You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by jo...@apache.org on 2015/07/17 16:26:25 UTC
svn commit: r1691570 -
/httpd/site/trunk/content/security/vulnerabilities-httpd.xml
Author: jorton
Date: Fri Jul 17 14:26:24 2015
New Revision: 1691570
URL: http://svn.apache.org/r1691570
Log:
Add CVE-2015-0253.
Modified:
httpd/site/trunk/content/security/vulnerabilities-httpd.xml
Modified: httpd/site/trunk/content/security/vulnerabilities-httpd.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/security/vulnerabilities-httpd.xml?rev=1691570&r1=1691569&r2=1691570&view=diff
==============================================================================
--- httpd/site/trunk/content/security/vulnerabilities-httpd.xml (original)
+++ httpd/site/trunk/content/security/vulnerabilities-httpd.xml Fri Jul 17 14:26:24 2015
@@ -1,5 +1,22 @@
<security updated="20150717">
+
+<issue fixed="2.4.16" reported="20150203" public="20150305" released="20150715">
+<cve name="CVE-2015-0253"/>
+<severity level="4">low</severity>
+<title>Crash in ErrorDocument 400 handling</title>
+<description><p>
+
+ A crash in ErrorDocument handling was found. If ErrorDocument 400
+ was configured pointing to a local URL-path with the INCLUDES filter
+ active, a NULL dereference would occur when handling the error,
+ causing the child process to crash. This issue affected the 2.4.12
+ release only.
+</p></description>
+<affects prod="httpd" version="2.4.12"/>
+</issue>
+
+
<issue fixed="2.4.16" reported="20150404" public="20150609" released="20150715">
<cve name="CVE-2015-3183"/>
<severity level="4">low</severity>