You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by co...@apache.org on 2023/01/17 19:16:38 UTC
[httpd-site] branch main updated: match v5
This is an automated email from the ASF dual-hosted git repository.
covener pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/httpd-site.git
The following commit(s) were added to refs/heads/main by this push:
new 0829696 match v5
new d8055c6 Merge branch 'main' of github.com:/apache/httpd-site
0829696 is described below
commit 08296963c50c21cd9e901eacc24a12f40d9c6978
Author: Eric Covener <ec...@us.ibm.com>
AuthorDate: Tue Jan 17 14:16:13 2023 -0500
match v5
---
content/security/json/CVE-2006-20001.json | 12 +-
content/security/json/CVE-2022-36760.json | 12 +-
content/security/json/CVE-2022-37436.json | 179 ++++++++++++++++--------------
3 files changed, 106 insertions(+), 97 deletions(-)
diff --git a/content/security/json/CVE-2006-20001.json b/content/security/json/CVE-2006-20001.json
index e054b0a..3d88580 100644
--- a/content/security/json/CVE-2006-20001.json
+++ b/content/security/json/CVE-2006-20001.json
@@ -91,6 +91,11 @@
"time": "2022-08-10T19:00:00.000Z",
"lang": "en",
"value": "Reported to security team"
+ },
+ {
+ "lang": "eng",
+ "time": "2023-01-17",
+ "value": "2.4.55 released"
}
],
"x_generator": {
@@ -100,11 +105,4 @@
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0",
- "timeline": [
- {
- "lang": "eng",
- "time": "2023-01-17",
- "value": "2.4.55 released"
- }
- ]
}
diff --git a/content/security/json/CVE-2022-36760.json b/content/security/json/CVE-2022-36760.json
index 206019b..c9104b5 100644
--- a/content/security/json/CVE-2022-36760.json
+++ b/content/security/json/CVE-2022-36760.json
@@ -77,6 +77,11 @@
"lang": "en",
"time": "2022-07-12T15:00:00.000Z",
"value": "Reported to security team"
+ },
+ {
+ "lang": "eng",
+ "time": "2023-01-17",
+ "value": "2.4.55 released"
}
],
"title": "Apache HTTP Server: mod_proxy_ajp Possible request smuggling",
@@ -93,11 +98,4 @@
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0",
- "timeline": [
- {
- "lang": "eng",
- "time": "2023-01-17",
- "value": "2.4.55 released"
- }
- ]
}
diff --git a/content/security/json/CVE-2022-37436.json b/content/security/json/CVE-2022-37436.json
index 28b89f7..00b2ff4 100644
--- a/content/security/json/CVE-2022-37436.json
+++ b/content/security/json/CVE-2022-37436.json
@@ -1,88 +1,101 @@
{
- "containers": {
- "cna": {
- "affected": [
- {
- "defaultStatus": "unaffected",
- "product": "Apache HTTP Server",
- "vendor": "Apache Software Foundation",
- "versions": [
- {
- "lessThan": "2.4.55",
- "status": "affected",
- "version": "0",
- "versionType": "semver"
- }
- ]
- }
- ],
- "credits": [
- {
- "lang": "en",
- "type": "finder",
- "value": "Dimas Fariski Setyawan Putra (@nyxsorcerer)"
- }
- ],
- "descriptions": [
- {
- "lang": "en",
- "supportingMedia": [
- {
- "base64": false,
- "type": "text/html",
- "value": "Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client."
- }
- ],
- "value": "Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client."
- }
- ],
- "metrics": [
- {
- "other": {
- "content": {
- "text": "moderate"
+ "containers": {
+ "cna": {
+ "affected": [
+ {
+ "defaultStatus": "unaffected",
+ "product": "Apache HTTP Server",
+ "vendor": "Apache Software Foundation",
+ "versions": [
+ {
+ "lessThan": "2.4.55",
+ "status": "affected",
+ "version": "0",
+ "versionType": "semver"
+ }
+ ]
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "type": "finder",
+ "value": "Dimas Fariski Setyawan Putra (@nyxsorcerer)"
+ }
+ ],
+ "descriptions": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client."
+ }
+ ],
+ "value": "Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client."
+ }
+ ],
+ "metrics": [
+ {
+ "other": {
+ "content": {
+ "text": "moderate"
+ },
+ "type": "Textual description of severity"
+ }
+ }
+ ],
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "cweId": "CWE-113",
+ "description": "CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers",
+ "lang": "en",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "providerMetadata": {
+ "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09"
},
- "type": "Textual description of severity"
- }
- }
- ],
- "problemTypes": [
- {
- "descriptions": [
- {
- "cweId": "CWE-113",
- "description": "CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers",
- "lang": "en",
- "type": "CWE"
+ "references": [
+ {
+ "tags": [
+ "vendor-advisory"
+ ],
+ "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
+ }
+ ],
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "timeline": [
+ {
+ "lang": "en",
+ "time": "2022-07-14T03:22:00.000Z",
+ "value": "Reported to security team"
+ },
+ {
+ "lang": "eng",
+ "time": "2023-01-17",
+ "value": "2.4.55 released"
+ }
+ ],
+ "title": "Apache HTTP Server: mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response splitting",
+ "x_generator": {
+ "engine": "Vulnogram 0.1.0-dev"
}
- ]
}
- ],
- "providerMetadata": {
- "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09"
- },
- "source": {
- "discovery": "UNKNOWN"
- },
- "title": "Apache HTTP Server: mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response splitting",
- "x_generator": {
- "engine": "Vulnogram 0.1.0-dev"
- }
- }
- },
- "cveMetadata": {
- "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
- "cveId": "CVE-2022-37436",
- "serial": 1,
- "state": "PUBLISHED"
- },
- "dataType": "CVE_RECORD",
- "dataVersion": "5.0",
- "timeline": [
- {
- "lang": "eng",
- "time": "2023-01-17",
- "value": "2.4.55 released"
- }
- ]
+ },
+ "cveMetadata": {
+ "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
+ "cveId": "CVE-2022-37436",
+ "serial": 1,
+ "state": "PUBLISHED"
+ },
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.0"
}