[prev in list] [next in list] [prev in thread] [next in thread]
List: apache-cvs
Subject: svn commit: r1507783 - /httpd/site/trunk/content/security/vulnerabilities-httpd.xml
From: mjc () apache ! org
Date: 2013-07-28 11:22:27
Message-ID: 20130728112228.007692388993 () eris ! apache ! org
[Download RAW message or body]
Author: mjc
Date: Sun Jul 28 11:22:27 2013
New Revision: 1507783
URL: http://svn.apache.org/r1507783
Log:
Bring 2.0.65 vuln page up to date
Modified:
httpd/site/trunk/content/security/vulnerabilities-httpd.xml
Modified: httpd/site/trunk/content/security/vulnerabilities-httpd.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/security/vulnerabilities-httpd.xml?rev=1507783&r1=1507782&r2=1507783&view=diff
==============================================================================
--- httpd/site/trunk/content/security/vulnerabilities-httpd.xml (original)
+++ httpd/site/trunk/content/security/vulnerabilities-httpd.xml Sun Jul 28 11:22:27 \
2013 @@ -91,6 +91,45 @@ This issue was reported by Ramiro Molina
<affects prod="httpd" version="2.2.0"/>
</issue>
+<issue fixed="2.0.65" reported="20130313" public="20130419" released="20130722">
+<cve name="CVE-2013-1862"/>
+<severity level="4">low</severity>
+<title>mod_rewrite log escape filtering</title>
+<description><p>
+mod_rewrite does not filter terminal escape sequences from logs,
+which could make it easier for attackers to insert those sequences
+into terminal emulators containing vulnerabilities related to escape
+sequences.
+</p></description>
+<acknowledgements>
+This issue was reported by Ramiro Molina
+</acknowledgements>
+<affects prod="httpd" version="2.0.64"/>
+<affects prod="httpd" version="2.0.63"/>
+<affects prod="httpd" version="2.0.61"/>
+<affects prod="httpd" version="2.0.59"/>
+<affects prod="httpd" version="2.0.58"/>
+<affects prod="httpd" version="2.0.55"/>
+<affects prod="httpd" version="2.0.54"/>
+<affects prod="httpd" version="2.0.53"/>
+<affects prod="httpd" version="2.0.52"/>
+<affects prod="httpd" version="2.0.51"/>
+<affects prod="httpd" version="2.0.50"/>
+<affects prod="httpd" version="2.0.49"/>
+<affects prod="httpd" version="2.0.48"/>
+<affects prod="httpd" version="2.0.47"/>
+<affects prod="httpd" version="2.0.46"/>
+<affects prod="httpd" version="2.0.45"/>
+<affects prod="httpd" version="2.0.44"/>
+<affects prod="httpd" version="2.0.43"/>
+<affects prod="httpd" version="2.0.42"/>
+<affects prod="httpd" version="2.0.40"/>
+<affects prod="httpd" version="2.0.39"/>
+<affects prod="httpd" version="2.0.37"/>
+<affects prod="httpd" version="2.0.36"/>
+<affects prod="httpd" version="2.0.35"/>
+</issue>
+
<issue fixed="2.4.6" reported="20130529" public="20130722" released="20130722">
<cve name="CVE-2013-2249"/>
<severity level="3">moderate</severity>
@@ -383,6 +422,46 @@ This issue was reported by halfdog
<affects prod="httpd" version="2.2.0"/>
</issue>
+
+<issue fixed="2.0.65" reported="20111004" public="20111102" released="20130722">
+<cve name="CVE-2011-3607"/>
+<severity level="4">low</severity>
+<title>mod_setenvif .htaccess privilege escalation</title>
+<description><p>
+An integer overflow flaw was found which, when the mod_setenvif module
+is enabled, could allow local users to gain privileges via a .htaccess
+file.
+</p>
+</description>
+<acknowledgements>
+This issue was reported by halfdog
+</acknowledgements>
+<affects prod="httpd" version="2.0.64"/>
+<affects prod="httpd" version="2.0.63"/>
+<affects prod="httpd" version="2.0.61"/>
+<affects prod="httpd" version="2.0.59"/>
+<affects prod="httpd" version="2.0.58"/>
+<affects prod="httpd" version="2.0.55"/>
+<affects prod="httpd" version="2.0.54"/>
+<affects prod="httpd" version="2.0.53"/>
+<affects prod="httpd" version="2.0.52"/>
+<affects prod="httpd" version="2.0.51"/>
+<affects prod="httpd" version="2.0.50"/>
+<affects prod="httpd" version="2.0.49"/>
+<affects prod="httpd" version="2.0.48"/>
+<affects prod="httpd" version="2.0.47"/>
+<affects prod="httpd" version="2.0.46"/>
+<affects prod="httpd" version="2.0.45"/>
+<affects prod="httpd" version="2.0.44"/>
+<affects prod="httpd" version="2.0.43"/>
+<affects prod="httpd" version="2.0.42"/>
+<affects prod="httpd" version="2.0.40"/>
+<affects prod="httpd" version="2.0.39"/>
+<affects prod="httpd" version="2.0.37"/>
+<affects prod="httpd" version="2.0.36"/>
+<affects prod="httpd" version="2.0.35"/>
+</issue>
+
<issue fixed="2.2.22" reported="20111020" public="20120122" released="20120131">
<cve name="CVE-2011-4317"/>
<severity level="3">moderate</severity>
@@ -473,6 +552,45 @@ This issue was reported by halfdog
<affects prod="httpd" version="2.2.0"/>
</issue>
+<issue fixed="2.0.65" reported="20111230" public="20120111" released="20130722">
+<cve name="CVE-2012-0031"/>
+<severity level="4">low</severity>
+<title>scoreboard parent DoS</title>
+<description><p>
+A flaw was found in the handling of the scoreboard. An
+unprivileged child process could cause the parent process to crash at
+shutdown rather than terminate cleanly.
+</p>
+</description>
+<acknowledgements>
+This issue was reported by halfdog
+</acknowledgements>
+<affects prod="httpd" version="2.0.64"/>
+<affects prod="httpd" version="2.0.63"/>
+<affects prod="httpd" version="2.0.61"/>
+<affects prod="httpd" version="2.0.59"/>
+<affects prod="httpd" version="2.0.58"/>
+<affects prod="httpd" version="2.0.55"/>
+<affects prod="httpd" version="2.0.54"/>
+<affects prod="httpd" version="2.0.53"/>
+<affects prod="httpd" version="2.0.52"/>
+<affects prod="httpd" version="2.0.51"/>
+<affects prod="httpd" version="2.0.50"/>
+<affects prod="httpd" version="2.0.49"/>
+<affects prod="httpd" version="2.0.48"/>
+<affects prod="httpd" version="2.0.47"/>
+<affects prod="httpd" version="2.0.46"/>
+<affects prod="httpd" version="2.0.45"/>
+<affects prod="httpd" version="2.0.44"/>
+<affects prod="httpd" version="2.0.43"/>
+<affects prod="httpd" version="2.0.42"/>
+<affects prod="httpd" version="2.0.40"/>
+<affects prod="httpd" version="2.0.39"/>
+<affects prod="httpd" version="2.0.37"/>
+<affects prod="httpd" version="2.0.36"/>
+<affects prod="httpd" version="2.0.35"/>
+</issue>
+
<issue fixed="2.2.22" reported="20120115" public="20120123" released="20120131">
<cve name="CVE-2012-0053"/>
<severity level="3">moderate</severity>
@@ -508,6 +626,45 @@ This issue was reported by Norman Hipper
<affects prod="httpd" version="2.2.0"/>
</issue>
+<issue fixed="2.0.65" reported="20120115" public="20120123" released="20130722">
+<cve name="CVE-2012-0053"/>
+<severity level="3">moderate</severity>
+<title>error responses can expose cookies</title>
+<description><p>
+A flaw was found in the default error response for status code 400. This flaw could
+be used by an attacker to expose "httpOnly" cookies
+when no custom ErrorDocument is specified.
+</p>
+</description>
+<acknowledgements>
+This issue was reported by Norman Hippert
+</acknowledgements>
+<affects prod="httpd" version="2.0.64"/>
+<affects prod="httpd" version="2.0.63"/>
+<affects prod="httpd" version="2.0.61"/>
+<affects prod="httpd" version="2.0.59"/>
+<affects prod="httpd" version="2.0.58"/>
+<affects prod="httpd" version="2.0.55"/>
+<affects prod="httpd" version="2.0.54"/>
+<affects prod="httpd" version="2.0.53"/>
+<affects prod="httpd" version="2.0.52"/>
+<affects prod="httpd" version="2.0.51"/>
+<affects prod="httpd" version="2.0.50"/>
+<affects prod="httpd" version="2.0.49"/>
+<affects prod="httpd" version="2.0.48"/>
+<affects prod="httpd" version="2.0.47"/>
+<affects prod="httpd" version="2.0.46"/>
+<affects prod="httpd" version="2.0.45"/>
+<affects prod="httpd" version="2.0.44"/>
+<affects prod="httpd" version="2.0.43"/>
+<affects prod="httpd" version="2.0.42"/>
+<affects prod="httpd" version="2.0.40"/>
+<affects prod="httpd" version="2.0.39"/>
+<affects prod="httpd" version="2.0.37"/>
+<affects prod="httpd" version="2.0.36"/>
+<affects prod="httpd" version="2.0.35"/>
+</issue>
+
<issue fixed="2.2.22" reported="20110916" public="20111005" released="20120131">
<cve name="CVE-2011-3368"/>
<severity level="3">moderate</severity>
@@ -770,7 +927,7 @@ This issue was reported by Maksymilian A
<affects prod="httpd" version="2.2.0"/>
</issue>
-<issue fixed="2.0.65-dev" reported="20110302" public="20110510" released="20110521">
+<issue fixed="2.0.65" reported="20110302" public="20110510" released="20110521">
<cve name="CVE-2011-0419"/>
<severity level="3">moderate</severity>
<title>apr_fnmatch flaw leads to mod_autoindex remote DoS</title>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic