security/json/CVE-2020-13938.json (added)
+++ httpd/site/trunk/content/security/json/CVE-2020-13938.json Thu Jun  3 06:06:17 2021
@@ -0,0 +1,238 @@
+{
+  "data_type": "CVE",
+  "data_format": "MITRE",
+  "data_version": "4.0",
+  "generator": {
+    "engine": "xmltojsonmjc 1.0"
+  },
+  "references": {},
+  "timeline": [
+    {
+      "time": "2021-01-26",
+      "lang": "eng",
+      "value": "reported"
+    },
+    {
+      "time": "--",
+      "lang": "eng",
+      "value": "public"
+    },
+    {
+      "time": "--",
+      "lang": "eng",
+      "value": "2.4.48 released"
+    }
+  ],
+  "CNA_private": {
+    "owner": "httpd"
+  },
+  "CVE_data_meta": {
+    "ASSIGNER": "security@apache.org",
+    "AKA": "",
+    "STATE": "PUBLIC",
+    "DATE_PUBLIC": "--",
+    "ID": "CVE-2020-13938",
+    "TITLE": "Improper Handling of Insufficient Privileges"
+  },
+  "source": {
+    "defect": [],
+    "advisory": "",
+    "discovery": "UNKNOWN"
+  },
+  "problemtype": {
+    "problemtype_data": [
+      {
+        "description": [
+          {
+            "lang": "eng",
+            "value": "Improper Handling of Insufficient Privileges"
+          }
+        ]
+      }
+    ]
+  },
+  "credit": [
+    {
+      "lang": "eng",
+      "value": "Discovered by Ivan Zhakov"
+    }
+  ],
+  "description": {
+    "description_data": [
+      {
+        "lang": "eng",
+        "value": "Apache HTTP Server versions 2.4.0 to 2.4.47 Unprivileged local users can
stop httpd on Windows"
+      }
+    ]
+  },
+  "impact": [
+    {
+      "other": "moderate"
+    }
+  ],
+  "affects": {
+    "vendor": {
+      "vendor_data": [
+        {
+          "vendor_name": "Apache Software Foundation",
+          "product": {
+            "product_data": [
+              {
+                "product_name": "Apache HTTP Server",
+                "version": {
+                  "version_data": [
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.46"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.43"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.41"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.39"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.38"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.37"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.35"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.34"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.33"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.29"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.28"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.27"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.26"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.25"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.23"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.20"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.18"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.17"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.16"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.12"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.10"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.9"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.7"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.6"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.4"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.3"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.2"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.1"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.0"
+                    }
+                  ]
+                }
+              }
+            ]
+          }
+        }
+      ]
+    }
+  }
+}
\ No newline at end of file

Added: httpd/site/trunk/content/security/json/CVE-2020-13950.json
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/security/json/CVE-2020-13950.json?rev=1890411&view=auto
==============================================================================
--- httpd/site/trunk/content/security/json/CVE-2020-13950.json (added)
+++ httpd/site/trunk/content/security/json/CVE-2020-13950.json Thu Jun  3 06:06:17 2021
@@ -0,0 +1,108 @@
+{
+  "data_type": "CVE",
+  "data_format": "MITRE",
+  "data_version": "4.0",
+  "generator": {
+    "engine": "xmltojsonmjc 1.0"
+  },
+  "references": {},
+  "timeline": [
+    {
+      "time": "2020-09-11",
+      "lang": "eng",
+      "value": "reported"
+    },
+    {
+      "time": "--",
+      "lang": "eng",
+      "value": "public"
+    },
+    {
+      "time": "--",
+      "lang": "eng",
+      "value": "2.4.47 released"
+    }
+  ],
+  "CNA_private": {
+    "owner": "httpd"
+  },
+  "CVE_data_meta": {
+    "ASSIGNER": "security@apache.org",
+    "AKA": "",
+    "STATE": "PUBLIC",
+    "DATE_PUBLIC": "--",
+    "ID": "CVE-2020-13950",
+    "TITLE": "mod_proxy_http NULL pointer dereference"
+  },
+  "source": {
+    "defect": [],
+    "advisory": "",
+    "discovery": "UNKNOWN"
+  },
+  "problemtype": {
+    "problemtype_data": [
+      {
+        "description": [
+          {
+            "lang": "eng",
+            "value": "mod_proxy_http NULL pointer dereference"
+          }
+        ]
+      }
+    ]
+  },
+  "credit": [
+    {
+      "lang": "eng",
+      "value": "Reported by Marc Stern (<marc.stern approach.be>)"
+    }
+  ],
+  "description": {
+    "description_data": [
+      {
+        "lang": "eng",
+        "value": "Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made
to crash (NULL pointer dereference) with specially crafted requests using both Content-Length
and Transfer-Encoding headers, leading to a Denial of Service"
+      }
+    ]
+  },
+  "impact": [
+    {
+      "other": "low"
+    }
+  ],
+  "affects": {
+    "vendor": {
+      "vendor_data": [
+        {
+          "vendor_name": "Apache Software Foundation",
+          "product": {
+            "product_data": [
+              {
+                "product_name": "Apache HTTP Server",
+                "version": {
+                  "version_data": [
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.46"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.43"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.41"
+                    }
+                  ]
+                }
+              }
+            ]
+          }
+        }
+      ]
+    }
+  }
+}
\ No newline at end of file

Added: httpd/site/trunk/content/security/json/CVE-2020-35452.json
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/security/json/CVE-2020-35452.json?rev=1890411&view=auto
==============================================================================
--- httpd/site/trunk/content/security/json/CVE-2020-35452.json (added)
+++ httpd/site/trunk/content/security/json/CVE-2020-35452.json Thu Jun  3 06:06:17 2021
@@ -0,0 +1,238 @@
+{
+  "data_type": "CVE",
+  "data_format": "MITRE",
+  "data_version": "4.0",
+  "generator": {
+    "engine": "xmltojsonmjc 1.0"
+  },
+  "references": {},
+  "timeline": [
+    {
+      "time": "2020-11-11",
+      "lang": "eng",
+      "value": "reported"
+    },
+    {
+      "time": "--",
+      "lang": "eng",
+      "value": "public"
+    },
+    {
+      "time": "--",
+      "lang": "eng",
+      "value": "2.4.47 released"
+    }
+  ],
+  "CNA_private": {
+    "owner": "httpd"
+  },
+  "CVE_data_meta": {
+    "ASSIGNER": "security@apache.org",
+    "AKA": "",
+    "STATE": "PUBLIC",
+    "DATE_PUBLIC": "--",
+    "ID": "CVE-2020-35452",
+    "TITLE": "mod_auth_digest possible stack overflow by one nul byte"
+  },
+  "source": {
+    "defect": [],
+    "advisory": "",
+    "discovery": "UNKNOWN"
+  },
+  "problemtype": {
+    "problemtype_data": [
+      {
+        "description": [
+          {
+            "lang": "eng",
+            "value": "mod_auth_digest possible stack overflow by one nul byte"
+          }
+        ]
+      }
+    ]
+  },
+  "credit": [
+    {
+      "lang": "eng",
+      "value": "This issue was discovered and reported by GHSL team member @antonio-morales
(Antonio Morales)"
+    }
+  ],
+  "description": {
+    "description_data": [
+      {
+        "lang": "eng",
+        "value": "Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest
nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being
exploitable, nor the Apache HTTP Server team could create one, though some particular compiler
and/or compilation option might make it possible, with limited consequences anyway due to
the size (a single byte) and the value (zero byte) of the overflow"
+      }
+    ]
+  },
+  "impact": [
+    {
+      "other": "low"
+    }
+  ],
+  "affects": {
+    "vendor": {
+      "vendor_data": [
+        {
+          "vendor_name": "Apache Software Foundation",
+          "product": {
+            "product_data": [
+              {
+                "product_name": "Apache HTTP Server",
+                "version": {
+                  "version_data": [
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.46"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.43"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.41"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.39"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.38"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.37"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.35"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.34"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.33"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.29"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.28"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.27"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.26"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.25"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.23"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.20"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.18"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.17"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.16"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.12"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.10"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.9"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.7"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.6"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.4"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.3"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.2"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.1"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.0"
+                    }
+                  ]
+                }
+              }
+            ]
+          }
+        }
+      ]
+    }
+  }
+}
\ No newline at end of file

Added: httpd/site/trunk/content/security/json/CVE-2021-26690.json
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/security/json/CVE-2021-26690.json?rev=1890411&view=auto
==============================================================================
--- httpd/site/trunk/content/security/json/CVE-2021-26690.json (added)
+++ httpd/site/trunk/content/security/json/CVE-2021-26690.json Thu Jun  3 06:06:17 2021
@@ -0,0 +1,238 @@
+{
+  "data_type": "CVE",
+  "data_format": "MITRE",
+  "data_version": "4.0",
+  "generator": {
+    "engine": "xmltojsonmjc 1.0"
+  },
+  "references": {},
+  "timeline": [
+    {
+      "time": "2021-02-08",
+      "lang": "eng",
+      "value": "reported"
+    },
+    {
+      "time": "--",
+      "lang": "eng",
+      "value": "public"
+    },
+    {
+      "time": "--",
+      "lang": "eng",
+      "value": "2.4.47 released"
+    }
+  ],
+  "CNA_private": {
+    "owner": "httpd"
+  },
+  "CVE_data_meta": {
+    "ASSIGNER": "security@apache.org",
+    "AKA": "",
+    "STATE": "PUBLIC",
+    "DATE_PUBLIC": "--",
+    "ID": "CVE-2021-26690",
+    "TITLE": "mod_session NULL pointer dereference"
+  },
+  "source": {
+    "defect": [],
+    "advisory": "",
+    "discovery": "UNKNOWN"
+  },
+  "problemtype": {
+    "problemtype_data": [
+      {
+        "description": [
+          {
+            "lang": "eng",
+            "value": "mod_session NULL pointer dereference"
+          }
+        ]
+      }
+    ]
+  },
+  "credit": [
+    {
+      "lang": "eng",
+      "value": "This issue was discovered and reported by GHSL team member @antonio-morales
(Antonio Morales)"
+    }
+  ],
+  "description": {
+    "description_data": [
+      {
+        "lang": "eng",
+        "value": "Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie
header handled by mod_session can cause a NULL pointer dereference and crash, leading to a
possible Denial Of Service"
+      }
+    ]
+  },
+  "impact": [
+    {
+      "other": "low"
+    }
+  ],
+  "affects": {
+    "vendor": {
+      "vendor_data": [
+        {
+          "vendor_name": "Apache Software Foundation",
+          "product": {
+            "product_data": [
+              {
+                "product_name": "Apache HTTP Server",
+                "version": {
+                  "version_data": [
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.46"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.43"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.41"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.39"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.38"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.37"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.35"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.34"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.33"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.29"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.28"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.27"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.26"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.25"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.23"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.20"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.18"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.17"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.16"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.12"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.10"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.9"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.7"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.6"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.4"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.3"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.2"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.1"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.0"
+                    }
+                  ]
+                }
+              }
+            ]
+          }
+        }
+      ]
+    }
+  }
+}
\ No newline at end of file

Added: httpd/site/trunk/content/security/json/CVE-2021-26691.json
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/security/json/CVE-2021-26691.json?rev=1890411&view=auto
==============================================================================
--- httpd/site/trunk/content/security/json/CVE-2021-26691.json (added)
+++ httpd/site/trunk/content/security/json/CVE-2021-26691.json Thu Jun  3 06:06:17 2021
@@ -0,0 +1,238 @@
+{
+  "data_type": "CVE",
+  "data_format": "MITRE",
+  "data_version": "4.0",
+  "generator": {
+    "engine": "xmltojsonmjc 1.0"
+  },
+  "references": {},
+  "timeline": [
+    {
+      "time": "2021-03-01",
+      "lang": "eng",
+      "value": "reported"
+    },
+    {
+      "time": "--",
+      "lang": "eng",
+      "value": "public"
+    },
+    {
+      "time": "--",
+      "lang": "eng",
+      "value": "2.4.47 released"
+    }
+  ],
+  "CNA_private": {
+    "owner": "httpd"
+  },
+  "CVE_data_meta": {
+    "ASSIGNER": "security@apache.org",
+    "AKA": "",
+    "STATE": "PUBLIC",
+    "DATE_PUBLIC": "--",
+    "ID": "CVE-2021-26691",
+    "TITLE": "mod_session response handling heap overflow"
+  },
+  "source": {
+    "defect": [],
+    "advisory": "",
+    "discovery": "UNKNOWN"
+  },
+  "problemtype": {
+    "problemtype_data": [
+      {
+        "description": [
+          {
+            "lang": "eng",
+            "value": "mod_session response handling heap overflow"
+          }
+        ]
+      }
+    ]
+  },
+  "credit": [
+    {
+      "lang": "eng",
+      "value": "Discovered internally Christophe Jaillet"
+    }
+  ],
+  "description": {
+    "description_data": [
+      {
+        "lang": "eng",
+        "value": "Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted SessionHeader
sent by an origin server could cause a heap overflow"
+      }
+    ]
+  },
+  "impact": [
+    {
+      "other": "low"
+    }
+  ],
+  "affects": {
+    "vendor": {
+      "vendor_data": [
+        {
+          "vendor_name": "Apache Software Foundation",
+          "product": {
+            "product_data": [
+              {
+                "product_name": "Apache HTTP Server",
+                "version": {
+                  "version_data": [
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.46"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.43"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.41"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.39"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.38"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.37"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.35"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.34"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.33"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.29"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.28"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.27"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.26"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.25"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.23"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.20"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.18"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.17"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.16"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.12"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.10"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.9"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.7"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.6"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.4"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.3"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.2"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.1"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.0"
+                    }
+                  ]
+                }
+              }
+            ]
+          }
+        }
+      ]
+    }
+  }
+}
\ No newline at end of file

Added: httpd/site/trunk/content/security/json/CVE-2021-30641.json
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/security/json/CVE-2021-30641.json?rev=1890411&view=auto
==============================================================================
--- httpd/site/trunk/content/security/json/CVE-2021-30641.json (added)
+++ httpd/site/trunk/content/security/json/CVE-2021-30641.json Thu Jun  3 06:06:17 2021
@@ -0,0 +1,113 @@
+{
+  "data_type": "CVE",
+  "data_format": "MITRE",
+  "data_version": "4.0",
+  "generator": {
+    "engine": "xmltojsonmjc 1.0"
+  },
+  "references": {},
+  "timeline": [
+    {
+      "time": "2021-04-14",
+      "lang": "eng",
+      "value": "reported"
+    },
+    {
+      "time": "--",
+      "lang": "eng",
+      "value": "public"
+    },
+    {
+      "time": "--",
+      "lang": "eng",
+      "value": "2.4.47 released"
+    }
+  ],
+  "CNA_private": {
+    "owner": "httpd"
+  },
+  "CVE_data_meta": {
+    "ASSIGNER": "security@apache.org",
+    "AKA": "",
+    "STATE": "PUBLIC",
+    "DATE_PUBLIC": "--",
+    "ID": "CVE-2021-30641",
+    "TITLE": "Unexpected URL matching with 'MergeSlashes OFF'"
+  },
+  "source": {
+    "defect": [],
+    "advisory": "",
+    "discovery": "UNKNOWN"
+  },
+  "problemtype": {
+    "problemtype_data": [
+      {
+        "description": [
+          {
+            "lang": "eng",
+            "value": "Unexpected URL matching with 'MergeSlashes OFF'"
+          }
+        ]
+      }
+    ]
+  },
+  "credit": [
+    {
+      "lang": "eng",
+      "value": "Discovered by Christoph Anton Mitterer"
+    }
+  ],
+  "description": {
+    "description_data": [
+      {
+        "lang": "eng",
+        "value": "Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior
with 'MergeSlashes OFF'"
+      }
+    ]
+  },
+  "impact": [
+    {
+      "other": "moderate"
+    }
+  ],
+  "affects": {
+    "vendor": {
+      "vendor_data": [
+        {
+          "vendor_name": "Apache Software Foundation",
+          "product": {
+            "product_data": [
+              {
+                "product_name": "Apache HTTP Server",
+                "version": {
+                  "version_data": [
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.46"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.43"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.41"
+                    },
+                    {
+                      "version_name": "2.4",
+                      "version_affected": "=",
+                      "version_value": "2.4.39"
+                    }
+                  ]
+                }
+              }
+            ]
+          }
+        }
+      ]
+    }
+  }
+}
\ No newline at end of file

Added: httpd/site/trunk/content/security/json/CVE-2021-31618.json
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/security/json/CVE-2021-31618.json?rev=1890411&view=auto
==============================================================================
--- httpd/site/trunk/content/security/json/CVE-2021-31618.json (added)
+++ httpd/site/trunk/content/security/json/CVE-2021-31618.json Thu Jun  3 06:06:17 2021
@@ -0,0 +1,127 @@
+{
+  "data_type": "CVE",
+  "data_format": "MITRE",
+  "data_version": "4.0",
+  "generator": {
+    "engine": "Vulnogram 0.0.9"
+  },
+  "CVE_data_meta": {
+    "ID": "CVE-2021-31618",
+    "ASSIGNER": "security@apache.org",
+    "DATE_PUBLIC": "",
+    "TITLE": "NULL pointer dereference on specially crafted HTTP/2 request",
+    "AKA": "",
+    "STATE": "DRAFT"
+  },
+  "source": {
+    "defect": [],
+    "advisory": "",
+    "discovery": "UNKNOWN"
+  },
+  "affects": {
+    "vendor": {
+      "vendor_data": [
+        {
+          "vendor_name": "Apache Software Foundation",
+          "product": {
+            "product_data": [
+              {
+                "product_name": "Apache HTTP Server",
+                "version": {
+                  "version_data": [
+                    {
+                      "version_name": "",
+                      "version_affected": "<=",
+                      "version_value": "2.4.47",
+                      "platform": ""
+                    }
+                  ]
+                }
+              }
+            ]
+          }
+        }
+      ]
+    }
+  },
+  "problemtype": {
+    "problemtype_data": [
+      {
+        "description": [
+          {
+            "lang": "eng",
+            "value": "CWE-476 NULL Pointer Dereference"
+          }
+        ]
+      }
+    ]
+  },
+  "description": {
+    "description_data": [
+      {
+        "value": "Apache HTTP Server protocol handler for the HTTP/2 protocol checks received
request headers against the size limitations as configured for the server and used for the
HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the
client with a status code indicating why the request was rejected.\n\nThis rejection response
was not fully initialised in the HTTP/2 protocol handler if the offending header was the very
first one received or appeared in a a footer. This led to a NULL pointer dereference on initialised
memory, crashing reliably the child process. Since such a triggering HTTP/2 request is easy
to craft and submit, this can be exploited to DoS the server.\n\nThis affected versions prior
to 2.4.47",
+        "lang": "eng"
+      }
+    ]
+  },
+  "references": {
+    "reference_data": [
+      {
+        "refsource": "CONFIRM",
+        "url": "",
+        "name": ""
+      }
+    ]
+  },
+  "configuration": [],
+  "impact": [
+    {
+      "other": "important"
+    }
+  ],
+  "exploit": [],
+  "work_around": [
+    {
+      "lang": "eng",
+      "value": "On unpatched servers, the `h2` protocol can be disabled by removing it from
the `Protocols` configuration. If the `h2` protocol is not enabled, the server is not affected
by this vulnerability."
+    }
+  ],
+  "solution": [],
+  "credit": [
+    {
+      "lang": "eng",
+      "value": "Apache HTTP server would like to thank  LI ZHI XIN from NSFoucs for reporting
this."
+    }
+  ],
+  "CNA_private": {
+    "owner": "httpd",
+    "publish": {
+      "ym": "",
+      "year": "",
+      "month": ""
+    },
+    "share_with_CVE": true,
+    "CVE_table_description": [],
+    "CVE_list": [],
+    "internal_comments": "",
+    "todo": [],
+    "email": ""
+  },
+  "timeline": [
+    {
+      "time": "2021-04-22",
+      "lang": "eng",
+      "value": "reported"
+    },
+    {
+      "time": "--",
+      "lang": "eng",
+      "value": "public"
+    },
+    {
+      "time": "--",
+      "lang": "eng",
+      "value": "2.4.47 released"
+    }
+  ]
+}



Mime
View raw message