You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by mj...@apache.org on 2006/04/07 11:39:37 UTC
svn commit: r392230 - in /httpd/site/trunk:
docs/security/vulnerabilities_13.html
xdocs/security/vulnerabilities-httpd.xml
Author: mjc
Date: Fri Apr 7 02:39:36 2006
New Revision: 392230
URL: http://svn.apache.org/viewcvs?rev=392230&view=rev
Log:
From: Mike O'Connor
Subject: Apacheweek security minor addition, I think
I think http://httpd.apache.org/security/vulnerabilities_13.html
should probably note that CAN-2005-2088 is (at least partially and
maybe completely) addressed in 1.3.34.
Modified:
httpd/site/trunk/docs/security/vulnerabilities_13.html
httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
Modified: httpd/site/trunk/docs/security/vulnerabilities_13.html
URL: http://svn.apache.org/viewcvs/httpd/site/trunk/docs/security/vulnerabilities_13.html?rev=392230&r1=392229&r2=392230&view=diff
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities_13.html (original)
+++ httpd/site/trunk/docs/security/vulnerabilities_13.html Fri Apr 7 02:39:36 2006
@@ -112,6 +112,42 @@
<table border="0" cellspacing="0" cellpadding="2" width="100%">
<tr><td bgcolor="#525D76">
<font color="#ffffff" face="arial,helvetica,sanserif">
+ <a name="1.3.34"><strong>Fixed in Apache httpd 1.3.34</strong></a>
+ </font>
+ </td></tr>
+ <tr><td>
+ <blockquote>
+<dl>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2005-2088">HTTP Request Spoofing</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2088">CVE-2005-2088</a>
+<p>
+A flaw occured when using the Apache server as a HTTP proxy. A remote
+attacker could send a HTTP request with both a "Transfer-Encoding:
+chunked" header and a Content-Length header, causing Apache to
+incorrectly handle and forward the body of the request in a way that
+causes the receiving server to process it as a separate HTTP request.
+This could allow the bypass of web application firewall protection or
+lead to cross-site scripting (XSS) attacks.
+</p>
+</dd>
+<dd>
+ Update Released: 18th October 2005<br />
+</dd>
+<dd>
+ Affects:
+ 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
+</dd>
+</dl>
+ </blockquote>
+ </td></tr>
+</table>
+ <table border="0" cellspacing="0" cellpadding="2" width="100%">
+ <tr><td bgcolor="#525D76">
+ <font color="#ffffff" face="arial,helvetica,sanserif">
<a name="1.3.33"><strong>Fixed in Apache httpd 1.3.33</strong></a>
</font>
</td></tr>
Modified: httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
URL: http://svn.apache.org/viewcvs/httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml?rev=392230&r1=392229&r2=392230&view=diff
==============================================================================
--- httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml (original)
+++ httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml Fri Apr 7 02:39:36 2006
@@ -253,6 +253,45 @@
<affects prod="httpd" version="2.0.35"/>
</issue>
+<issue fixed="1.3.34" public="20050611" released="20051018">
+<cve name="CVE-2005-2088"/>
+<severity level="3">moderate</severity>
+<title>HTTP Request Spoofing</title>
+<description>
+<p>
+A flaw occured when using the Apache server as a HTTP proxy. A remote
+attacker could send a HTTP request with both a "Transfer-Encoding:
+chunked" header and a Content-Length header, causing Apache to
+incorrectly handle and forward the body of the request in a way that
+causes the receiving server to process it as a separate HTTP request.
+This could allow the bypass of web application firewall protection or
+lead to cross-site scripting (XSS) attacks.
+</p>
+</description>
+ <affects prod="httpd" version="1.3.33"/>
+ <affects prod="httpd" version="1.3.32"/>
+ <affects prod="httpd" version="1.3.31"/>
+ <affects prod="httpd" version="1.3.29"/>
+ <affects prod="httpd" version="1.3.28"/>
+ <affects prod="httpd" version="1.3.27"/>
+ <affects prod="httpd" version="1.3.26"/>
+ <affects prod="httpd" version="1.3.24"/>
+ <affects prod="httpd" version="1.3.22"/>
+ <affects prod="httpd" version="1.3.20"/>
+ <affects prod="httpd" version="1.3.19"/>
+ <affects prod="httpd" version="1.3.17"/>
+ <affects prod="httpd" version="1.3.14"/>
+ <affects prod="httpd" version="1.3.12"/>
+ <affects prod="httpd" version="1.3.11"/>
+ <affects prod="httpd" version="1.3.9"/>
+ <affects prod="httpd" version="1.3.6"/>
+ <affects prod="httpd" version="1.3.4"/>
+ <affects prod="httpd" version="1.3.3"/>
+ <affects prod="httpd" version="1.3.2"/>
+ <affects prod="httpd" version="1.3.1"/>
+ <affects prod="httpd" version="1.3.0"/>
+</issue>
+
<issue fixed="2.0.55" public="20050611" released="20051014">
<cve name="CVE-2005-2088"/>
<severity level="3">moderate</severity>
Re: svn commit: r392230 - in /httpd/site/trunk:
docs/security/vulnerabilities_13.html xdocs/security/vulnerabilities-httpd.xml
Posted by Mark J Cox <ma...@awe.com>.
> 1.3 was UNAFFECTED
Yes, indeed it was me that insisted that this didn't affect 1.3, I'll
revert it :)
Cheers, Mark
Re: svn commit: r392230 - in /httpd/site/trunk: docs/security/vulnerabilities_13.html
xdocs/security/vulnerabilities-httpd.xml
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
WHY?
1.3 was UNAFFECTED by the original report, because chunking is NOT SUPPORTED.
The only reason I insisted on fixing it is that there were other similar
issues w.r.t. other handlers. I thought you were the one who insisted
that my patch didn't address -2088?
It'
Bill
mjc@apache.org wrote:
> Author: mjc
> Date: Fri Apr 7 02:39:36 2006
> New Revision: 392230
>
> URL: http://svn.apache.org/viewcvs?rev=392230&view=rev
> Log:
> From: Mike O'Connor
> Subject: Apacheweek security minor addition, I think
>
> I think http://httpd.apache.org/security/vulnerabilities_13.html
> should probably note that CAN-2005-2088 is (at least partially and
> maybe completely) addressed in 1.3.34.
>
>
> Modified:
> httpd/site/trunk/docs/security/vulnerabilities_13.html
> httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
>
> Modified: httpd/site/trunk/docs/security/vulnerabilities_13.html
> URL: http://svn.apache.org/viewcvs/httpd/site/trunk/docs/security/vulnerabilities_13.html?rev=392230&r1=392229&r2=392230&view=diff
> ==============================================================================
> --- httpd/site/trunk/docs/security/vulnerabilities_13.html (original)
> +++ httpd/site/trunk/docs/security/vulnerabilities_13.html Fri Apr 7 02:39:36 2006
> @@ -112,6 +112,42 @@
> <table border="0" cellspacing="0" cellpadding="2" width="100%">
> <tr><td bgcolor="#525D76">
> <font color="#ffffff" face="arial,helvetica,sanserif">
> + <a name="1.3.34"><strong>Fixed in Apache httpd 1.3.34</strong></a>
> + </font>
> + </td></tr>
> + <tr><td>
> + <blockquote>
> +<dl>
> +<dd>
> +<b>moderate: </b>
> +<b>
> +<name name="CVE-2005-2088">HTTP Request Spoofing</name>
> +</b>
> +<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2088">CVE-2005-2088</a>
> +<p>
> +A flaw occured when using the Apache server as a HTTP proxy. A remote
> +attacker could send a HTTP request with both a "Transfer-Encoding:
> +chunked" header and a Content-Length header, causing Apache to
> +incorrectly handle and forward the body of the request in a way that
> +causes the receiving server to process it as a separate HTTP request.
> +This could allow the bypass of web application firewall protection or
> +lead to cross-site scripting (XSS) attacks.
> +</p>
> +</dd>
> +<dd>
> + Update Released: 18th October 2005<br />
> +</dd>
> +<dd>
> + Affects:
> + 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
> +</dd>
> +</dl>
> + </blockquote>
> + </td></tr>
> +</table>
> + <table border="0" cellspacing="0" cellpadding="2" width="100%">
> + <tr><td bgcolor="#525D76">
> + <font color="#ffffff" face="arial,helvetica,sanserif">
> <a name="1.3.33"><strong>Fixed in Apache httpd 1.3.33</strong></a>
> </font>
> </td></tr>
>
> Modified: httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
> URL: http://svn.apache.org/viewcvs/httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml?rev=392230&r1=392229&r2=392230&view=diff
> ==============================================================================
> --- httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml (original)
> +++ httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml Fri Apr 7 02:39:36 2006
> @@ -253,6 +253,45 @@
> <affects prod="httpd" version="2.0.35"/>
> </issue>
>
> +<issue fixed="1.3.34" public="20050611" released="20051018">
> +<cve name="CVE-2005-2088"/>
> +<severity level="3">moderate</severity>
> +<title>HTTP Request Spoofing</title>
> +<description>
> +<p>
> +A flaw occured when using the Apache server as a HTTP proxy. A remote
> +attacker could send a HTTP request with both a "Transfer-Encoding:
> +chunked" header and a Content-Length header, causing Apache to
> +incorrectly handle and forward the body of the request in a way that
> +causes the receiving server to process it as a separate HTTP request.
> +This could allow the bypass of web application firewall protection or
> +lead to cross-site scripting (XSS) attacks.
> +</p>
> +</description>
> + <affects prod="httpd" version="1.3.33"/>
> + <affects prod="httpd" version="1.3.32"/>
> + <affects prod="httpd" version="1.3.31"/>
> + <affects prod="httpd" version="1.3.29"/>
> + <affects prod="httpd" version="1.3.28"/>
> + <affects prod="httpd" version="1.3.27"/>
> + <affects prod="httpd" version="1.3.26"/>
> + <affects prod="httpd" version="1.3.24"/>
> + <affects prod="httpd" version="1.3.22"/>
> + <affects prod="httpd" version="1.3.20"/>
> + <affects prod="httpd" version="1.3.19"/>
> + <affects prod="httpd" version="1.3.17"/>
> + <affects prod="httpd" version="1.3.14"/>
> + <affects prod="httpd" version="1.3.12"/>
> + <affects prod="httpd" version="1.3.11"/>
> + <affects prod="httpd" version="1.3.9"/>
> + <affects prod="httpd" version="1.3.6"/>
> + <affects prod="httpd" version="1.3.4"/>
> + <affects prod="httpd" version="1.3.3"/>
> + <affects prod="httpd" version="1.3.2"/>
> + <affects prod="httpd" version="1.3.1"/>
> + <affects prod="httpd" version="1.3.0"/>
> +</issue>
> +
> <issue fixed="2.0.55" public="20050611" released="20051014">
> <cve name="CVE-2005-2088"/>
> <severity level="3">moderate</severity>
>
>
>
>
Re: svn commit: r392230 - in /httpd/site/trunk: docs/security/vulnerabilities_13.html
xdocs/security/vulnerabilities-httpd.xml
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
WHY?
1.3 was UNAFFECTED by the original report, because chunking is NOT SUPPORTED.
The only reason I insisted on fixing it is that there were other similar
issues w.r.t. other handlers. I thought you were the one who insisted
that my patch didn't address -2088?
It'
Bill
mjc@apache.org wrote:
> Author: mjc
> Date: Fri Apr 7 02:39:36 2006
> New Revision: 392230
>
> URL: http://svn.apache.org/viewcvs?rev=392230&view=rev
> Log:
> From: Mike O'Connor
> Subject: Apacheweek security minor addition, I think
>
> I think http://httpd.apache.org/security/vulnerabilities_13.html
> should probably note that CAN-2005-2088 is (at least partially and
> maybe completely) addressed in 1.3.34.
>
>
> Modified:
> httpd/site/trunk/docs/security/vulnerabilities_13.html
> httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
>
> Modified: httpd/site/trunk/docs/security/vulnerabilities_13.html
> URL: http://svn.apache.org/viewcvs/httpd/site/trunk/docs/security/vulnerabilities_13.html?rev=392230&r1=392229&r2=392230&view=diff
> ==============================================================================
> --- httpd/site/trunk/docs/security/vulnerabilities_13.html (original)
> +++ httpd/site/trunk/docs/security/vulnerabilities_13.html Fri Apr 7 02:39:36 2006
> @@ -112,6 +112,42 @@
> <table border="0" cellspacing="0" cellpadding="2" width="100%">
> <tr><td bgcolor="#525D76">
> <font color="#ffffff" face="arial,helvetica,sanserif">
> + <a name="1.3.34"><strong>Fixed in Apache httpd 1.3.34</strong></a>
> + </font>
> + </td></tr>
> + <tr><td>
> + <blockquote>
> +<dl>
> +<dd>
> +<b>moderate: </b>
> +<b>
> +<name name="CVE-2005-2088">HTTP Request Spoofing</name>
> +</b>
> +<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2088">CVE-2005-2088</a>
> +<p>
> +A flaw occured when using the Apache server as a HTTP proxy. A remote
> +attacker could send a HTTP request with both a "Transfer-Encoding:
> +chunked" header and a Content-Length header, causing Apache to
> +incorrectly handle and forward the body of the request in a way that
> +causes the receiving server to process it as a separate HTTP request.
> +This could allow the bypass of web application firewall protection or
> +lead to cross-site scripting (XSS) attacks.
> +</p>
> +</dd>
> +<dd>
> + Update Released: 18th October 2005<br />
> +</dd>
> +<dd>
> + Affects:
> + 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
> +</dd>
> +</dl>
> + </blockquote>
> + </td></tr>
> +</table>
> + <table border="0" cellspacing="0" cellpadding="2" width="100%">
> + <tr><td bgcolor="#525D76">
> + <font color="#ffffff" face="arial,helvetica,sanserif">
> <a name="1.3.33"><strong>Fixed in Apache httpd 1.3.33</strong></a>
> </font>
> </td></tr>
>
> Modified: httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
> URL: http://svn.apache.org/viewcvs/httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml?rev=392230&r1=392229&r2=392230&view=diff
> ==============================================================================
> --- httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml (original)
> +++ httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml Fri Apr 7 02:39:36 2006
> @@ -253,6 +253,45 @@
> <affects prod="httpd" version="2.0.35"/>
> </issue>
>
> +<issue fixed="1.3.34" public="20050611" released="20051018">
> +<cve name="CVE-2005-2088"/>
> +<severity level="3">moderate</severity>
> +<title>HTTP Request Spoofing</title>
> +<description>
> +<p>
> +A flaw occured when using the Apache server as a HTTP proxy. A remote
> +attacker could send a HTTP request with both a "Transfer-Encoding:
> +chunked" header and a Content-Length header, causing Apache to
> +incorrectly handle and forward the body of the request in a way that
> +causes the receiving server to process it as a separate HTTP request.
> +This could allow the bypass of web application firewall protection or
> +lead to cross-site scripting (XSS) attacks.
> +</p>
> +</description>
> + <affects prod="httpd" version="1.3.33"/>
> + <affects prod="httpd" version="1.3.32"/>
> + <affects prod="httpd" version="1.3.31"/>
> + <affects prod="httpd" version="1.3.29"/>
> + <affects prod="httpd" version="1.3.28"/>
> + <affects prod="httpd" version="1.3.27"/>
> + <affects prod="httpd" version="1.3.26"/>
> + <affects prod="httpd" version="1.3.24"/>
> + <affects prod="httpd" version="1.3.22"/>
> + <affects prod="httpd" version="1.3.20"/>
> + <affects prod="httpd" version="1.3.19"/>
> + <affects prod="httpd" version="1.3.17"/>
> + <affects prod="httpd" version="1.3.14"/>
> + <affects prod="httpd" version="1.3.12"/>
> + <affects prod="httpd" version="1.3.11"/>
> + <affects prod="httpd" version="1.3.9"/>
> + <affects prod="httpd" version="1.3.6"/>
> + <affects prod="httpd" version="1.3.4"/>
> + <affects prod="httpd" version="1.3.3"/>
> + <affects prod="httpd" version="1.3.2"/>
> + <affects prod="httpd" version="1.3.1"/>
> + <affects prod="httpd" version="1.3.0"/>
> +</issue>
> +
> <issue fixed="2.0.55" public="20050611" released="20051014">
> <cve name="CVE-2005-2088"/>
> <severity level="3">moderate</severity>
>
>
>
>