You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by wr...@apache.org on 2010/03/11 01:01:21 UTC
svn commit: r921637 - in /httpd/site/trunk/docs/security:
vulnerabilities-oval.xml vulnerabilities_22.html
Author: wrowe
Date: Thu Mar 11 00:01:20 2010
New Revision: 921637
URL: http://svn.apache.org/viewvc?rev=921637&view=rev
Log:
It seems 2.2.10 is long-neglected, it was in fact a release
Modified:
httpd/site/trunk/docs/security/vulnerabilities-oval.xml
httpd/site/trunk/docs/security/vulnerabilities_22.html
Modified: httpd/site/trunk/docs/security/vulnerabilities-oval.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/docs/security/vulnerabilities-oval.xml?rev=921637&r1=921636&r2=921637&view=diff
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities-oval.xml (original)
+++ httpd/site/trunk/docs/security/vulnerabilities-oval.xml Thu Mar 11 00:01:20 2010
@@ -37,6 +37,7 @@ fix for this issue.
<criterion test_ref="oval:org.apache.httpd:tst:2213" comment="the version of httpd is 2.2.13"/>
<criterion test_ref="oval:org.apache.httpd:tst:2212" comment="the version of httpd is 2.2.12"/>
<criterion test_ref="oval:org.apache.httpd:tst:2211" comment="the version of httpd is 2.2.11"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2210" comment="the version of httpd is 2.2.10"/>
<criterion test_ref="oval:org.apache.httpd:tst:229" comment="the version of httpd is 2.2.9"/>
<criterion test_ref="oval:org.apache.httpd:tst:228" comment="the version of httpd is 2.2.8"/>
<criterion test_ref="oval:org.apache.httpd:tst:226" comment="the version of httpd is 2.2.6"/>
@@ -99,6 +100,7 @@ proposing a patch fix for this issue.
<criterion test_ref="oval:org.apache.httpd:tst:2213" comment="the version of httpd is 2.2.13"/>
<criterion test_ref="oval:org.apache.httpd:tst:2212" comment="the version of httpd is 2.2.12"/>
<criterion test_ref="oval:org.apache.httpd:tst:2211" comment="the version of httpd is 2.2.11"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2210" comment="the version of httpd is 2.2.10"/>
<criterion test_ref="oval:org.apache.httpd:tst:229" comment="the version of httpd is 2.2.9"/>
<criterion test_ref="oval:org.apache.httpd:tst:228" comment="the version of httpd is 2.2.8"/>
<criterion test_ref="oval:org.apache.httpd:tst:226" comment="the version of httpd is 2.2.6"/>
@@ -180,6 +182,7 @@ proposing a patch fix for this issue.
<criterion test_ref="oval:org.apache.httpd:tst:2213" comment="the version of httpd is 2.2.13"/>
<criterion test_ref="oval:org.apache.httpd:tst:2212" comment="the version of httpd is 2.2.12"/>
<criterion test_ref="oval:org.apache.httpd:tst:2211" comment="the version of httpd is 2.2.11"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2210" comment="the version of httpd is 2.2.10"/>
<criterion test_ref="oval:org.apache.httpd:tst:229" comment="the version of httpd is 2.2.9"/>
<criterion test_ref="oval:org.apache.httpd:tst:228" comment="the version of httpd is 2.2.8"/>
<criterion test_ref="oval:org.apache.httpd:tst:226" comment="the version of httpd is 2.2.6"/>
@@ -212,6 +215,7 @@ event MPMs, resulting in a denial of ser
<criterion test_ref="oval:org.apache.httpd:tst:2213" comment="the version of httpd is 2.2.13"/>
<criterion test_ref="oval:org.apache.httpd:tst:2212" comment="the version of httpd is 2.2.12"/>
<criterion test_ref="oval:org.apache.httpd:tst:2211" comment="the version of httpd is 2.2.11"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2210" comment="the version of httpd is 2.2.10"/>
<criterion test_ref="oval:org.apache.httpd:tst:229" comment="the version of httpd is 2.2.9"/>
<criterion test_ref="oval:org.apache.httpd:tst:228" comment="the version of httpd is 2.2.8"/>
<criterion test_ref="oval:org.apache.httpd:tst:226" comment="the version of httpd is 2.2.6"/>
@@ -246,6 +250,7 @@ service.
<criterion test_ref="oval:org.apache.httpd:tst:2213" comment="the version of httpd is 2.2.13"/>
<criterion test_ref="oval:org.apache.httpd:tst:2212" comment="the version of httpd is 2.2.12"/>
<criterion test_ref="oval:org.apache.httpd:tst:2211" comment="the version of httpd is 2.2.11"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2210" comment="the version of httpd is 2.2.10"/>
<criterion test_ref="oval:org.apache.httpd:tst:229" comment="the version of httpd is 2.2.9"/>
<criterion test_ref="oval:org.apache.httpd:tst:228" comment="the version of httpd is 2.2.8"/>
<criterion test_ref="oval:org.apache.httpd:tst:226" comment="the version of httpd is 2.2.6"/>
@@ -280,6 +285,7 @@ to the FTP server.
<criterion test_ref="oval:org.apache.httpd:tst:2213" comment="the version of httpd is 2.2.13"/>
<criterion test_ref="oval:org.apache.httpd:tst:2212" comment="the version of httpd is 2.2.12"/>
<criterion test_ref="oval:org.apache.httpd:tst:2211" comment="the version of httpd is 2.2.11"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2210" comment="the version of httpd is 2.2.10"/>
<criterion test_ref="oval:org.apache.httpd:tst:229" comment="the version of httpd is 2.2.9"/>
<criterion test_ref="oval:org.apache.httpd:tst:228" comment="the version of httpd is 2.2.8"/>
<criterion test_ref="oval:org.apache.httpd:tst:226" comment="the version of httpd is 2.2.6"/>
@@ -314,6 +320,7 @@ in a vulnerable way.
<criteria operator="OR">
<criterion test_ref="oval:org.apache.httpd:tst:2212" comment="the version of httpd is 2.2.12"/>
<criterion test_ref="oval:org.apache.httpd:tst:2211" comment="the version of httpd is 2.2.11"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2210" comment="the version of httpd is 2.2.10"/>
<criterion test_ref="oval:org.apache.httpd:tst:229" comment="the version of httpd is 2.2.9"/>
<criterion test_ref="oval:org.apache.httpd:tst:228" comment="the version of httpd is 2.2.8"/>
<criterion test_ref="oval:org.apache.httpd:tst:226" comment="the version of httpd is 2.2.6"/>
@@ -347,6 +354,7 @@ or a denial of service.
<criteria operator="OR">
<criteria operator="OR">
<criterion test_ref="oval:org.apache.httpd:tst:2211" comment="the version of httpd is 2.2.11"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2210" comment="the version of httpd is 2.2.10"/>
<criterion test_ref="oval:org.apache.httpd:tst:229" comment="the version of httpd is 2.2.9"/>
<criterion test_ref="oval:org.apache.httpd:tst:228" comment="the version of httpd is 2.2.8"/>
<criterion test_ref="oval:org.apache.httpd:tst:226" comment="the version of httpd is 2.2.6"/>
@@ -379,6 +387,7 @@ engine.
<criteria operator="OR">
<criteria operator="OR">
<criterion test_ref="oval:org.apache.httpd:tst:2211" comment="the version of httpd is 2.2.11"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2210" comment="the version of httpd is 2.2.10"/>
<criterion test_ref="oval:org.apache.httpd:tst:229" comment="the version of httpd is 2.2.9"/>
<criterion test_ref="oval:org.apache.httpd:tst:228" comment="the version of httpd is 2.2.8"/>
<criterion test_ref="oval:org.apache.httpd:tst:226" comment="the version of httpd is 2.2.6"/>
@@ -411,6 +420,7 @@ file.</description>
<criteria operator="OR">
<criteria operator="OR">
<criterion test_ref="oval:org.apache.httpd:tst:2211" comment="the version of httpd is 2.2.11"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2210" comment="the version of httpd is 2.2.10"/>
<criterion test_ref="oval:org.apache.httpd:tst:229" comment="the version of httpd is 2.2.9"/>
<criterion test_ref="oval:org.apache.httpd:tst:228" comment="the version of httpd is 2.2.8"/>
<criterion test_ref="oval:org.apache.httpd:tst:226" comment="the version of httpd is 2.2.6"/>
@@ -441,6 +451,7 @@ force a proxy process to consume large a
<criteria operator="OR">
<criteria operator="OR">
<criterion test_ref="oval:org.apache.httpd:tst:2211" comment="the version of httpd is 2.2.11"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2210" comment="the version of httpd is 2.2.10"/>
<criterion test_ref="oval:org.apache.httpd:tst:229" comment="the version of httpd is 2.2.9"/>
<criterion test_ref="oval:org.apache.httpd:tst:228" comment="the version of httpd is 2.2.8"/>
<criterion test_ref="oval:org.apache.httpd:tst:226" comment="the version of httpd is 2.2.6"/>
@@ -472,6 +483,7 @@ from executing commands from a Server-Si
<criteria operator="OR">
<criteria operator="OR">
<criterion test_ref="oval:org.apache.httpd:tst:2211" comment="the version of httpd is 2.2.11"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2210" comment="the version of httpd is 2.2.10"/>
<criterion test_ref="oval:org.apache.httpd:tst:229" comment="the version of httpd is 2.2.9"/>
<criterion test_ref="oval:org.apache.httpd:tst:228" comment="the version of httpd is 2.2.8"/>
<criterion test_ref="oval:org.apache.httpd:tst:226" comment="the version of httpd is 2.2.6"/>
@@ -527,6 +539,7 @@ processed by the pattern preparation eng
<criteria operator="OR">
<criteria operator="OR">
<criterion test_ref="oval:org.apache.httpd:tst:2211" comment="the version of httpd is 2.2.11"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2210" comment="the version of httpd is 2.2.10"/>
<criterion test_ref="oval:org.apache.httpd:tst:229" comment="the version of httpd is 2.2.9"/>
<criterion test_ref="oval:org.apache.httpd:tst:228" comment="the version of httpd is 2.2.8"/>
<criterion test_ref="oval:org.apache.httpd:tst:226" comment="the version of httpd is 2.2.6"/>
@@ -3481,6 +3494,10 @@ a constant rate, since the attacker has
<object object_ref="oval:org.apache.httpd:obj:1"/>
<state state_ref="oval:org.apache.httpd:ste:2211"/>
</httpd_test>
+<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:2210" version="1" comment="the version of httpd is 2.2.10" check="at least one">
+<object object_ref="oval:org.apache.httpd:obj:1"/>
+<state state_ref="oval:org.apache.httpd:ste:2210"/>
+</httpd_test>
<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:229" version="1" comment="the version of httpd is 2.2.9" check="at least one">
<object object_ref="oval:org.apache.httpd:obj:1"/>
<state state_ref="oval:org.apache.httpd:ste:229"/>
@@ -3738,6 +3755,9 @@ a constant rate, since the attacker has
<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:2211" version="1" comment="the version of httpd is 2.2.11">
<version operation="equals" datatype="version">2.2.11</version>
</httpd_state>
+<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:2210" version="1" comment="the version of httpd is 2.2.10">
+<version operation="equals" datatype="version">2.2.10</version>
+</httpd_state>
<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:229" version="1" comment="the version of httpd is 2.2.9">
<version operation="equals" datatype="version">2.2.9</version>
</httpd_state>
Modified: httpd/site/trunk/docs/security/vulnerabilities_22.html
URL: http://svn.apache.org/viewvc/httpd/site/trunk/docs/security/vulnerabilities_22.html?rev=921637&r1=921636&r2=921637&view=diff
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities_22.html [utf-8] (original)
+++ httpd/site/trunk/docs/security/vulnerabilities_22.html [utf-8] Thu Mar 11 00:01:20 2010
@@ -124,7 +124,7 @@ proposing a patch fix for this issue.
</dd>
<dd>
Affects:
- 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0, 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37<p />
+ 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0, 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37<p />
</dd>
<dd>
<b>low: </b>
@@ -156,7 +156,7 @@ fix for this issue.
</dd>
<dd>
Affects:
- 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0, 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
+ 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0, 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
</dd>
<dd>
<b>moderate: </b>
@@ -182,7 +182,7 @@ proposing a patch fix for this issue.
</dd>
<dd>
Affects:
- 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
+ 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
</dd>
</dl>
</blockquote>
@@ -218,7 +218,7 @@ service.
</dd>
<dd>
Affects:
- 2.2.13, 2.2.12, 2.2.11, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
+ 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
</dd>
<dd>
<b>low: </b>
@@ -239,7 +239,7 @@ to the FTP server.
</dd>
<dd>
Affects:
- 2.2.13, 2.2.12, 2.2.11, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
+ 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
</dd>
<dd>
<b>moderate: </b>
@@ -258,7 +258,7 @@ event MPMs, resulting in a denial of ser
</dd>
<dd>
Affects:
- 2.2.13, 2.2.12, 2.2.11, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
+ 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
</dd>
</dl>
</blockquote>
@@ -295,7 +295,7 @@ in a vulnerable way.
</dd>
<dd>
Affects:
- 2.2.12, 2.2.11, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
+ 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
</dd>
</dl>
</blockquote>
@@ -329,7 +329,7 @@ force a proxy process to consume large a
</dd>
<dd>
Affects:
- 2.2.11, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
+ 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
</dd>
<dd>
<b>important: </b>
@@ -370,7 +370,7 @@ file.</p>
</dd>
<dd>
Affects:
- 2.2.11, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
+ 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
</dd>
<dd>
<b>low: </b>
@@ -390,7 +390,7 @@ from executing commands from a Server-Si
</dd>
<dd>
Affects:
- 2.2.11, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
+ 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
</dd>
<dd>
<b>moderate: </b>
@@ -412,7 +412,7 @@ or a denial of service.
</dd>
<dd>
Affects:
- 2.2.11, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
+ 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
</dd>
<dd>
<b>moderate: </b>
@@ -433,7 +433,7 @@ engine.
</dd>
<dd>
Affects:
- 2.2.11, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
+ 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
</dd>
<dd>
<b>moderate: </b>
@@ -454,7 +454,7 @@ processed by the pattern preparation eng
</dd>
<dd>
Affects:
- 2.2.11, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
+ 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
</dd>
</dl>
</blockquote>