You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2012/06/27 19:58:47 UTC
[Bug 53478] New: Apache httpd - Security vulnerability,
https://issues.apache.org/bugzilla/show_bug.cgi?id=53478
Priority: P2
Bug ID: 53478
Assignee: bugs@httpd.apache.org
Summary: Apache httpd - Security vulnerability,
Severity: normal
Classification: Unclassified
OS: Linux
Reporter: gayesteele@motorola.com
Hardware: Sun
Status: NEW
Version: 2.3.15-beta
Component: Core
Product: Apache httpd-2
We are running httpd-2.2.3-45.el5 on Linux.
Security scans are reporting the following vulnerability.
Platform Affected: Web Server
Description: Apache httpd Ranges Header Field Memory Exhaustion
Find help with this vulnerability at:
https://foundstone.am.mot-mobility.com/vulnlist/Vulns/12561.html
The resolution for this issue appears to have been released in 2.2.22
We do not understand why this issue is in the version of apache that we are
running which seems to be more recent. I would assume the resolution would have
been rolled into later releases.
Apache HTTP Server 2.2.22 Released -level issue was resolved.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 53478] Apache httpd - Security vulnerability,
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=53478
Eric Covener <co...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Version|2.3.15-beta |2.2.3
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 53478] Apache httpd - Security vulnerability,
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=53478
--- Comment #2 from Eric Covener <co...@gmail.com> ---
whoops, "ASF _bugzilla_" is not for user support but for the reporting of bugs.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 53478] Apache httpd - Security vulnerability,
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=53478
Eric Covener <co...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |INVALID
--- Comment #1 from Eric Covener <co...@gmail.com> ---
You'll have to contact the provider of your scanner or httpd binaries if you
need help sorting this out, ASF is not for user support.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 53478] Apache httpd - Security vulnerability,
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=53478
--- Comment #3 from Christophe JAILLET <ch...@wanadoo.fr> ---
Should the version information given in intial description be accurate,
2.2.3 < 2.2.22
So nothing looks strange, AFAIK.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org