You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by mj...@apache.org on 2005/11/01 12:22:46 UTC
svn commit: r330027 - in /httpd/site/trunk:
docs/security/vulnerabilities_20.html
xdocs/security/vulnerabilities-httpd.xml
Author: mjc
Date: Tue Nov 1 03:22:35 2005
New Revision: 330027
URL: http://svn.apache.org/viewcvs?rev=330027&view=rev
Log:
Add missing CVE name from vulnerabilities list
Modified:
httpd/site/trunk/docs/security/vulnerabilities_20.html
httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
Modified: httpd/site/trunk/docs/security/vulnerabilities_20.html
URL: http://svn.apache.org/viewcvs/httpd/site/trunk/docs/security/vulnerabilities_20.html?rev=330027&r1=330026&r2=330027&view=diff
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities_20.html (original)
+++ httpd/site/trunk/docs/security/vulnerabilities_20.html Tue Nov 1 03:22:35 2005
@@ -155,6 +155,26 @@
<dd>
<b>moderate: </b>
<b>
+<name name="CVE-2005-2970">Worker MPM memory leak</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2970">CVE-2005-2970</a>
+<p>
+A memory leak in the worker MPM would allow remote attackers to cause
+a denial of service (memory consumption) via aborted connections,
+which prevents the memory for the transaction pool from being reused
+for other connections.
+</p>
+</dd>
+<dd>
+ Update Released: 14th October 2005<br />
+</dd>
+<dd>
+ Affects:
+ 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36<p />
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
<name name="CVE-2005-2728">Byterange filter DoS</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2728">CVE-2005-2728</a>
Modified: httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
URL: http://svn.apache.org/viewcvs/httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml?rev=330027&r1=330026&r2=330027&view=diff
==============================================================================
--- httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml (original)
+++ httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml Tue Nov 1 03:22:35 2005
@@ -1,4 +1,36 @@
-<security updated="20051014">
+<security updated="20051101">
+
+<issue fixed="2.0.55" released="20051014">
+<cve name="CVE-2005-2970"/>
+<severity level="3">moderate</severity>
+<title>Worker MPM memory leak</title>
+<description>
+<p>
+A memory leak in the worker MPM would allow remote attackers to cause
+a denial of service (memory consumption) via aborted connections,
+which prevents the memory for the transaction pool from being reused
+for other connections.
+</p>
+</description>
+<affects prod="httpd" version="2.0.54"/>
+<affects prod="httpd" version="2.0.53"/>
+<affects prod="httpd" version="2.0.52"/>
+<affects prod="httpd" version="2.0.51"/>
+<affects prod="httpd" version="2.0.50"/>
+<affects prod="httpd" version="2.0.49"/>
+<affects prod="httpd" version="2.0.48"/>
+<affects prod="httpd" version="2.0.47"/>
+<affects prod="httpd" version="2.0.46"/>
+<affects prod="httpd" version="2.0.45"/>
+<affects prod="httpd" version="2.0.44"/>
+<affects prod="httpd" version="2.0.43"/>
+<affects prod="httpd" version="2.0.42"/>
+<affects prod="httpd" version="2.0.40"/>
+<affects prod="httpd" version="2.0.39"/>
+<affects prod="httpd" version="2.0.37"/>
+<affects prod="httpd" version="2.0.36"/>
+<!-- bad code was added 20020428 therefore after 2.0.35 -->
+</issue>
<issue fixed="2.0.55" public="20050707" reported="20050707" released="20051014">
<cve name="CVE-2005-2728"/>