You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by mj...@apache.org on 2005/10/19 09:58:22 UTC
svn commit: r326439 - in /httpd/site/trunk: docs/ docs/info/ docs/security/
xdocs/ xdocs/info/ xdocs/security/
Author: mjc
Date: Wed Oct 19 00:58:06 2005
New Revision: 326439
URL: http://svn.apache.org/viewcvs?rev=326439&view=rev
Log:
Today all CAN- names get one-time converted to CVE-, so update
all our web site references from CAN- to CVE-
Modified:
httpd/site/trunk/docs/download.html
httpd/site/trunk/docs/info/security_bulletin_20020617.txt
httpd/site/trunk/docs/info/security_bulletin_20020620.txt
httpd/site/trunk/docs/info/security_bulletin_20020809a.txt
httpd/site/trunk/docs/security/vulnerabilities_13.html
httpd/site/trunk/docs/security/vulnerabilities_20.html
httpd/site/trunk/xdocs/download.xml
httpd/site/trunk/xdocs/info/security_bulletin_20020617.txt
httpd/site/trunk/xdocs/info/security_bulletin_20020620.txt
httpd/site/trunk/xdocs/info/security_bulletin_20020809a.txt
httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
Modified: httpd/site/trunk/docs/download.html
URL: http://svn.apache.org/viewcvs/httpd/site/trunk/docs/download.html?rev=326439&r1=326438&r2=326439&view=diff
==============================================================================
--- httpd/site/trunk/docs/download.html (original)
+++ httpd/site/trunk/docs/download.html Wed Oct 19 00:58:06 2005
@@ -199,8 +199,8 @@
<p>Apache 1.3.34 is the best available version of the 1.3 series, and
is recommended over all previous 1.3 releases. This release adds several
enhancements, fixes a number of bugs and addresses 2 security issues described in
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0940">CAN-2004-0940 (cve.mitre.org)</a> and
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0492">CAN-2004-0492 (cve.mitre.org)</a>.</p>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0940">CVE-2004-0940 (cve.mitre.org)</a> and
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0492">CVE-2004-0492 (cve.mitre.org)</a>.</p>
<p>For additional details, read the <a href="http://www.apache.org/dist/httpd/Announcement1.3.html">Official
Announcement</a>.</p>
<p>The Apache 1.3 series is being actively maintained and leisurely
Modified: httpd/site/trunk/docs/info/security_bulletin_20020617.txt
URL: http://svn.apache.org/viewcvs/httpd/site/trunk/docs/info/security_bulletin_20020617.txt?rev=326439&r1=326438&r2=326439&view=diff
==============================================================================
--- httpd/site/trunk/docs/info/security_bulletin_20020617.txt (original)
+++ httpd/site/trunk/docs/info/security_bulletin_20020617.txt Wed Oct 19 00:58:06 2005
@@ -24,7 +24,7 @@
which has forced the early release of this advisory.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
-assigned the name CAN-2002-0392 to this issue.
+assigned the name CVE-2002-0392 to this issue.
Description:
Modified: httpd/site/trunk/docs/info/security_bulletin_20020620.txt
URL: http://svn.apache.org/viewcvs/httpd/site/trunk/docs/info/security_bulletin_20020620.txt?rev=326439&r1=326438&r2=326439&view=diff
==============================================================================
--- httpd/site/trunk/docs/info/security_bulletin_20020620.txt (original)
+++ httpd/site/trunk/docs/info/security_bulletin_20020620.txt Wed Oct 19 00:58:06 2005
@@ -8,7 +8,7 @@
Versions: Apache 1.3 all versions including 1.3.24; Apache 2.0 all versions
up to 2.0.36; Apache 1.2 all versions.
-CAN-2002-0392 (mitre.org) [CERT VU#944335]
+CVE-2002-0392 (mitre.org) [CERT VU#944335]
- ----------------------------------------------------------
------------UPDATED ADVISORY------------
Modified: httpd/site/trunk/docs/info/security_bulletin_20020809a.txt
URL: http://svn.apache.org/viewcvs/httpd/site/trunk/docs/info/security_bulletin_20020809a.txt?rev=326439&r1=326438&r2=326439&view=diff
==============================================================================
--- httpd/site/trunk/docs/info/security_bulletin_20020809a.txt (original)
+++ httpd/site/trunk/docs/info/security_bulletin_20020809a.txt Wed Oct 19 00:58:06 2005
@@ -14,7 +14,7 @@
Vendor URL: http://httpd.apache.org/
Affects: All Released versions of 2.0 through 2.0.39
Fixed in: 2.0.40
- Identifiers: CAN-2002-0661
+ Identifiers: CVE-2002-0661
=============== DESCRIPTION ================
@@ -50,9 +50,9 @@
=============== REFERENCES ================
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
-assigned the name CAN-2002-0661 to this issue.
+assigned the name CVE-2002-0661 to this issue.
-http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0661
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0661
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
Modified: httpd/site/trunk/docs/security/vulnerabilities_13.html
URL: http://svn.apache.org/viewcvs/httpd/site/trunk/docs/security/vulnerabilities_13.html?rev=326439&r1=326438&r2=326439&view=diff
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities_13.html (original)
+++ httpd/site/trunk/docs/security/vulnerabilities_13.html Wed Oct 19 00:58:06 2005
@@ -92,9 +92,9 @@
<dd>
<b>moderate: </b>
<b>
-<name name="CAN-2004-0940">mod_include overflow</name>
+<name name="CVE-2004-0940">mod_include overflow</name>
</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0940">CAN-2004-0940</a>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0940">CVE-2004-0940</a>
<p>
A buffer overflow in mod_include could allow a local user who
is authorised to create server side include (SSI) files to gain
@@ -124,9 +124,9 @@
<dd>
<b>moderate: </b>
<b>
-<name name="CAN-2004-0492">mod_proxy buffer overflow</name>
+<name name="CVE-2004-0492">mod_proxy buffer overflow</name>
</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0492">CAN-2004-0492</a>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0492">CVE-2004-0492</a>
<p>
A buffer overflow was found in the Apache proxy module, mod_proxy, which
can be triggered by receiving an invalid Content-Length header. In order
@@ -161,9 +161,9 @@
<dd>
<b>important: </b>
<b>
-<name name="CAN-2004-0174">listening socket starvation</name>
+<name name="CVE-2004-0174">listening socket starvation</name>
</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0174">CAN-2004-0174</a>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0174">CVE-2004-0174</a>
<p>
A starvation issue on listening sockets occurs when a short-lived
connection on a rarely-accessed listening socket will cause a child to
@@ -223,9 +223,9 @@
<dd>
<b>low: </b>
<b>
-<name name="CAN-2003-0987">mod_digest nonce checking</name>
+<name name="CVE-2003-0987">mod_digest nonce checking</name>
</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0987">CAN-2003-0987</a>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0987">CVE-2003-0987</a>
<p>
mod_digest does not properly verify the nonce of a client response by
@@ -261,9 +261,9 @@
<dd>
<b>low: </b>
<b>
-<name name="CAN-2003-0542">Local configuration regular expression overflow</name>
+<name name="CVE-2003-0542">Local configuration regular expression overflow</name>
</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0542">CAN-2003-0542</a>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0542">CVE-2003-0542</a>
<p>
By using a regular expression with more than 9 captures a buffer
overflow can occur in mod_alias or mod_rewrite. To exploit this an
@@ -294,9 +294,9 @@
<dd>
<b>important: </b>
<b>
-<name name="CAN-2003-0460">RotateLogs DoS</name>
+<name name="CVE-2003-0460">RotateLogs DoS</name>
</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0460">CAN-2003-0460</a>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0460">CVE-2003-0460</a>
<p>The rotatelogs support program on Win32 and OS/2 would quit logging
and exit if it received special control characters such as 0x1A.
</p>
@@ -324,9 +324,9 @@
<dd>
<b>important: </b>
<b>
-<name name="CAN-2002-0843">Buffer overflows in ab utility</name>
+<name name="CVE-2002-0843">Buffer overflows in ab utility</name>
</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0843">CAN-2002-0843</a>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0843">CVE-2002-0843</a>
<p>Buffer overflows in the benchmarking utility ab could be exploited if
ab is run against a malicious server
</p>
@@ -341,9 +341,9 @@
<dd>
<b>important: </b>
<b>
-<name name="CAN-2002-0839">Shared memory permissions lead to local privilege escalation</name>
+<name name="CVE-2002-0839">Shared memory permissions lead to local privilege escalation</name>
</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0839">CAN-2002-0839</a>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0839">CVE-2002-0839</a>
<p>The permissions of the shared memory used for the scoreboard
allows an attacker who can execute under
the Apache UID to send a signal to any process as root or cause a local
@@ -410,9 +410,9 @@
<dd>
<b>low: </b>
<b>
-<name name="CAN-2003-0083">Filtered escape sequences</name>
+<name name="CVE-2003-0083">Filtered escape sequences</name>
</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0083">CAN-2003-0083</a>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0083">CVE-2003-0083</a>
<p>
Apache does not filter terminal escape sequences from its
access logs, which could make it easier for attackers to insert those
@@ -473,9 +473,9 @@
<dd>
<b>important: </b>
<b>
-<name name="CAN-2001-0729">Requests can cause directory listing to be displayed</name>
+<name name="CVE-2001-0729">Requests can cause directory listing to be displayed</name>
</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0729">CAN-2001-0729</a>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0729">CVE-2001-0729</a>
<p>A vulnerability was found in the Win32 port of
Apache 1.3.20. A client submitting a very long URI
could cause a directory listing to be returned rather than
@@ -574,9 +574,9 @@
<dd>
<b>important: </b>
<b>
-<name name="CAN-2001-0925">Requests can cause directory listing to be displayed</name>
+<name name="CVE-2001-0925">Requests can cause directory listing to be displayed</name>
</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0925">CAN-2001-0925</a>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0925">CVE-2001-0925</a>
<p>The default installation can lead <samp>mod_negotiation</samp> and
<samp>mod_dir</samp> or <samp>mod_autoindex</samp> to display a
directory listing instead of the multiview index.html file if a
@@ -625,9 +625,9 @@
<dd>
<b>important: </b>
<b>
-<name name="CAN-2000-1204">Mass virtual hosting can display CGI source</name>
+<name name="CVE-2000-1204">Mass virtual hosting can display CGI source</name>
</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1204">CAN-2000-1204</a>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1204">CVE-2000-1204</a>
<p>A security problem for users of the mass virtual hosting module,
<samp>mod_vhost_alias</samp>, causes
the source to a CGI to be sent if the <samp>cgi-bin</samp> directory is
@@ -675,9 +675,9 @@
<dd>
<b>important: </b>
<b>
-<name name="CAN-2000-1205">Cross-site scripting can reveal private session information</name>
+<name name="CVE-2000-1205">Cross-site scripting can reveal private session information</name>
</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1205">CAN-2000-1205</a>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1205">CVE-2000-1205</a>
<p>Apache was vulnerable to cross site scripting issues.
It was shown that malicious HTML tags can be embedded in client web
requests if the server or script handling the request does not
@@ -710,9 +710,9 @@
<dd>
<b>moderate: </b>
<b>
-<name name="CAN-2000-1206">Mass virtual hosting security issue</name>
+<name name="CVE-2000-1206">Mass virtual hosting security issue</name>
</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1206">CAN-2000-1206</a>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1206">CVE-2000-1206</a>
<p>A security problem can occur for sites using mass name-based virtual
hosting (using
the new <samp>mod_vhost_alias</samp> module) or with special
Modified: httpd/site/trunk/docs/security/vulnerabilities_20.html
URL: http://svn.apache.org/viewcvs/httpd/site/trunk/docs/security/vulnerabilities_20.html?rev=326439&r1=326438&r2=326439&view=diff
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities_20.html (original)
+++ httpd/site/trunk/docs/security/vulnerabilities_20.html Wed Oct 19 00:58:06 2005
@@ -92,9 +92,9 @@
<dd>
<b>important: </b>
<b>
-<name name="CAN-2005-2700">SSLVerifyClient bypass</name>
+<name name="CVE-2005-2700">SSLVerifyClient bypass</name>
</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2700">CAN-2005-2700</a>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2700">CVE-2005-2700</a>
<p>
A flaw in the mod_ssl handling of the "SSLVerifyClient"
directive. This flaw would occur if a virtual host has been configured
@@ -114,9 +114,9 @@
<dd>
<b>low: </b>
<b>
-<name name="CAN-2005-2491">PCRE overflow</name>
+<name name="CVE-2005-2491">PCRE overflow</name>
</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491">CAN-2005-2491</a>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2491">CVE-2005-2491</a>
<p>
An integer overflow flaw was found in PCRE, a Perl-compatible regular
expression library included within httpd. A local user who has the
@@ -135,9 +135,9 @@
<dd>
<b>low: </b>
<b>
-<name name="CAN-2005-1268">Malicious CRL off-by-one</name>
+<name name="CVE-2005-1268">Malicious CRL off-by-one</name>
</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1268">CAN-2005-1268</a>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1268">CVE-2005-1268</a>
<p>
An off-by-one stack overflow was discovered in the mod_ssl CRL
verification callback. In order to exploit this issue the Apache
@@ -155,9 +155,9 @@
<dd>
<b>moderate: </b>
<b>
-<name name="CAN-2005-2728">Byterange filter DoS</name>
+<name name="CVE-2005-2728">Byterange filter DoS</name>
</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2728">CAN-2005-2728</a>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2728">CVE-2005-2728</a>
<p>
A flaw in the byterange filter would cause some responses to be buffered
into memory. If a server has a dynamic resource such as a CGI
@@ -176,9 +176,9 @@
<dd>
<b>moderate: </b>
<b>
-<name name="CAN-2005-2088">HTTP Request Spoofing</name>
+<name name="CVE-2005-2088">HTTP Request Spoofing</name>
</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2088">CAN-2005-2088</a>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2088">CVE-2005-2088</a>
<p>
A flaw occured when using the Apache server as a HTTP proxy. A remote
attacker could send a HTTP request with both a "Transfer-Encoding:
@@ -212,9 +212,9 @@
<dd>
<b>important: </b>
<b>
-<name name="CAN-2004-0942">Memory consumption DoS</name>
+<name name="CVE-2004-0942">Memory consumption DoS</name>
</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0942">CAN-2004-0942</a>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0942">CVE-2004-0942</a>
<p>
An issue was discovered where the field length limit was not enforced
for certain malicious requests. This could allow a remote attacker who
@@ -233,9 +233,9 @@
<dd>
<b>low: </b>
<b>
-<name name="CAN-2004-1834">mod_disk_cache stores sensitive headers</name>
+<name name="CVE-2004-1834">mod_disk_cache stores sensitive headers</name>
</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1834">CAN-2004-1834</a>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1834">CVE-2004-1834</a>
<p>
The experimental mod_disk_cache module stored client authentication
credentials for cached objects such as proxy authentication credentials
@@ -252,9 +252,9 @@
<dd>
<b>moderate: </b>
<b>
-<name name="CAN-2004-0885">SSLCipherSuite bypass</name>
+<name name="CVE-2004-0885">SSLCipherSuite bypass</name>
</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0885">CAN-2004-0885</a>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0885">CVE-2004-0885</a>
<p>
An issue has been discovered in the mod_ssl module when configured to use
the "SSLCipherSuite" directive in directory or location context. If a
@@ -286,9 +286,9 @@
<dd>
<b>important: </b>
<b>
-<name name="CAN-2004-0811">Basic authentication bypass</name>
+<name name="CVE-2004-0811">Basic authentication bypass</name>
</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0811">CAN-2004-0811</a>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0811">CVE-2004-0811</a>
<p>
A flaw in Apache 2.0.51 (only) broke the merging of the Satisfy
directive which could result in access being granted to
@@ -318,9 +318,9 @@
<dd>
<b>critical: </b>
<b>
-<name name="CAN-2004-0786">IPv6 URI parsing heap overflow</name>
+<name name="CVE-2004-0786">IPv6 URI parsing heap overflow</name>
</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0786">CAN-2004-0786</a>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0786">CVE-2004-0786</a>
<p>
Testing using the Codenomicon HTTP Test Tool performed by the Apache
Software Foundation security group and Red Hat uncovered an input
@@ -340,9 +340,9 @@
<dd>
<b>important: </b>
<b>
-<name name="CAN-2004-0748">SSL connection infinite loop</name>
+<name name="CVE-2004-0748">SSL connection infinite loop</name>
</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0748">CAN-2004-0748</a>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0748">CVE-2004-0748</a>
<p>
An issue was discovered in the mod_ssl module in Apache 2.0.
A remote attacker who forces an SSL connection to
@@ -360,9 +360,9 @@
<dd>
<b>low: </b>
<b>
-<name name="CAN-2004-0747">Environment variable expansion flaw</name>
+<name name="CVE-2004-0747">Environment variable expansion flaw</name>
</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0747">CAN-2004-0747</a>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0747">CVE-2004-0747</a>
<p>
The Swedish IT Incident Centre (SITIC) reported a buffer overflow in the
expansion of environment variables during configuration file parsing. This
@@ -381,9 +381,9 @@
<dd>
<b>low: </b>
<b>
-<name name="CAN-2004-0751">Malicious SSL proxy can cause crash</name>
+<name name="CVE-2004-0751">Malicious SSL proxy can cause crash</name>
</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0751">CAN-2004-0751</a>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0751">CVE-2004-0751</a>
<p>
An issue was discovered in the mod_ssl module in Apache 2.0.44-2.0.50
which could be triggered if
@@ -404,9 +404,9 @@
<dd>
<b>low: </b>
<b>
-<name name="CAN-2004-0809">WebDAV remote crash</name>
+<name name="CVE-2004-0809">WebDAV remote crash</name>
</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0809">CAN-2004-0809</a>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0809">CVE-2004-0809</a>
<p>
An issue was discovered in the mod_dav module which could be triggered
for a location where WebDAV authoring access has been configured. A
@@ -440,9 +440,9 @@
<dd>
<b>important: </b>
<b>
-<name name="CAN-2004-0493">Header parsing memory leak</name>
+<name name="CVE-2004-0493">Header parsing memory leak</name>
</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0493">CAN-2004-0493</a>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0493">CVE-2004-0493</a>
<p>
A memory leak in parsing of HTTP headers which can be triggered
remotely may allow a denial of service attack due to excessive memory
@@ -459,9 +459,9 @@
<dd>
<b>low: </b>
<b>
-<name name="CAN-2004-0488">FakeBasicAuth overflow</name>
+<name name="CVE-2004-0488">FakeBasicAuth overflow</name>
</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488">CAN-2004-0488</a>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0488">CVE-2004-0488</a>
<p>
A buffer overflow in the mod_ssl FakeBasicAuth code could be exploited
by an attacker using a (trusted) client certificate with a subject DN
@@ -491,9 +491,9 @@
<dd>
<b>important: </b>
<b>
-<name name="CAN-2004-0174">listening socket starvation</name>
+<name name="CVE-2004-0174">listening socket starvation</name>
</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0174">CAN-2004-0174</a>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0174">CVE-2004-0174</a>
<p>
A starvation issue on listening sockets occurs when a short-lived
connection on a rarely-accessed listening socket will cause a child to
@@ -566,9 +566,9 @@
<dd>
<b>low: </b>
<b>
-<name name="CAN-2003-0542">Local configuration regular expression overflow</name>
+<name name="CVE-2003-0542">Local configuration regular expression overflow</name>
</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0542">CAN-2003-0542</a>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0542">CVE-2003-0542</a>
<p>
By using a regular expression with more than 9 captures a buffer
overflow can occur in mod_alias or mod_rewrite. To exploit this an
@@ -586,9 +586,9 @@
<dd>
<b>moderate: </b>
<b>
-<name name="CAN-2003-0789">CGI output information leak</name>
+<name name="CVE-2003-0789">CGI output information leak</name>
</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0789">CAN-2003-0789</a>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0789">CVE-2003-0789</a>
<p>
A bug in mod_cgid mishandling of CGI redirect paths can result in
CGI output going to the wrong client when a threaded MPM
@@ -618,9 +618,9 @@
<dd>
<b>important: </b>
<b>
-<name name="CAN-2003-0253">Remote DoS with multiple Listen directives</name>
+<name name="CVE-2003-0253">Remote DoS with multiple Listen directives</name>
</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0253">CAN-2003-0253</a>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0253">CVE-2003-0253</a>
<p>
In a server with multiple listening sockets a certain error returned
by accept() on a rarely access port can cause a temporary denial of
@@ -637,9 +637,9 @@
<dd>
<b>low: </b>
<b>
-<name name="CAN-2003-0192">mod_ssl renegotiation issue</name>
+<name name="CVE-2003-0192">mod_ssl renegotiation issue</name>
</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0192">CAN-2003-0192</a>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0192">CVE-2003-0192</a>
<p>
A bug in the optional renegotiation code in mod_ssl included with
Apache httpd can cause cipher suite restrictions to be ignored.
@@ -658,9 +658,9 @@
<dd>
<b>moderate: </b>
<b>
-<name name="CAN-2003-0254">Remote DoS via IPv6 ftp proxy</name>
+<name name="CVE-2003-0254">Remote DoS via IPv6 ftp proxy</name>
</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0254">CAN-2003-0254</a>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0254">CVE-2003-0254</a>
<p>
When a client requests that proxy ftp connect to a ftp server with
IPv6 address, and the proxy is unable to create an IPv6 socket,
@@ -690,9 +690,9 @@
<dd>
<b>critical: </b>
<b>
-<name name="CAN-2003-0245">APR remote crash</name>
+<name name="CVE-2003-0245">APR remote crash</name>
</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0245">CAN-2003-0245</a>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0245">CVE-2003-0245</a>
<p>
A vulnerability in the apr_psprintf function in the Apache Portable
Runtime (APR) library allows remote
@@ -711,9 +711,9 @@
<dd>
<b>important: </b>
<b>
-<name name="CAN-2003-0189">Basic Authentication DoS</name>
+<name name="CVE-2003-0189">Basic Authentication DoS</name>
</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0189">CAN-2003-0189</a>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0189">CVE-2003-0189</a>
<p>
A build system problem in Apache 2.0.40 through 2.0.45 allows remote attackers
to cause a denial of access to authenticated content when a threaded
@@ -730,9 +730,9 @@
<dd>
<b>important: </b>
<b>
-<name name="CAN-2003-0134">OS2 device name DoS</name>
+<name name="CVE-2003-0134">OS2 device name DoS</name>
</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0134">CAN-2003-0134</a>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0134">CVE-2003-0134</a>
<p>
Apache on OS2 up to and including Apache 2.0.45
have a Denial of Service vulnerability caused by
@@ -749,9 +749,9 @@
<dd>
<b>low: </b>
<b>
-<name name="CAN-2003-0083">Filtered escape sequences</name>
+<name name="CVE-2003-0083">Filtered escape sequences</name>
</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0083">CAN-2003-0083</a>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0083">CVE-2003-0083</a>
<p>
Apache did not filter terminal escape sequences from its
access logs, which could make it easier for attackers to insert those
@@ -782,9 +782,9 @@
<dd>
<b>important: </b>
<b>
-<name name="CAN-2003-0132">Line feed memory leak DoS</name>
+<name name="CVE-2003-0132">Line feed memory leak DoS</name>
</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0132">CAN-2003-0132</a>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0132">CVE-2003-0132</a>
<p>
Apache 2.0 versions before Apache 2.0.45 had a significant Denial of
Service vulnerability. Remote attackers could cause a denial of service
@@ -913,9 +913,9 @@
<dd>
<b>moderate: </b>
<b>
-<name name="CAN-2002-1593">mod_dav crash</name>
+<name name="CVE-2002-1593">mod_dav crash</name>
</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1593">CAN-2002-1593</a>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1593">CVE-2002-1593</a>
<p>
A flaw was found in handling of versioning hooks in mod_dav. An attacker
could send a carefully crafted request in such a way to cause the child
@@ -946,9 +946,9 @@
<dd>
<b>important: </b>
<b>
-<name name="CAN-2002-0661">Path vulnerability</name>
+<name name="CVE-2002-0661">Path vulnerability</name>
</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0661">CAN-2002-0661</a>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0661">CVE-2002-0661</a>
<p>Certain URIs would bypass security
and allow users to invoke or access any file depending on the system
configuration. Affects Windows, OS2, Netware and Cygwin platforms
@@ -964,9 +964,9 @@
<dd>
<b>low: </b>
<b>
-<name name="CAN-2002-0654">Path revealing exposures</name>
+<name name="CVE-2002-0654">Path revealing exposures</name>
</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0654">CAN-2002-0654</a>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0654">CVE-2002-0654</a>
<p>A path-revealing exposure was present in multiview type
map negotiation (such as the default error documents) where a
module would report the full path of the typemapped .var file when
@@ -1030,9 +1030,9 @@
<dd>
<b>low: </b>
<b>
-<name name="CAN-2002-1592">Warning messages could be displayed to users</name>
+<name name="CVE-2002-1592">Warning messages could be displayed to users</name>
</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1592">CAN-2002-1592</a>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1592">CVE-2002-1592</a>
<p>
In some cases warning messages could get returned to end users in
addition to being recorded in the error log. This could reveal the
Modified: httpd/site/trunk/xdocs/download.xml
URL: http://svn.apache.org/viewcvs/httpd/site/trunk/xdocs/download.xml?rev=326439&r1=326438&r2=326439&view=diff
==============================================================================
--- httpd/site/trunk/xdocs/download.xml (original)
+++ httpd/site/trunk/xdocs/download.xml Wed Oct 19 00:58:06 2005
@@ -136,8 +136,8 @@
<p>Apache 1.3.34 is the best available version of the 1.3 series, and
is recommended over all previous 1.3 releases. This release adds several
enhancements, fixes a number of bugs and addresses 2 security issues described in
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0940">CAN-2004-0940 (cve.mitre.org)</a> and
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0492">CAN-2004-0492 (cve.mitre.org)</a>.</p>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0940">CVE-2004-0940 (cve.mitre.org)</a> and
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0492">CVE-2004-0492 (cve.mitre.org)</a>.</p>
<p>For additional details, read the <a
href="http://www.apache.org/dist/httpd/Announcement1.3.html">Official
Modified: httpd/site/trunk/xdocs/info/security_bulletin_20020617.txt
URL: http://svn.apache.org/viewcvs/httpd/site/trunk/xdocs/info/security_bulletin_20020617.txt?rev=326439&r1=326438&r2=326439&view=diff
==============================================================================
--- httpd/site/trunk/xdocs/info/security_bulletin_20020617.txt (original)
+++ httpd/site/trunk/xdocs/info/security_bulletin_20020617.txt Wed Oct 19 00:58:06 2005
@@ -24,7 +24,7 @@
which has forced the early release of this advisory.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
-assigned the name CAN-2002-0392 to this issue.
+assigned the name CVE-2002-0392 to this issue.
Description:
Modified: httpd/site/trunk/xdocs/info/security_bulletin_20020620.txt
URL: http://svn.apache.org/viewcvs/httpd/site/trunk/xdocs/info/security_bulletin_20020620.txt?rev=326439&r1=326438&r2=326439&view=diff
==============================================================================
--- httpd/site/trunk/xdocs/info/security_bulletin_20020620.txt (original)
+++ httpd/site/trunk/xdocs/info/security_bulletin_20020620.txt Wed Oct 19 00:58:06 2005
@@ -8,7 +8,7 @@
Versions: Apache 1.3 all versions including 1.3.24; Apache 2.0 all versions
up to 2.0.36; Apache 1.2 all versions.
-CAN-2002-0392 (mitre.org) [CERT VU#944335]
+CVE-2002-0392 (mitre.org) [CERT VU#944335]
- ----------------------------------------------------------
------------UPDATED ADVISORY------------
Modified: httpd/site/trunk/xdocs/info/security_bulletin_20020809a.txt
URL: http://svn.apache.org/viewcvs/httpd/site/trunk/xdocs/info/security_bulletin_20020809a.txt?rev=326439&r1=326438&r2=326439&view=diff
==============================================================================
--- httpd/site/trunk/xdocs/info/security_bulletin_20020809a.txt (original)
+++ httpd/site/trunk/xdocs/info/security_bulletin_20020809a.txt Wed Oct 19 00:58:06 2005
@@ -14,7 +14,7 @@
Vendor URL: http://httpd.apache.org/
Affects: All Released versions of 2.0 through 2.0.39
Fixed in: 2.0.40
- Identifiers: CAN-2002-0661
+ Identifiers: CVE-2002-0661
=============== DESCRIPTION ================
@@ -50,9 +50,9 @@
=============== REFERENCES ================
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
-assigned the name CAN-2002-0661 to this issue.
+assigned the name CVE-2002-0661 to this issue.
-http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0661
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0661
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
Modified: httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
URL: http://svn.apache.org/viewcvs/httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml?rev=326439&r1=326438&r2=326439&view=diff
==============================================================================
--- httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml (original)
+++ httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml Wed Oct 19 00:58:06 2005
@@ -1,7 +1,7 @@
<security updated="20051014">
<issue fixed="2.0.55" public="20050707" reported="20050707" released="20051014">
-<cve name="CAN-2005-2728"/>
+<cve name="CVE-2005-2728"/>
<severity level="3">moderate</severity>
<title>Byterange filter DoS</title>
<description>
@@ -34,7 +34,7 @@
</issue>
<issue fixed="2.0.55" public="20050830" reported="20050830" released="20051014">
-<cve name="CAN-2005-2700"/>
+<cve name="CVE-2005-2700"/>
<severity level="2">important</severity>
<title>SSLVerifyClient bypass</title>
<description>
@@ -68,7 +68,7 @@
</issue>
<issue fixed="2.0.55" public="20050801" released="20051014">
-<cve name="CAN-2005-2491"/>
+<cve name="CVE-2005-2491"/>
<severity level="4">low</severity>
<title>PCRE overflow</title>
<description>
@@ -101,7 +101,7 @@
</issue>
<issue fixed="2.0.55" public="20050611" released="20051014">
-<cve name="CAN-2005-2088"/>
+<cve name="CVE-2005-2088"/>
<severity level="3">moderate</severity>
<title>HTTP Request Spoofing</title>
<description>
@@ -136,7 +136,7 @@
</issue>
<issue fixed="2.0.55" public="20050608" released="20051014">
-<cve name="CAN-2005-1268"/>
+<cve name="CVE-2005-1268"/>
<severity level="4">low</severity>
<title>Malicious CRL off-by-one</title>
<description>
@@ -168,7 +168,7 @@
</issue>
<issue fixed="2.0.53" public="20041101" released="20050208" reported="20041028">
-<cve name="CAN-2004-0942"/>
+<cve name="CVE-2004-0942"/>
<severity level="2">important</severity>
<title>Memory consumption DoS</title>
<description>
@@ -199,7 +199,7 @@
</issue>
<issue fixed="1.3.33" public="20041021" released="20041028" reported="20041021">
-<cve name="CAN-2004-0940"/>
+<cve name="CVE-2004-0940"/>
<title>mod_include overflow</title>
<severity level="3">moderate</severity>
<description>
@@ -233,7 +233,7 @@
</issue>
<issue fixed="2.0.53" public="20041001" reported="20041001" released="20050208">
-<cve name="CAN-2004-0885"/>
+<cve name="CVE-2004-0885"/>
<severity level="3">moderate</severity>
<title>SSLCipherSuite bypass</title>
<description>
@@ -264,7 +264,7 @@
</issue>
<issue fixed="2.0.53" public="20040320" reported="20040302" released="20050208">
-<cve name="CAN-2004-1834"/>
+<cve name="CVE-2004-1834"/>
<severity level="4">low</severity>
<title>mod_disk_cache stores sensitive headers</title>
<description>
@@ -293,7 +293,7 @@
</issue>
<issue fixed="2.0.52" released="20040928" public="20040918" reported="20040918">
-<cve name="CAN-2004-0811"/>
+<cve name="CVE-2004-0811"/>
<title>Basic authentication bypass</title>
<severity level="2">important</severity>
<description>
@@ -307,7 +307,7 @@
</issue>
<issue fixed="2.0.51" public="20040915" released="20040915" reported="20040825">
-<cve name="CAN-2004-0786"/>
+<cve name="CVE-2004-0786"/>
<title>IPv6 URI parsing heap overflow</title>
<severity level="1">critical</severity>
<description>
@@ -337,7 +337,7 @@
</issue>
<issue fixed="2.0.51" public="20040915" released="20040915" reported="20040805">
-<cve name="CAN-2004-0747"/>
+<cve name="CVE-2004-0747"/>
<severity level="4">low</severity>
<title>Environment variable expansion flaw</title>
<description>
@@ -366,7 +366,7 @@
</issue>
<issue fixed="2.0.51" released="20040915" public="20040707" reported="20040707">
-<cve name="CAN-2004-0751"/>
+<cve name="CVE-2004-0751"/>
<severity level="4">low</severity>
<title>Malicious SSL proxy can cause crash</title>
<description>
@@ -390,7 +390,7 @@
</issue>
<issue fixed="2.0.51" released="20040915" public="20040707" reported="20040707">
-<cve name="CAN-2004-0748"/>
+<cve name="CVE-2004-0748"/>
<severity level="2">important</severity>
<title>SSL connection infinite loop</title>
<description>
@@ -418,7 +418,7 @@
</issue>
<issue fixed="2.0.51" public="20040912" reported="20040912" released="20040915">
-<cve name="CAN-2004-0809"/>
+<cve name="CVE-2004-0809"/>
<title>WebDAV remote crash</title>
<severity level="4">low</severity>
<description>
@@ -449,7 +449,7 @@
</issue>
<issue fixed="2.0.50" released="20040701" reported="20040613" public="20040701">
-<cve name="CAN-2004-0493"/>
+<cve name="CVE-2004-0493"/>
<title>Header parsing memory leak</title>
<severity level="2">important</severity>
<description>
@@ -475,7 +475,7 @@
</issue>
<issue fixed="2.0.50" released="20040701" public="20040517">
-<cve name="CAN-2004-0488"/>
+<cve name="CVE-2004-0488"/>
<severity level="4">low</severity>
<title>FakeBasicAuth overflow</title>
<description>
@@ -501,7 +501,7 @@
</issue>
<issue fixed="1.3.32" public="20030610" released="20041020" reported="20030608">
-<cve name="CAN-2004-0492"/>
+<cve name="CVE-2004-0492"/>
<severity level="3">moderate</severity>
<title>mod_proxy buffer overflow</title>
<description>
@@ -557,7 +557,7 @@
</issue>
<issue fixed="1.3.31" public="20031218" released="20040512" reported="20031218">
-<cve name="CAN-2003-0987"/>
+<cve name="CVE-2003-0987"/>
<severity level="4">low</severity>
<title>mod_digest nonce checking</title>
<description>
@@ -595,7 +595,7 @@
</issue>
<issue fixed="1.3.31" public="20040318" released="20040512" reported="20040225">
-<cve name="CAN-2004-0174"/>
+<cve name="CVE-2004-0174"/>
<severity level="2">important</severity>
<title>listening socket starvation</title>
<description>
@@ -631,7 +631,7 @@
</issue>
<issue fixed="2.0.49" public="20040318" released="20040319" reported="20040225">
-<cve name="CAN-2004-0174"/>
+<cve name="CVE-2004-0174"/>
<severity level="2">important</severity>
<title>listening socket starvation</title>
<description>
@@ -743,7 +743,7 @@
</issue>
<issue fixed="2.0.48" public="20031027" released="20031027" reported="20031003">
-<cve name="CAN-2003-0789"/>
+<cve name="CVE-2003-0789"/>
<title>CGI output information leak</title>
<severity level="3">moderate</severity>
<description>
@@ -767,7 +767,7 @@
</issue>
<issue fixed="1.3.29" public="20031027" released="20031027" reported="20030804">
-<cve name="CAN-2003-0542"/>
+<cve name="CVE-2003-0542"/>
<severity level="4">low</severity>
<title>Local configuration regular expression overflow</title>
<description>
@@ -799,7 +799,7 @@
</issue>
<issue fixed="2.0.48" public="20031027" released="20031027" reported="20030804">
-<cve name="CAN-2003-0542"/>
+<cve name="CVE-2003-0542"/>
<severity level="4">low</severity>
<title>Local configuration regular expression overflow</title>
<description>
@@ -824,7 +824,7 @@
</issue>
<issue fixed="1.3.28" public="20030718" released="20030718" reported="20030704">
-<cve name="CAN-2003-0460"/>
+<cve name="CVE-2003-0460"/>
<severity level="2">important</severity>
<title>RotateLogs DoS</title>
<description>
@@ -852,7 +852,7 @@
</issue>
<issue fixed="2.0.47" public="20030709" released="20030709" reported="20030625">
-<cve name="CAN-2003-0254"/>
+<cve name="CVE-2003-0254"/>
<severity level="3">moderate</severity>
<title>Remote DoS via IPv6 ftp proxy</title>
<description>
@@ -875,7 +875,7 @@
</issue>
<issue fixed="2.0.47" public="20030709" released="20030709" reported="20030625">
-<cve name="CAN-2003-0253"/>
+<cve name="CVE-2003-0253"/>
<severity level="2">important</severity>
<title>Remote DoS with multiple Listen directives</title>
<description>
@@ -898,7 +898,7 @@
</issue>
<issue fixed="2.0.47" public="20030709" released="20030709" reported="20030430">
-<cve name="CAN-2003-0192"/>
+<cve name="CVE-2003-0192"/>
<title>mod_ssl renegotiation issue</title>
<severity level="4">low</severity>
<description>
@@ -923,7 +923,7 @@
</issue>
<issue fixed="2.0.46" public="20030528" released="20030528" reported="20030409">
-<cve name="CAN-2003-0245"/>
+<cve name="CVE-2003-0245"/>
<severity level="1">critical</severity>
<title>APR remote crash</title>
<description>
@@ -945,7 +945,7 @@
</issue>
<issue fixed="2.0.46" public="20030528" released="20030528" reported="20030425">
-<cve name="CAN-2003-0189"/>
+<cve name="CVE-2003-0189"/>
<severity level="2">important</severity>
<title>Basic Authentication DoS</title>
<description>
@@ -963,7 +963,7 @@
</issue>
<issue fixed="2.0.46" public="20040402" released="20040402">
-<cve name="CAN-2003-0134"/>
+<cve name="CVE-2003-0134"/>
<severity level="2">important</severity>
<title>OS2 device name DoS</title>
<description>
@@ -985,7 +985,7 @@
</issue>
<issue fixed="2.0.46" released="20040402" public="20030224" reported="20030224">
-<cve name="CAN-2003-0083"/>
+<cve name="CVE-2003-0083"/>
<severity level="4">low</severity>
<title>Filtered escape sequences</title>
<description>
@@ -1008,7 +1008,7 @@
</issue>
<issue fixed="2.0.45" public="20040402" released="20040402">
-<cve name="CAN-2003-0132"/>
+<cve name="CVE-2003-0132"/>
<severity level="2">important</severity>
<title>Line feed memory leak DoS</title>
<description>
@@ -1070,7 +1070,7 @@
</issue>
<issue fixed="1.3.27" public="20021003" released="20021003" reported="20020923">
-<cve name="CAN-2002-0843"/>
+<cve name="CVE-2002-0843"/>
<severity level="2">important</severity>
<flaw type="buf"/>
<title>Buffer overflows in ab utility</title>
@@ -1098,7 +1098,7 @@
</issue>
<issue fixed="1.3.27" public="20021003" released="20021003" reported="20011111">
-<cve name="CAN-2002-0839"/>
+<cve name="CVE-2002-0839"/>
<severity level="2">important</severity>
<flaw type="perm"/>
<title>Shared memory permissions lead to local privilege escalation</title>
@@ -1161,7 +1161,7 @@
</issue>
<issue fixed="2.0.42" public="20020919" released="20020924">
-<cve name="CAN-2002-1593"/>
+<cve name="CVE-2002-1593"/>
<severity level="3">moderate</severity>
<title>mod_dav crash</title>
<description>
@@ -1220,7 +1220,7 @@
only.</p>
</description>
<os>win32</os><os>netware</os><os>os2</os><os>cygwin</os>
-<cve name="CAN-2002-0661"/>
+<cve name="CVE-2002-0661"/>
<affects prod="httpd" version="2.0.39"/>
<affects prod="httpd" version="2.0.37"/>
<affects prod="httpd" version="2.0.36"/>
@@ -1241,7 +1241,7 @@
child process /path-to-script/script.pl" revealing the full path
of the script.</p>
</description>
-<cve name="CAN-2002-0654"/>
+<cve name="CVE-2002-0654"/>
<affects prod="httpd" version="2.0.39"/>
<maybeaffects prod="httpd" version="2.0.37"/>
<maybeaffects prod="httpd" version="2.0.36"/>
@@ -1264,7 +1264,7 @@
</issue>
<issue fixed="2.0.36" public="20020422" released="20020508">
-<cve name="CAN-2002-1592"/>
+<cve name="CVE-2002-1592"/>
<severity issue="4">low</severity>
<title>Warning messages could be displayed to users</title>
<description>
@@ -1306,7 +1306,7 @@
</issue>
<issue fixed="1.3.26" released="20020618" reported="20030224" public="20030224">
-<cve name="CAN-2003-0083"/>
+<cve name="CVE-2003-0083"/>
<severity level="4">low</severity>
<title>Filtered escape sequences</title>
<description>
@@ -1372,7 +1372,7 @@
the default index page. </p>
</description>
<os>win32</os>
-<cve name="CAN-2001-0729"/>
+<cve name="CVE-2001-0729"/>
<affects prod="httpd" version="1.3.20"/>
</issue>
@@ -1494,7 +1494,7 @@
With too few trailing slashes the index.html file will be displayed, with
too many a 403 (forbidden) response will be given.</p>
</exploit>
- <cve name="CAN-2001-0925"/>
+ <cve name="CVE-2001-0925"/>
<flaw type="unk"/>
<affects prod="httpd" version="1.3.17"/>
<affects prod="httpd" version="1.3.14"/>
@@ -1548,7 +1548,7 @@
cgi-bin directory under a document root.</p>
</description>
<os>all</os>
- <cve name="CAN-2000-1204"/>
+ <cve name="CVE-2000-1204"/>
<flaw type="unk"/>
<affects prod="httpd" version="1.3.12"/>
<affects prod="httpd" version="1.3.11"/>
@@ -1591,7 +1591,7 @@
cookies used to authenticate
you to other sites.</p>
</description>
- <cve name="CAN-2000-1205"/>
+ <cve name="CVE-2000-1205"/>
<flaw type="css"/>
<os>all</os>
<affects prod="httpd" version="1.3.11"/>
@@ -1618,7 +1618,7 @@
</p>
</description>
<os>all</os>
-<cve name="CAN-2000-1206"/>
+<cve name="CVE-2000-1206"/>
<flaw type="unk"/>
<affects prod="httpd" version="1.3.9"/>
<!-- mod_rewrite stuff only below -->