You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by bu...@apache.org on 2017/07/27 20:26:09 UTC
svn commit: r1016055 - in /websites/staging/httpd/trunk/content: ./
security/vulnerabilities-httpd.page/securitydb.xsl
security/vulnerabilities_22.html security/vulnerabilities_24.html
Author: buildbot
Date: Thu Jul 27 20:26:09 2017
New Revision: 1016055
Log:
Staging update by buildbot for httpd
Modified:
websites/staging/httpd/trunk/content/ (props changed)
websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.page/securitydb.xsl
websites/staging/httpd/trunk/content/security/vulnerabilities_22.html
websites/staging/httpd/trunk/content/security/vulnerabilities_24.html
Propchange: websites/staging/httpd/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Thu Jul 27 20:26:09 2017
@@ -1 +1 @@
-1803229
+1803232
Modified: websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.page/securitydb.xsl
==============================================================================
Binary files - no diff available.
Modified: websites/staging/httpd/trunk/content/security/vulnerabilities_22.html
==============================================================================
--- websites/staging/httpd/trunk/content/security/vulnerabilities_22.html (original)
+++ websites/staging/httpd/trunk/content/security/vulnerabilities_22.html Thu Jul 27 20:26:09 2017
@@ -109,8 +109,8 @@ these vulnerabilities to the <a href="/s
Team</a>. </p><br/><h1 id="2.2.34">
Fixed in Apache httpd 2.2.34</h1><dl>
<dt>
- <h3>important:
- <a name="CVE-2017-9788"/><name name="CVE-2017-9788">Uninitialized memory reflection in mod_auth_digest</name>
+ <h3 id="CVE-2017-9788">important:
+ <name name="CVE-2017-9788">Uninitialized memory reflection in mod_auth_digest</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9788">CVE-2017-9788</a>)
</h3>
</dt>
@@ -150,8 +150,8 @@ We would like to thank Robert ÅwiÄ
</table>
</dd>
<dt>
- <h3>important:
- <a name="CVE-2017-3167"/><name name="CVE-2017-3167">ap_get_basic_auth_pw() Authentication Bypass</name>
+ <h3 id="CVE-2017-3167">important:
+ <name name="CVE-2017-3167">ap_get_basic_auth_pw() Authentication Bypass</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167">CVE-2017-3167</a>)
</h3>
</dt>
@@ -191,8 +191,8 @@ We would like to thank Emmanuel Dreyfus
</table>
</dd>
<dt>
- <h3>important:
- <a name="CVE-2017-3169"/><name name="CVE-2017-3169">mod_ssl Null Pointer Dereference</name>
+ <h3 id="CVE-2017-3169">important:
+ <name name="CVE-2017-3169">mod_ssl Null Pointer Dereference</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169">CVE-2017-3169</a>)
</h3>
</dt>
@@ -225,8 +225,8 @@ reporting this issue.
</table>
</dd>
<dt>
- <h3>important:
- <a name="CVE-2017-7668"/><name name="CVE-2017-7668">ap_find_token() Buffer Overread</name>
+ <h3 id="CVE-2017-7668">important:
+ <name name="CVE-2017-7668">ap_find_token() Buffer Overread</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668">CVE-2017-7668</a>)
</h3>
</dt>
@@ -262,8 +262,8 @@ issue.
</table>
</dd>
<dt>
- <h3>important:
- <a name="CVE-2017-7679"/><name name="CVE-2017-7679">mod_mime Buffer Overread</name>
+ <h3 id="CVE-2017-7679">important:
+ <name name="CVE-2017-7679">mod_mime Buffer Overread</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679">CVE-2017-7679</a>)
</h3>
</dt>
@@ -297,8 +297,8 @@ We would like to thank ChenQin and Hanno
</dl><br/><h1 id="2.2.32">
Fixed in Apache httpd 2.2.32</h1><dl>
<dt>
- <h3>important:
- <a name="CVE-2016-8743"/><name name="CVE-2016-8743">Apache HTTP Request Parsing Whitespace Defects</name>
+ <h3 id="CVE-2016-8743">important:
+ <name name="CVE-2016-8743">Apache HTTP Request Parsing Whitespace Defects</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743">CVE-2016-8743</a>)
</h3>
</dt>
@@ -379,8 +379,8 @@ as well as Régis Leroy for each repor
</table>
</dd>
<dt>
- <h3>n/a:
- <a name="CVE-2016-5387"/><name name="CVE-2016-5387">HTTP_PROXY environment variable "httpoxy" mitigation</name>
+ <h3 id="CVE-2016-5387">n/a:
+ <name name="CVE-2016-5387">HTTP_PROXY environment variable "httpoxy" mitigation</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5387">CVE-2016-5387</a>)
</h3>
</dt>
@@ -422,8 +422,8 @@ for reporting and proposing a fix for th
</dl><br/><h1 id="2.2.31">
Fixed in Apache httpd 2.2.31</h1><dl>
<dt>
- <h3>low:
- <a name="CVE-2015-3183"/><name name="CVE-2015-3183">HTTP request smuggling attack against chunked request parser</name>
+ <h3 id="CVE-2015-3183">low:
+ <name name="CVE-2015-3183">HTTP request smuggling attack against chunked request parser</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3183">CVE-2015-3183</a>)
</h3>
</dt>
@@ -461,8 +461,8 @@ This issue was reported by Régis Lero
</dl><br/><h1 id="2.2.29">
Fixed in Apache httpd 2.2.29</h1><dl>
<dt>
- <h3>important:
- <a name="CVE-2014-0231"/><name name="CVE-2014-0231">mod_cgid denial of service</name>
+ <h3 id="CVE-2014-0231">important:
+ <name name="CVE-2014-0231">mod_cgid denial of service</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0231">CVE-2014-0231</a>)
</h3>
</dt>
@@ -496,8 +496,8 @@ This issue was reported by Rainer Jung o
</table>
</dd>
<dt>
- <h3>low:
- <a name="CVE-2013-5704"/><name name="CVE-2013-5704">HTTP Trailers processing bypass</name>
+ <h3 id="CVE-2013-5704">low:
+ <name name="CVE-2013-5704">HTTP Trailers processing bypass</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5704">CVE-2013-5704</a>)
</h3>
</dt>
@@ -531,8 +531,8 @@ This issue was reported by Martin Holst
</table>
</dd>
<dt>
- <h3>moderate:
- <a name="CVE-2014-0118"/><name name="CVE-2014-0118">mod_deflate denial of service</name>
+ <h3 id="CVE-2014-0118">moderate:
+ <name name="CVE-2014-0118">mod_deflate denial of service</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0118">CVE-2014-0118</a>)
</h3>
</dt>
@@ -567,8 +567,8 @@ This issue was reported by Giancarlo Pel
</table>
</dd>
<dt>
- <h3>moderate:
- <a name="CVE-2014-0226"/><name name="CVE-2014-0226">mod_status buffer overflow</name>
+ <h3 id="CVE-2014-0226">moderate:
+ <name name="CVE-2014-0226">mod_status buffer overflow</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0226">CVE-2014-0226</a>)
</h3>
</dt>
@@ -606,8 +606,8 @@ This issue was reported by Marek Kroemek
</dl><br/><h1 id="2.2.27">
Fixed in Apache httpd 2.2.27</h1><dl>
<dt>
- <h3>low:
- <a name="CVE-2014-0098"/><name name="CVE-2014-0098">mod_log_config crash</name>
+ <h3 id="CVE-2014-0098">low:
+ <name name="CVE-2014-0098">mod_log_config crash</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0098">CVE-2014-0098</a>)
</h3>
</dt>
@@ -640,8 +640,8 @@ This issue was reported by Rainer M Cana
</table>
</dd>
<dt>
- <h3>moderate:
- <a name="CVE-2013-6438"/><name name="CVE-2013-6438">mod_dav crash</name>
+ <h3 id="CVE-2013-6438">moderate:
+ <name name="CVE-2013-6438">mod_dav crash</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6438">CVE-2013-6438</a>)
</h3>
</dt>
@@ -677,8 +677,8 @@ This issue was reported by Ning Zhang &a
</dl><br/><h1 id="2.2.25">
Fixed in Apache httpd 2.2.25</h1><dl>
<dt>
- <h3>low:
- <a name="CVE-2013-1862"/><name name="CVE-2013-1862">mod_rewrite log escape filtering</name>
+ <h3 id="CVE-2013-1862">low:
+ <name name="CVE-2013-1862">mod_rewrite log escape filtering</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1862">CVE-2013-1862</a>)
</h3>
</dt>
@@ -712,8 +712,8 @@ This issue was reported by Ramiro Molina
</table>
</dd>
<dt>
- <h3>moderate:
- <a name="CVE-2013-1896"/><name name="CVE-2013-1896">mod_dav crash</name>
+ <h3 id="CVE-2013-1896">moderate:
+ <name name="CVE-2013-1896">mod_dav crash</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1896">CVE-2013-1896</a>)
</h3>
</dt>
@@ -748,8 +748,8 @@ This issue was reported by Ben Reser
</dl><br/><h1 id="2.2.24">
Fixed in Apache httpd 2.2.24</h1><dl>
<dt>
- <h3>low:
- <a name="CVE-2012-3499"/><name name="CVE-2012-3499">XSS due to unescaped hostnames</name>
+ <h3 id="CVE-2012-3499">low:
+ <name name="CVE-2012-3499">XSS due to unescaped hostnames</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3499">CVE-2012-3499</a>)
</h3>
</dt>
@@ -781,8 +781,8 @@ This issue was reported by Niels Heinen
</table>
</dd>
<dt>
- <h3>moderate:
- <a name="CVE-2012-4558"/><name name="CVE-2012-4558">XSS in mod_proxy_balancer</name>
+ <h3 id="CVE-2012-4558">moderate:
+ <name name="CVE-2012-4558">XSS in mod_proxy_balancer</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4558">CVE-2012-4558</a>)
</h3>
</dt>
@@ -815,8 +815,8 @@ This issue was reported by Niels Heinen
</dl><br/><h1 id="2.2.23">
Fixed in Apache httpd 2.2.23</h1><dl>
<dt>
- <h3>low:
- <a name="CVE-2012-2687"/><name name="CVE-2012-2687">XSS in mod_negotiation when untrusted uploads are supported</name>
+ <h3 id="CVE-2012-2687">low:
+ <name name="CVE-2012-2687">XSS in mod_negotiation when untrusted uploads are supported</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2687">CVE-2012-2687</a>)
</h3>
</dt>
@@ -846,8 +846,8 @@ untrusted uploads to locations which hav
</table>
</dd>
<dt>
- <h3>low:
- <a name="CVE-2012-0883"/><name name="CVE-2012-0883">insecure LD_LIBRARY_PATH handling</name>
+ <h3 id="CVE-2012-0883">low:
+ <name name="CVE-2012-0883">insecure LD_LIBRARY_PATH handling</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0883">CVE-2012-0883</a>)
</h3>
</dt>
@@ -880,8 +880,8 @@ administrator runs apachectl from an unt
</dl><br/><h1 id="2.2.22">
Fixed in Apache httpd 2.2.22</h1><dl>
<dt>
- <h3>low:
- <a name="CVE-2012-4557"/><name name="CVE-2012-4557">mod_proxy_ajp remote DoS</name>
+ <h3 id="CVE-2012-4557">low:
+ <name name="CVE-2012-4557">mod_proxy_ajp remote DoS</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4557">CVE-2012-4557</a>)
</h3>
</dt>
@@ -913,8 +913,8 @@ temporary denial of service.</p>
</table>
</dd>
<dt>
- <h3>low:
- <a name="CVE-2011-3607"/><name name="CVE-2011-3607">mod_setenvif .htaccess privilege escalation</name>
+ <h3 id="CVE-2011-3607">low:
+ <name name="CVE-2011-3607">mod_setenvif .htaccess privilege escalation</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3607">CVE-2011-3607</a>)
</h3>
</dt>
@@ -947,8 +947,8 @@ This issue was reported by halfdog
</table>
</dd>
<dt>
- <h3>low:
- <a name="CVE-2012-0021"/><name name="CVE-2012-0021">mod_log_config crash</name>
+ <h3 id="CVE-2012-0021">low:
+ <name name="CVE-2012-0021">mod_log_config crash</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0021">CVE-2012-0021</a>)
</h3>
</dt>
@@ -978,8 +978,8 @@ This crash would only be a denial of ser
</table>
</dd>
<dt>
- <h3>low:
- <a name="CVE-2012-0031"/><name name="CVE-2012-0031">scoreboard parent DoS</name>
+ <h3 id="CVE-2012-0031">low:
+ <name name="CVE-2012-0031">scoreboard parent DoS</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0031">CVE-2012-0031</a>)
</h3>
</dt>
@@ -1012,8 +1012,8 @@ This issue was reported by halfdog
</table>
</dd>
<dt>
- <h3>moderate:
- <a name="CVE-2011-4317"/><name name="CVE-2011-4317">mod_proxy reverse proxy exposure </name>
+ <h3 id="CVE-2011-4317">moderate:
+ <name name="CVE-2011-4317">mod_proxy reverse proxy exposure </name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317">CVE-2011-4317</a>)
</h3>
</dt>
@@ -1049,8 +1049,8 @@ This issue was reported by Prutha Parikh
</table>
</dd>
<dt>
- <h3>moderate:
- <a name="CVE-2012-0053"/><name name="CVE-2012-0053">error responses can expose cookies</name>
+ <h3 id="CVE-2012-0053">moderate:
+ <name name="CVE-2012-0053">error responses can expose cookies</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0053">CVE-2012-0053</a>)
</h3>
</dt>
@@ -1083,8 +1083,8 @@ This issue was reported by Norman Hipper
</table>
</dd>
<dt>
- <h3>moderate:
- <a name="CVE-2011-3368"/><name name="CVE-2011-3368">mod_proxy reverse proxy exposure</name>
+ <h3 id="CVE-2011-3368">moderate:
+ <name name="CVE-2011-3368">mod_proxy reverse proxy exposure</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368">CVE-2011-3368</a>)
</h3>
</dt>
@@ -1121,8 +1121,8 @@ This issue was reported by Context Infor
</dl><br/><h1 id="2.2.21">
Fixed in Apache httpd 2.2.21</h1><dl>
<dt>
- <h3>moderate:
- <a name="CVE-2011-3348"/><name name="CVE-2011-3348">mod_proxy_ajp remote DoS</name>
+ <h3 id="CVE-2011-3348">moderate:
+ <name name="CVE-2011-3348">mod_proxy_ajp remote DoS</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3348">CVE-2011-3348</a>)
</h3>
</dt>
@@ -1155,8 +1155,8 @@ This could lead to a temporary denial of
</dl><br/><h1 id="2.2.20">
Fixed in Apache httpd 2.2.20</h1><dl>
<dt>
- <h3>important:
- <a name="CVE-2011-3192"/><name name="CVE-2011-3192">Range header remote DoS</name>
+ <h3 id="CVE-2011-3192">important:
+ <name name="CVE-2011-3192">Range header remote DoS</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192">CVE-2011-3192</a>)
</h3>
</dt>
@@ -1188,8 +1188,8 @@ Advisory: <a href="CVE-2011-3192.txt">CV
</dl><br/><h1 id="2.2.19">
Fixed in Apache httpd 2.2.19</h1><dl>
<dt>
- <h3>moderate:
- <a name="CVE-2011-0419"/><name name="CVE-2011-0419">apr_fnmatch flaw leads to mod_autoindex remote DoS</name>
+ <h3 id="CVE-2011-0419">moderate:
+ <name name="CVE-2011-0419">apr_fnmatch flaw leads to mod_autoindex remote DoS</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0419">CVE-2011-0419</a>)
</h3>
</dt>
@@ -1235,8 +1235,8 @@ This issue was reported by Maksymilian A
</dl><br/><h1 id="2.2.17">
Fixed in Apache httpd 2.2.17</h1><dl>
<dt>
- <h3>low:
- <a name="CVE-2009-3720"/><name name="CVE-2009-3720">expat DoS</name>
+ <h3 id="CVE-2009-3720">low:
+ <name name="CVE-2009-3720">expat DoS</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720">CVE-2009-3720</a>)
</h3>
</dt>
@@ -1268,8 +1268,8 @@ be a denial of service if using the work
</table>
</dd>
<dt>
- <h3>low:
- <a name="CVE-2009-3560"/><name name="CVE-2009-3560">expat DoS</name>
+ <h3 id="CVE-2009-3560">low:
+ <name name="CVE-2009-3560">expat DoS</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560">CVE-2009-3560</a>)
</h3>
</dt>
@@ -1301,8 +1301,8 @@ be a denial of service if using the work
</table>
</dd>
<dt>
- <h3>low:
- <a name="CVE-2010-1623"/><name name="CVE-2010-1623">apr_bridage_split_line DoS</name>
+ <h3 id="CVE-2010-1623">low:
+ <name name="CVE-2010-1623">apr_bridage_split_line DoS</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1623">CVE-2010-1623</a>)
</h3>
</dt>
@@ -1336,8 +1336,8 @@ service.
</dl><br/><h1 id="2.2.16">
Fixed in Apache httpd 2.2.16</h1><dl>
<dt>
- <h3>important:
- <a name="CVE-2010-2068"/><name name="CVE-2010-2068">Timeout detection flaw (mod_proxy_http)</name>
+ <h3 id="CVE-2010-2068">important:
+ <name name="CVE-2010-2068">Timeout detection flaw (mod_proxy_http)</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2068">CVE-2010-2068</a>)
</h3>
</dt>
@@ -1380,8 +1380,8 @@ reporting of this issue.
</table>
</dd>
<dt>
- <h3>low:
- <a name="CVE-2010-1452"/><name name="CVE-2010-1452">mod_cache and mod_dav DoS</name>
+ <h3 id="CVE-2010-1452">low:
+ <name name="CVE-2010-1452">mod_cache and mod_dav DoS</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1452">CVE-2010-1452</a>)
</h3>
</dt>
@@ -1421,8 +1421,8 @@ This issue was reported by Mark Drayton.
</dl><br/><h1 id="2.2.15">
Fixed in Apache httpd 2.2.15</h1><dl>
<dt>
- <h3>important:
- <a name="CVE-2010-0425"/><name name="CVE-2010-0425">mod_isapi module unload flaw</name>
+ <h3 id="CVE-2010-0425">important:
+ <name name="CVE-2010-0425">mod_isapi module unload flaw</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0425">CVE-2010-0425</a>)
</h3>
</dt>
@@ -1459,8 +1459,8 @@ proposing a patch fix for this issue.
</table>
</dd>
<dt>
- <h3>low:
- <a name="CVE-2010-0434"/><name name="CVE-2010-0434">Subrequest handling of request headers (mod_headers)</name>
+ <h3 id="CVE-2010-0434">low:
+ <name name="CVE-2010-0434">Subrequest handling of request headers (mod_headers)</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0434">CVE-2010-0434</a>)
</h3>
</dt>
@@ -1497,8 +1497,8 @@ fix for this issue.
</table>
</dd>
<dt>
- <h3>moderate:
- <a name="CVE-2010-0408"/><name name="CVE-2010-0408">mod_proxy_ajp DoS</name>
+ <h3 id="CVE-2010-0408">moderate:
+ <name name="CVE-2010-0408">mod_proxy_ajp DoS</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0408">CVE-2010-0408</a>)
</h3>
</dt>
@@ -1535,8 +1535,8 @@ proposing a patch fix for this issue.
</dl><br/><h1 id="2.2.14">
Fixed in Apache httpd 2.2.14</h1><dl>
<dt>
- <h3>low:
- <a name="CVE-2009-3094"/><name name="CVE-2009-3094">mod_proxy_ftp DoS</name>
+ <h3 id="CVE-2009-3094">low:
+ <name name="CVE-2009-3094">mod_proxy_ftp DoS</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094">CVE-2009-3094</a>)
</h3>
</dt>
@@ -1568,8 +1568,8 @@ service.
</table>
</dd>
<dt>
- <h3>low:
- <a name="CVE-2009-3095"/><name name="CVE-2009-3095">mod_proxy_ftp FTP command injection</name>
+ <h3 id="CVE-2009-3095">low:
+ <name name="CVE-2009-3095">mod_proxy_ftp FTP command injection</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095">CVE-2009-3095</a>)
</h3>
</dt>
@@ -1597,8 +1597,8 @@ to the FTP server.
</table>
</dd>
<dt>
- <h3>moderate:
- <a name="CVE-2009-2699"/><name name="CVE-2009-2699">Solaris pollset DoS</name>
+ <h3 id="CVE-2009-2699">moderate:
+ <name name="CVE-2009-2699">Solaris pollset DoS</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2699">CVE-2009-2699</a>)
</h3>
</dt>
@@ -1630,8 +1630,8 @@ event MPMs, resulting in a denial of ser
</dl><br/><h1 id="2.2.13">
Fixed in Apache httpd 2.2.13</h1><dl>
<dt>
- <h3>low:
- <a name="CVE-2009-2412"/><name name="CVE-2009-2412">APR apr_palloc heap overflow</name>
+ <h3 id="CVE-2009-2412">low:
+ <name name="CVE-2009-2412">APR apr_palloc heap overflow</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412">CVE-2009-2412</a>)
</h3>
</dt>
@@ -1666,8 +1666,8 @@ in a vulnerable way.
</dl><br/><h1 id="2.2.12">
Fixed in Apache httpd 2.2.12</h1><dl>
<dt>
- <h3>important:
- <a name="CVE-2009-1890"/><name name="CVE-2009-1890">mod_proxy reverse proxy DoS</name>
+ <h3 id="CVE-2009-1890">important:
+ <name name="CVE-2009-1890">mod_proxy reverse proxy DoS</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1890">CVE-2009-1890</a>)
</h3>
</dt>
@@ -1697,8 +1697,8 @@ force a proxy process to consume large a
</table>
</dd>
<dt>
- <h3>important:
- <a name="CVE-2009-1191"/><name name="CVE-2009-1191">mod_proxy_ajp information disclosure</name>
+ <h3 id="CVE-2009-1191">important:
+ <name name="CVE-2009-1191">mod_proxy_ajp information disclosure</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1191">CVE-2009-1191</a>)
</h3>
</dt>
@@ -1729,8 +1729,8 @@ could return a response intended for ano
</table>
</dd>
<dt>
- <h3>low:
- <a name="CVE-2009-1891"/><name name="CVE-2009-1891">mod_deflate DoS</name>
+ <h3 id="CVE-2009-1891">low:
+ <name name="CVE-2009-1891">mod_deflate DoS</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891">CVE-2009-1891</a>)
</h3>
</dt>
@@ -1758,8 +1758,8 @@ file.</p>
</table>
</dd>
<dt>
- <h3>low:
- <a name="CVE-2009-1195"/><name name="CVE-2009-1195">AllowOverride Options handling bypass</name>
+ <h3 id="CVE-2009-1195">low:
+ <name name="CVE-2009-1195">AllowOverride Options handling bypass</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1195">CVE-2009-1195</a>)
</h3>
</dt>
@@ -1790,8 +1790,8 @@ from executing commands from a Server-Si
</table>
</dd>
<dt>
- <h3>low:
- <a name="CVE-2008-0456"/><name name="CVE-2008-0456">CRLF injection in mod_negotiation when untrusted uploads are supported</name>
+ <h3 id="CVE-2008-0456">low:
+ <name name="CVE-2008-0456">CRLF injection in mod_negotiation when untrusted uploads are supported</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0456">CVE-2008-0456</a>)
</h3>
</dt>
@@ -1821,8 +1821,8 @@ MultiViews enabled.
</table>
</dd>
<dt>
- <h3>moderate:
- <a name="CVE-2009-1956"/><name name="CVE-2009-1956">APR-util off-by-one overflow</name>
+ <h3 id="CVE-2009-1956">moderate:
+ <name name="CVE-2009-1956">APR-util off-by-one overflow</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1956">CVE-2009-1956</a>)
</h3>
</dt>
@@ -1851,8 +1851,8 @@ or a denial of service.
</table>
</dd>
<dt>
- <h3>moderate:
- <a name="CVE-2009-1955"/><name name="CVE-2009-1955">APR-util XML DoS</name>
+ <h3 id="CVE-2009-1955">moderate:
+ <name name="CVE-2009-1955">APR-util XML DoS</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955">CVE-2009-1955</a>)
</h3>
</dt>
@@ -1884,8 +1884,8 @@ engine.
</table>
</dd>
<dt>
- <h3>moderate:
- <a name="CVE-2009-0023"/><name name="CVE-2009-0023">APR-util heap underwrite</name>
+ <h3 id="CVE-2009-0023">moderate:
+ <name name="CVE-2009-0023">APR-util heap underwrite</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0023">CVE-2009-0023</a>)
</h3>
</dt>
@@ -1919,8 +1919,8 @@ processed by the pattern preparation eng
</dl><br/><h1 id="2.2.10">
Fixed in Apache httpd 2.2.10</h1><dl>
<dt>
- <h3>important:
- <a name="CVE-2010-2791"/><name name="CVE-2010-2791">Timeout detection flaw (mod_proxy_http)</name>
+ <h3 id="CVE-2010-2791">important:
+ <name name="CVE-2010-2791">Timeout detection flaw (mod_proxy_http)</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2791">CVE-2010-2791</a>)
</h3>
</dt>
@@ -1950,8 +1950,8 @@ globally configure:</p>
</table>
</dd>
<dt>
- <h3>low:
- <a name="CVE-2008-2939"/><name name="CVE-2008-2939">mod_proxy_ftp globbing XSS</name>
+ <h3 id="CVE-2008-2939">low:
+ <name name="CVE-2008-2939">mod_proxy_ftp globbing XSS</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939">CVE-2008-2939</a>)
</h3>
</dt>
@@ -1983,8 +1983,8 @@ to cross-site scripting (XSS) attacks.</
</dl><br/><h1 id="2.2.9">
Fixed in Apache httpd 2.2.9</h1><dl>
<dt>
- <h3>low:
- <a name="CVE-2007-6420"/><name name="CVE-2007-6420">mod_proxy_balancer CSRF</name>
+ <h3 id="CVE-2007-6420">low:
+ <name name="CVE-2007-6420">mod_proxy_balancer CSRF</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6420">CVE-2007-6420</a>)
</h3>
</dt>
@@ -2013,8 +2013,8 @@ vulnerable to cross-site request forgery
</table>
</dd>
<dt>
- <h3>moderate:
- <a name="CVE-2008-2364"/><name name="CVE-2008-2364">mod_proxy_http DoS</name>
+ <h3 id="CVE-2008-2364">moderate:
+ <name name="CVE-2008-2364">mod_proxy_http DoS</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364">CVE-2008-2364</a>)
</h3>
</dt>
@@ -2045,8 +2045,8 @@ could cause a denial of service or high
</dl><br/><h1 id="2.2.8">
Fixed in Apache httpd 2.2.8</h1><dl>
<dt>
- <h3>low:
- <a name="CVE-2008-0005"/><name name="CVE-2008-0005">mod_proxy_ftp UTF-7 XSS</name>
+ <h3 id="CVE-2008-0005">low:
+ <name name="CVE-2008-0005">mod_proxy_ftp UTF-7 XSS</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005">CVE-2008-0005</a>)
</h3>
</dt>
@@ -2078,8 +2078,8 @@ RFC 2616.
</table>
</dd>
<dt>
- <h3>low:
- <a name="CVE-2007-6422"/><name name="CVE-2007-6422">mod_proxy_balancer DoS</name>
+ <h3 id="CVE-2007-6422">low:
+ <name name="CVE-2007-6422">mod_proxy_balancer DoS</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6422">CVE-2007-6422</a>)
</h3>
</dt>
@@ -2110,8 +2110,8 @@ threaded Multi-Processing Module. </p>
</table>
</dd>
<dt>
- <h3>low:
- <a name="CVE-2007-6421"/><name name="CVE-2007-6421">mod_proxy_balancer XSS</name>
+ <h3 id="CVE-2007-6421">low:
+ <name name="CVE-2007-6421">mod_proxy_balancer XSS</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6421">CVE-2007-6421</a>)
</h3>
</dt>
@@ -2140,8 +2140,8 @@ authorized user is possible. </p>
</table>
</dd>
<dt>
- <h3>moderate:
- <a name="CVE-2007-6388"/><name name="CVE-2007-6388">mod_status XSS</name>
+ <h3 id="CVE-2007-6388">moderate:
+ <name name="CVE-2007-6388">mod_status XSS</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388">CVE-2007-6388</a>)
</h3>
</dt>
@@ -2171,8 +2171,8 @@ Note that the server-status page is not
</table>
</dd>
<dt>
- <h3>moderate:
- <a name="CVE-2007-5000"/><name name="CVE-2007-5000">mod_imagemap XSS</name>
+ <h3 id="CVE-2007-5000">moderate:
+ <name name="CVE-2007-5000">mod_imagemap XSS</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000">CVE-2007-5000</a>)
</h3>
</dt>
@@ -2203,8 +2203,8 @@ cross-site scripting attack is possible.
</dl><br/><h1 id="2.2.6">
Fixed in Apache httpd 2.2.6</h1><dl>
<dt>
- <h3>moderate:
- <a name="CVE-2007-3847"/><name name="CVE-2007-3847">mod_proxy crash</name>
+ <h3 id="CVE-2007-3847">moderate:
+ <name name="CVE-2007-3847">mod_proxy crash</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847">CVE-2007-3847</a>)
</h3>
</dt>
@@ -2233,8 +2233,8 @@ using a threaded Multi-Processing Module
</table>
</dd>
<dt>
- <h3>moderate:
- <a name="CVE-2006-5752"/><name name="CVE-2006-5752">mod_status cross-site scripting</name>
+ <h3 id="CVE-2006-5752">moderate:
+ <name name="CVE-2006-5752">mod_status cross-site scripting</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752">CVE-2006-5752</a>)
</h3>
</dt>
@@ -2266,8 +2266,8 @@ this publicly available.</p>
</table>
</dd>
<dt>
- <h3>moderate:
- <a name="CVE-2007-3304"/><name name="CVE-2007-3304">Signals to arbitrary processes</name>
+ <h3 id="CVE-2007-3304">moderate:
+ <name name="CVE-2007-3304">Signals to arbitrary processes</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304">CVE-2007-3304</a>)
</h3>
</dt>
@@ -2297,8 +2297,8 @@ terminated which could lead to a denial
</table>
</dd>
<dt>
- <h3>moderate:
- <a name="CVE-2007-1862"/><name name="CVE-2007-1862">mod_cache information leak</name>
+ <h3 id="CVE-2007-1862">moderate:
+ <name name="CVE-2007-1862">mod_cache information leak</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1862">CVE-2007-1862</a>)
</h3>
</dt>
@@ -2328,8 +2328,8 @@ used by remote attackers to obtain poten
</table>
</dd>
<dt>
- <h3>moderate:
- <a name="CVE-2007-1863"/><name name="CVE-2007-1863">mod_cache proxy DoS</name>
+ <h3 id="CVE-2007-1863">moderate:
+ <name name="CVE-2007-1863">mod_cache proxy DoS</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863">CVE-2007-1863</a>)
</h3>
</dt>
@@ -2361,8 +2361,8 @@ Multi-Processing Module.</p>
</dl><br/><h1 id="2.2.3">
Fixed in Apache httpd 2.2.3</h1><dl>
<dt>
- <h3>important:
- <a name="CVE-2006-3747"/><name name="CVE-2006-3747">mod_rewrite off-by-one error</name>
+ <h3 id="CVE-2006-3747">important:
+ <name name="CVE-2006-3747">mod_rewrite off-by-one error</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3747">CVE-2006-3747</a>)
</h3>
</dt>
@@ -2398,8 +2398,8 @@ processes) or potentially allow arbitrar
</dl><br/><h1 id="2.2.2">
Fixed in Apache httpd 2.2.2</h1><dl>
<dt>
- <h3>low:
- <a name="CVE-2005-3357"/><name name="CVE-2005-3357">mod_ssl access control DoS</name>
+ <h3 id="CVE-2005-3357">low:
+ <name name="CVE-2005-3357">mod_ssl access control DoS</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3357">CVE-2005-3357</a>)
</h3>
</dt>
@@ -2431,8 +2431,8 @@ crash would only be a denial of service
</table>
</dd>
<dt>
- <h3>moderate:
- <a name="CVE-2005-3352"/><name name="CVE-2005-3352">mod_imap Referer Cross-Site Scripting</name>
+ <h3 id="CVE-2005-3352">moderate:
+ <name name="CVE-2005-3352">mod_imap Referer Cross-Site Scripting</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352">CVE-2005-3352</a>)
</h3>
</dt>
Modified: websites/staging/httpd/trunk/content/security/vulnerabilities_24.html
==============================================================================
--- websites/staging/httpd/trunk/content/security/vulnerabilities_24.html (original)
+++ websites/staging/httpd/trunk/content/security/vulnerabilities_24.html Thu Jul 27 20:26:09 2017
@@ -109,8 +109,8 @@ these vulnerabilities to the <a href="/s
Team</a>. </p><p><em>The initial GA release, Apache httpd 2.4.1, includes fixes for all vulnerabilities which have been resolved in Apache httpd 2.2.22 and all older releases. Consult the <a href="vulnerabilities_22.html">Apache httpd 2.2 vulnerabilities list</a> for more information.</em></p><br/><h1 id="2.4.27">
Fixed in Apache httpd 2.4.27</h1><dl>
<dt>
- <h3>important:
- <a name="CVE-2017-9789"/><name name="CVE-2017-9789">Read after free in mod_http2</name>
+ <h3 id="CVE-2017-9789">important:
+ <name name="CVE-2017-9789">Read after free in mod_http2</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9789">CVE-2017-9789</a>)
</h3>
</dt>
@@ -143,8 +143,8 @@ We would like to thank Robert ÅwiÄ
</table>
</dd>
<dt>
- <h3>important:
- <a name="CVE-2017-9788"/><name name="CVE-2017-9788">Uninitialized memory reflection in mod_auth_digest</name>
+ <h3 id="CVE-2017-9788">important:
+ <name name="CVE-2017-9788">Uninitialized memory reflection in mod_auth_digest</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9788">CVE-2017-9788</a>)
</h3>
</dt>
@@ -186,8 +186,8 @@ We would like to thank Robert ÅwiÄ
</dl><br/><h1 id="2.4.26">
Fixed in Apache httpd 2.4.26</h1><dl>
<dt>
- <h3>important:
- <a name="CVE-2017-3167"/><name name="CVE-2017-3167">ap_get_basic_auth_pw() Authentication Bypass</name>
+ <h3 id="CVE-2017-3167">important:
+ <name name="CVE-2017-3167">ap_get_basic_auth_pw() Authentication Bypass</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167">CVE-2017-3167</a>)
</h3>
</dt>
@@ -227,8 +227,8 @@ We would like to thank Emmanuel Dreyfus
</table>
</dd>
<dt>
- <h3>important:
- <a name="CVE-2017-3169"/><name name="CVE-2017-3169">mod_ssl Null Pointer Dereference</name>
+ <h3 id="CVE-2017-3169">important:
+ <name name="CVE-2017-3169">mod_ssl Null Pointer Dereference</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169">CVE-2017-3169</a>)
</h3>
</dt>
@@ -261,8 +261,8 @@ reporting this issue.
</table>
</dd>
<dt>
- <h3>important:
- <a name="CVE-2017-7659"/><name name="CVE-2017-7659">mod_http2 Null Pointer Dereference</name>
+ <h3 id="CVE-2017-7659">important:
+ <name name="CVE-2017-7659">mod_http2 Null Pointer Dereference</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7659">CVE-2017-7659</a>)
</h3>
</dt>
@@ -294,8 +294,8 @@ We would like to thank Robert ÅwiÄ
</table>
</dd>
<dt>
- <h3>important:
- <a name="CVE-2017-7668"/><name name="CVE-2017-7668">ap_find_token() Buffer Overread</name>
+ <h3 id="CVE-2017-7668">important:
+ <name name="CVE-2017-7668">ap_find_token() Buffer Overread</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668">CVE-2017-7668</a>)
</h3>
</dt>
@@ -331,8 +331,8 @@ issue.
</table>
</dd>
<dt>
- <h3>important:
- <a name="CVE-2017-7679"/><name name="CVE-2017-7679">mod_mime Buffer Overread</name>
+ <h3 id="CVE-2017-7679">important:
+ <name name="CVE-2017-7679">mod_mime Buffer Overread</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679">CVE-2017-7679</a>)
</h3>
</dt>
@@ -366,8 +366,8 @@ We would like to thank ChenQin and Hanno
</dl><br/><h1 id="2.4.25">
Fixed in Apache httpd 2.4.25</h1><dl>
<dt>
- <h3>important:
- <a name="CVE-2016-8743"/><name name="CVE-2016-8743">Apache HTTP Request Parsing Whitespace Defects</name>
+ <h3 id="CVE-2016-8743">important:
+ <name name="CVE-2016-8743">Apache HTTP Request Parsing Whitespace Defects</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743">CVE-2016-8743</a>)
</h3>
</dt>
@@ -448,8 +448,8 @@ as well as Régis Leroy for each repor
</table>
</dd>
<dt>
- <h3>low:
- <a name="CVE-2016-8740"/><name name="CVE-2016-8740">HTTP/2 CONTINUATION denial of service</name>
+ <h3 id="CVE-2016-8740">low:
+ <name name="CVE-2016-8740">HTTP/2 CONTINUATION denial of service</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8740">CVE-2016-8740</a>)
</h3>
</dt>
@@ -485,8 +485,8 @@ and CDF/SEFCOM at Arizona State Universi
</table>
</dd>
<dt>
- <h3>low:
- <a name="CVE-2016-2161"/><name name="CVE-2016-2161">DoS vulnerability in mod_auth_digest</name>
+ <h3 id="CVE-2016-2161">low:
+ <name name="CVE-2016-2161">DoS vulnerability in mod_auth_digest</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2161">CVE-2016-2161</a>)
</h3>
</dt>
@@ -518,8 +518,8 @@ We would like to thank Maksim Malyutin f
</table>
</dd>
<dt>
- <h3>low:
- <a name="CVE-2016-0736"/><name name="CVE-2016-0736">Padding Oracle in Apache mod_session_crypto</name>
+ <h3 id="CVE-2016-0736">low:
+ <name name="CVE-2016-0736">Padding Oracle in Apache mod_session_crypto</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0736">CVE-2016-0736</a>)
</h3>
</dt>
@@ -556,8 +556,8 @@ this issue.
</table>
</dd>
<dt>
- <h3>n/a:
- <a name="CVE-2016-5387"/><name name="CVE-2016-5387">HTTP_PROXY environment variable "httpoxy" mitigation</name>
+ <h3 id="CVE-2016-5387">n/a:
+ <name name="CVE-2016-5387">HTTP_PROXY environment variable "httpoxy" mitigation</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5387">CVE-2016-5387</a>)
</h3>
</dt>
@@ -605,8 +605,8 @@ for reporting and proposing a fix for th
</dl><br/><h1 id="2.4.23">
Fixed in Apache httpd 2.4.23</h1><dl>
<dt>
- <h3>important:
- <a name="CVE-2016-4979"/><name name="CVE-2016-4979">TLS/SSL X.509 client certificate auth bypass with HTTP/2</name>
+ <h3 id="CVE-2016-4979">important:
+ <name name="CVE-2016-4979">TLS/SSL X.509 client certificate auth bypass with HTTP/2</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4979">CVE-2016-4979</a>)
</h3>
</dt>
@@ -644,8 +644,8 @@ This issue was reported by Erki Aring.
</dl><br/><h1 id="2.4.20">
Fixed in Apache httpd 2.4.20</h1><dl>
<dt>
- <h3>low:
- <a name="CVE-2016-1546"/><name name="CVE-2016-1546">mod_http2: denial of service by thread starvation</name>
+ <h3 id="CVE-2016-1546">low:
+ <name name="CVE-2016-1546">mod_http2: denial of service by thread starvation</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1546">CVE-2016-1546</a>)
</h3>
</dt>
@@ -683,8 +683,8 @@ This issue was reported by Noam Mazor.
</dl><br/><h1 id="2.4.16">
Fixed in Apache httpd 2.4.16</h1><dl>
<dt>
- <h3>low:
- <a name="CVE-2015-0228"/><name name="CVE-2015-0228">mod_lua: Crash in websockets PING handling</name>
+ <h3 id="CVE-2015-0228">low:
+ <name name="CVE-2015-0228">mod_lua: Crash in websockets PING handling</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0228">CVE-2015-0228</a>)
</h3>
</dt>
@@ -720,8 +720,8 @@ This issue was reported by Guido Vranken
</table>
</dd>
<dt>
- <h3>low:
- <a name="CVE-2015-0253"/><name name="CVE-2015-0253">Crash in ErrorDocument 400 handling</name>
+ <h3 id="CVE-2015-0253">low:
+ <name name="CVE-2015-0253">Crash in ErrorDocument 400 handling</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0253">CVE-2015-0253</a>)
</h3>
</dt>
@@ -755,8 +755,8 @@ This issue was reported by Guido Vranken
</table>
</dd>
<dt>
- <h3>low:
- <a name="CVE-2015-3183"/><name name="CVE-2015-3183">HTTP request smuggling attack against chunked request parser</name>
+ <h3 id="CVE-2015-3183">low:
+ <name name="CVE-2015-3183">HTTP request smuggling attack against chunked request parser</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3183">CVE-2015-3183</a>)
</h3>
</dt>
@@ -792,8 +792,8 @@ This issue was reported by Régis Lero
</table>
</dd>
<dt>
- <h3>low:
- <a name="CVE-2015-3185"/><name name="CVE-2015-3185">ap_some_auth_required API unusable</name>
+ <h3 id="CVE-2015-3185">low:
+ <name name="CVE-2015-3185">ap_some_auth_required API unusable</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3185">CVE-2015-3185</a>)
</h3>
</dt>
@@ -837,8 +837,8 @@ This issue was reported by Ben Reser.
</dl><br/><h1 id="2.4.12">
Fixed in Apache httpd 2.4.12</h1><dl>
<dt>
- <h3>low:
- <a name="CVE-2014-8109"/><name name="CVE-2014-8109">mod_lua multiple "Require" directive handling is broken</name>
+ <h3 id="CVE-2014-8109">low:
+ <name name="CVE-2014-8109">mod_lua multiple "Require" directive handling is broken</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8109">CVE-2014-8109</a>)
</h3>
</dt>
@@ -864,8 +864,8 @@ lead to different authentication rules t
</table>
</dd>
<dt>
- <h3>low:
- <a name="CVE-2014-3583"/><name name="CVE-2014-3583">mod_proxy_fcgi out-of-bounds memory read</name>
+ <h3 id="CVE-2014-3583">low:
+ <name name="CVE-2014-3583">mod_proxy_fcgi out-of-bounds memory read</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3583">CVE-2014-3583</a>)
</h3>
</dt>
@@ -899,8 +899,8 @@ This issue was reported by Teguh P. Alko
</table>
</dd>
<dt>
- <h3>low:
- <a name="CVE-2014-3581"/><name name="CVE-2014-3581">mod_cache crash with empty Content-Type header</name>
+ <h3 id="CVE-2014-3581">low:
+ <name name="CVE-2014-3581">mod_cache crash with empty Content-Type header</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3581">CVE-2014-3581</a>)
</h3>
</dt>
@@ -926,8 +926,8 @@ This crash would only be a denial of ser
</table>
</dd>
<dt>
- <h3>low:
- <a name="CVE-2013-5704"/><name name="CVE-2013-5704">HTTP Trailers processing bypass</name>
+ <h3 id="CVE-2013-5704">low:
+ <name name="CVE-2013-5704">HTTP Trailers processing bypass</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5704">CVE-2013-5704</a>)
</h3>
</dt>
@@ -963,8 +963,8 @@ This issue was reported by Martin Holst
</dl><br/><h1 id="2.4.10">
Fixed in Apache httpd 2.4.10</h1><dl>
<dt>
- <h3>important:
- <a name="CVE-2014-0231"/><name name="CVE-2014-0231">mod_cgid denial of service</name>
+ <h3 id="CVE-2014-0231">important:
+ <name name="CVE-2014-0231">mod_cgid denial of service</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0231">CVE-2014-0231</a>)
</h3>
</dt>
@@ -998,8 +998,8 @@ This issue was reported by Rainer Jung o
</table>
</dd>
<dt>
- <h3>important:
- <a name="CVE-2014-3523"/><name name="CVE-2014-3523">WinNT MPM denial of service</name>
+ <h3 id="CVE-2014-3523">important:
+ <name name="CVE-2014-3523">WinNT MPM denial of service</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3523">CVE-2014-3523</a>)
</h3>
</dt>
@@ -1033,8 +1033,8 @@ This issue was reported by Jeff Trawick
</table>
</dd>
<dt>
- <h3>moderate:
- <a name="CVE-2014-0117"/><name name="CVE-2014-0117">mod_proxy denial of service</name>
+ <h3 id="CVE-2014-0117">moderate:
+ <name name="CVE-2014-0117">mod_proxy denial of service</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0117">CVE-2014-0117</a>)
</h3>
</dt>
@@ -1067,8 +1067,8 @@ This issue was reported by Marek Kroemek
</table>
</dd>
<dt>
- <h3>moderate:
- <a name="CVE-2014-0118"/><name name="CVE-2014-0118">mod_deflate denial of service</name>
+ <h3 id="CVE-2014-0118">moderate:
+ <name name="CVE-2014-0118">mod_deflate denial of service</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0118">CVE-2014-0118</a>)
</h3>
</dt>
@@ -1103,8 +1103,8 @@ This issue was reported by Giancarlo Pel
</table>
</dd>
<dt>
- <h3>moderate:
- <a name="CVE-2014-0226"/><name name="CVE-2014-0226">mod_status buffer overflow</name>
+ <h3 id="CVE-2014-0226">moderate:
+ <name name="CVE-2014-0226">mod_status buffer overflow</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0226">CVE-2014-0226</a>)
</h3>
</dt>
@@ -1142,8 +1142,8 @@ This issue was reported by Marek Kroemek
</dl><br/><h1 id="2.4.7">
Fixed in Apache httpd 2.4.7</h1><dl>
<dt>
- <h3>low:
- <a name="CVE-2013-4352"/><name name="CVE-2013-4352">mod_cache crash</name>
+ <h3 id="CVE-2013-4352">low:
+ <name name="CVE-2013-4352">mod_cache crash</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4352">CVE-2013-4352</a>)
</h3>
</dt>
@@ -1176,8 +1176,8 @@ security impact was not disclosed at the
</dl><br/><h1 id="2.4.9">
Fixed in Apache httpd 2.4.9</h1><dl>
<dt>
- <h3>low:
- <a name="CVE-2014-0098"/><name name="CVE-2014-0098">mod_log_config crash</name>
+ <h3 id="CVE-2014-0098">low:
+ <name name="CVE-2014-0098">mod_log_config crash</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0098">CVE-2014-0098</a>)
</h3>
</dt>
@@ -1210,8 +1210,8 @@ This issue was reported by Rainer M Cana
</table>
</dd>
<dt>
- <h3>moderate:
- <a name="CVE-2013-6438"/><name name="CVE-2013-6438">mod_dav crash</name>
+ <h3 id="CVE-2013-6438">moderate:
+ <name name="CVE-2013-6438">mod_dav crash</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6438">CVE-2013-6438</a>)
</h3>
</dt>
@@ -1247,8 +1247,8 @@ This issue was reported by Ning Zhang &a
</dl><br/><h1 id="2.4.6">
Fixed in Apache httpd 2.4.6</h1><dl>
<dt>
- <h3>moderate:
- <a name="CVE-2013-1896"/><name name="CVE-2013-1896">mod_dav crash</name>
+ <h3 id="CVE-2013-1896">moderate:
+ <name name="CVE-2013-1896">mod_dav crash</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1896">CVE-2013-1896</a>)
</h3>
</dt>
@@ -1281,8 +1281,8 @@ This issue was reported by Ben Reser
</table>
</dd>
<dt>
- <h3>moderate:
- <a name="CVE-2013-2249"/><name name="CVE-2013-2249">mod_session_dbd session fixation flaw</name>
+ <h3 id="CVE-2013-2249">moderate:
+ <name name="CVE-2013-2249">mod_session_dbd session fixation flaw</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2249">CVE-2013-2249</a>)
</h3>
</dt>
@@ -1317,8 +1317,8 @@ This issue was reported by Takashi Sato
</dl><br/><h1 id="2.4.4">
Fixed in Apache httpd 2.4.4</h1><dl>
<dt>
- <h3>low:
- <a name="CVE-2012-3499"/><name name="CVE-2012-3499">XSS due to unescaped hostnames</name>
+ <h3 id="CVE-2012-3499">low:
+ <name name="CVE-2012-3499">XSS due to unescaped hostnames</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3499">CVE-2012-3499</a>)
</h3>
</dt>
@@ -1350,8 +1350,8 @@ This issue was reported by Niels Heinen
</table>
</dd>
<dt>
- <h3>moderate:
- <a name="CVE-2012-4558"/><name name="CVE-2012-4558">XSS in mod_proxy_balancer</name>
+ <h3 id="CVE-2012-4558">moderate:
+ <name name="CVE-2012-4558">XSS in mod_proxy_balancer</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4558">CVE-2012-4558</a>)
</h3>
</dt>
@@ -1384,8 +1384,8 @@ This issue was reported by Niels Heinen
</dl><br/><h1 id="2.4.3">
Fixed in Apache httpd 2.4.3</h1><dl>
<dt>
- <h3>important:
- <a name="CVE-2012-3502"/><name name="CVE-2012-3502">Response mixup when using mod_proxy_ajp or mod_proxy_http</name>
+ <h3 id="CVE-2012-3502">important:
+ <name name="CVE-2012-3502">Response mixup when using mod_proxy_ajp or mod_proxy_http</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3502">CVE-2012-3502</a>)
</h3>
</dt>
@@ -1412,8 +1412,8 @@ between users.
</table>
</dd>
<dt>
- <h3>low:
- <a name="CVE-2012-2687"/><name name="CVE-2012-2687">XSS in mod_negotiation when untrusted uploads are supported</name>
+ <h3 id="CVE-2012-2687">low:
+ <name name="CVE-2012-2687">XSS in mod_negotiation when untrusted uploads are supported</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2687">CVE-2012-2687</a>)
</h3>
</dt>
@@ -1445,8 +1445,8 @@ untrusted uploads to locations which hav
</dl><br/><h1 id="2.4.2">
Fixed in Apache httpd 2.4.2</h1><dl>
<dt>
- <h3>low:
- <a name="CVE-2012-0883"/><name name="CVE-2012-0883">insecure LD_LIBRARY_PATH handling</name>
+ <h3 id="CVE-2012-0883">low:
+ <name name="CVE-2012-0883">insecure LD_LIBRARY_PATH handling</name>
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0883">CVE-2012-0883</a>)
</h3>
</dt>