'[users@httpd] Confirmation on Vulnerability Status of Apache HTTP V2.0.50 and when bundled with Broc'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       apache-httpd-users
Subject:    [users@httpd] Confirmation on Vulnerability Status of Apache HTTP V2.0.50 and when bundled with Broc
From:       "Kee, Siokkwan" <SiokKwan.Kee () emc ! com>
Date:       2014-06-24 4:45:19
Message-ID: 44415FED341C624DAD6F7A063AC9EECE01A03C9967 () MX26A ! corp ! emc ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


Hi Users in Apache.org,

Greetings from EMC! :)
We have an issue currently where documentation released from Brocade indica=
tes Apache HTTP V 2.0.50 is listed as non-vulnerable when bundled together =
with Brocade FOS V7.1.1.
As Brocade has listed this as a non-vulnerability, the latest version of th=
e FOS is currently still bundled with Apache HTTP V 2.0.50.
(Please refer to the attached listed CVE-2012-0053 in Page 15 onwards on th=
e Vulnerability explanation from Brocade.)

However, during the routine Vulnerability Assessment scan, the Apache HTTP =
V 2.0.50 reflects that this is a vulnerable version.
The same is reflected in the Apache HTTP website that this version is vulne=
rable.

Would appreciate advise from Apache.Org team on comments listed by Brocade =
(whether is it possible for Apache HTTP V2.0.50 not to be vulnerable when b=
undled with Brocade FOS) so that we may be able to move forward.

Thanks for your help in advance and have a good day! :)
Please do let me know if there are any further clarifications needed to the=
 abovementioned. Tks :)

Thanks & regards,

KEE Siok Kwan, Eva
Sr Project Manager, Global Professional Services
EMC Southeast Asia
1 Changi Business Park Central 1, #08-101, ONE@Changi City,
Singapore 486036
Tel: +65 6692 3829; Cell: +65 9734 6298
Email: SiokKwan.Kee@emc.com<mailto:SiokKwan.Kee@emc.com>




[Attachment #5 (text/html)]

<html xmlns:v="urn:schemas-microsoft-com:vml" \
xmlns:o="urn:schemas-microsoft-com:office:office" \
xmlns:w="urn:schemas-microsoft-com:office:word" \
xmlns:x="urn:schemas-microsoft-com:office:excel" \
xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" \
xmlns="http://www.w3.org/TR/REC-html40"><head><META HTTP-EQUIV="Content-Type" \
CONTENT="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 \
(filtered medium)"><style><!-- /* Font Definitions */
@font-face
	{font-family:Wingdings;
	panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
	{font-family:Wingdings;
	panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
span.EmailStyle17
	{mso-style-type:personal-compose;
	font-family:"Calibri","sans-serif";
	color:windowtext;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-family:"Calibri","sans-serif";}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div \
class=WordSection1><p class=MsoNormal>Hi Users in Apache.org,<o:p></o:p></p><p \
class=MsoNormal><o:p>&nbsp;</o:p></p><p class=MsoNormal>Greetings from EMC! <span \
style='font-family:Wingdings'>J</span><o:p></o:p></p><p class=MsoNormal>We have an \
issue currently where documentation released from Brocade indicates Apache HTTP V \
2.0.50 is listed as non-vulnerable when bundled together with Brocade FOS \
V7.1.1.<o:p></o:p></p><p class=MsoNormal>As Brocade has listed this as a \
non-vulnerability, the latest version of the FOS is currently still bundled with \
Apache HTTP V 2.0.50.<o:p></o:p></p><p class=MsoNormal>(Please refer to the attached \
listed CVE-2012-0053 in Page 15 onwards on the Vulnerability explanation from \
Brocade.)<o:p></o:p></p><p class=MsoNormal><o:p>&nbsp;</o:p></p><p \
class=MsoNormal>However, during the routine Vulnerability Assessment scan, the Apache \
HTTP V 2.0.50 reflects that this is a vulnerable version.<o:p></o:p></p><p \
class=MsoNormal>The same is reflected in the Apache HTTP website that this version is \
vulnerable.<o:p></o:p></p><p class=MsoNormal><o:p>&nbsp;</o:p></p><p \
class=MsoNormal>Would appreciate advise from Apache.Org team on comments listed by \
Brocade (whether is it possible for Apache HTTP V2.0.50 not to be vulnerable when \
bundled with Brocade FOS) so that we may be able to move forward.<o:p></o:p></p><p \
class=MsoNormal><o:p>&nbsp;</o:p></p><p class=MsoNormal>Thanks for your help in \
advance and have a good day! <span \
style='font-family:Wingdings'>J</span><o:p></o:p></p><p class=MsoNormal>Please do let \
me know if there are any further clarifications needed to the abovementioned. Tks \
<span style='font-family:Wingdings'>J</span><o:p></o:p></p><p class=MsoNormal><span \
style='color:navy'><o:p>&nbsp;</o:p></span></p><p class=MsoNormal><span \
style='color:navy'>Thanks &amp; regards,<o:p></o:p></span></p><p \
class=MsoNormal><b><span style='color:navy'><o:p>&nbsp;</o:p></span></b></p><p \
class=MsoNormal><b><span style='color:navy'>KEE Siok Kwan, Eva</span></b><b><span \
style='font-family:"Times New Roman","serif";color:navy'><br></span></b><b><span \
style='color:#17365D'>Sr Project Manager, Global Professional Services<br>EMC \
Southeast Asia</span></b><b><span style='font-family:"Times New \
Roman","serif";color:navy'><br></span></b><span style='color:navy'>1 Changi Business \
Park Central 1, #08-101, ONE@Changi City, <br>Singapore 486036</span><span \
style='font-family:"Times New Roman","serif";color:navy'><o:p></o:p></span></p><p \
class=MsoNormal><span style='font-family:"Times New Roman","serif";color:navy'>Tel: \
+65 6692 3829; Cell: +65 9734 6298</span><span style='font-family:"Times New \
Roman","serif";color:#E36C0A'><br></span><span style='font-family:"Times New \
Roman","serif";color:navy'>Email: </span><span style='font-family:"Times New \
Roman","serif"'><a href="mailto:SiokKwan.Kee@emc.com"><span \
style='color:blue'>SiokKwan.Kee@emc.com</span></a><o:p></o:p></span></p><p \
class=MsoNormal><span style='font-family:"Times New \
Roman","serif"'><o:p>&nbsp;</o:p></span></p><p class=MsoNormal><span \
style='font-family:"Times New Roman","serif"'><o:p>&nbsp;</o:p></span></p><p \
class=MsoNormal><o:p>&nbsp;</o:p></p></div></body></html>


["FOS Vulnerabilities 2014-04-15.pdf" (application/pdf)]

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic