You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by mj...@apache.org on 2007/07/30 10:29:09 UTC
svn commit: r560887 - in /httpd/site/trunk: docs/security/ xdocs/security/
Author: mjc
Date: Mon Jul 30 01:28:59 2007
New Revision: 560887
URL: http://svn.apache.org/viewvc?view=rev&rev=560887
Log:
CVE-2006-5752 was committed to 1.3 dev, so update vulns pages
Modified:
httpd/site/trunk/docs/security/vulnerabilities-oval.xml
httpd/site/trunk/docs/security/vulnerabilities_13.html
httpd/site/trunk/docs/security/vulnerabilities_20.html
httpd/site/trunk/docs/security/vulnerabilities_22.html
httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
httpd/site/trunk/xdocs/security/vulnerabilities_22.xml
Modified: httpd/site/trunk/docs/security/vulnerabilities-oval.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/docs/security/vulnerabilities-oval.xml?view=diff&rev=560887&r1=560886&r2=560887
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities-oval.xml (original)
+++ httpd/site/trunk/docs/security/vulnerabilities-oval.xml Mon Jul 30 01:28:59 2007
@@ -5,6 +5,82 @@
<oval:timestamp>2005-10-12T18:13:45</oval:timestamp>
</generator>
<definitions>
+<definition id="oval:org.apache.httpd:def:20065752" version="1" class="vulnerability">
+<metadata>
+<title>mod_status cross-site scripting</title>
+<reference source="CVE" ref_id="CVE-2006-5752" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752"/>
+<description>
+A flaw was found in the mod_status module. On sites where the
+server-status page is publicly accessible and ExtendedStatus is
+enabled this could lead to a cross-site scripting attack.
+Note that the server-status
+page is not enabled by default and it is best practice to not make
+this publicly available.</description>
+<apache_httpd_repository>
+<public>20070620</public>
+<reported>20061019</reported>
+<released/>
+<severity level="3">moderate</severity>
+</apache_httpd_repository>
+</metadata>
+<criteria operator="OR">
+<criteria operator="OR">
+<criterion test_ref="oval:org.apache.httpd:tst:1337" comment="the version of httpd is 1.3.37"/>
+<criterion test_ref="oval:org.apache.httpd:tst:1336" comment="the version of httpd is 1.3.36"/>
+<criterion test_ref="oval:org.apache.httpd:tst:1335" comment="the version of httpd is 1.3.35"/>
+<criterion test_ref="oval:org.apache.httpd:tst:1334" comment="the version of httpd is 1.3.34"/>
+<criterion test_ref="oval:org.apache.httpd:tst:1333" comment="the version of httpd is 1.3.33"/>
+<criterion test_ref="oval:org.apache.httpd:tst:1332" comment="the version of httpd is 1.3.32"/>
+<criterion test_ref="oval:org.apache.httpd:tst:1331" comment="the version of httpd is 1.3.31"/>
+<criterion test_ref="oval:org.apache.httpd:tst:1329" comment="the version of httpd is 1.3.29"/>
+<criterion test_ref="oval:org.apache.httpd:tst:1328" comment="the version of httpd is 1.3.28"/>
+<criterion test_ref="oval:org.apache.httpd:tst:1327" comment="the version of httpd is 1.3.27"/>
+<criterion test_ref="oval:org.apache.httpd:tst:1326" comment="the version of httpd is 1.3.26"/>
+<criterion test_ref="oval:org.apache.httpd:tst:1324" comment="the version of httpd is 1.3.24"/>
+<criterion test_ref="oval:org.apache.httpd:tst:1322" comment="the version of httpd is 1.3.22"/>
+<criterion test_ref="oval:org.apache.httpd:tst:1320" comment="the version of httpd is 1.3.20"/>
+<criterion test_ref="oval:org.apache.httpd:tst:1319" comment="the version of httpd is 1.3.19"/>
+<criterion test_ref="oval:org.apache.httpd:tst:1317" comment="the version of httpd is 1.3.17"/>
+<criterion test_ref="oval:org.apache.httpd:tst:1314" comment="the version of httpd is 1.3.14"/>
+<criterion test_ref="oval:org.apache.httpd:tst:1312" comment="the version of httpd is 1.3.12"/>
+<criterion test_ref="oval:org.apache.httpd:tst:1311" comment="the version of httpd is 1.3.11"/>
+<criterion test_ref="oval:org.apache.httpd:tst:139" comment="the version of httpd is 1.3.9"/>
+<criterion test_ref="oval:org.apache.httpd:tst:136" comment="the version of httpd is 1.3.6"/>
+<criterion test_ref="oval:org.apache.httpd:tst:134" comment="the version of httpd is 1.3.4"/>
+<criterion test_ref="oval:org.apache.httpd:tst:133" comment="the version of httpd is 1.3.3"/>
+<criterion test_ref="oval:org.apache.httpd:tst:132" comment="the version of httpd is 1.3.2"/>
+</criteria>
+<criteria operator="OR">
+<criterion test_ref="oval:org.apache.httpd:tst:2059" comment="the version of httpd is 2.0.59"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2058" comment="the version of httpd is 2.0.58"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2055" comment="the version of httpd is 2.0.55"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2054" comment="the version of httpd is 2.0.54"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2053" comment="the version of httpd is 2.0.53"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2052" comment="the version of httpd is 2.0.52"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2051" comment="the version of httpd is 2.0.51"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2050" comment="the version of httpd is 2.0.50"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2049" comment="the version of httpd is 2.0.49"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2048" comment="the version of httpd is 2.0.48"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2047" comment="the version of httpd is 2.0.47"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2046" comment="the version of httpd is 2.0.46"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2045" comment="the version of httpd is 2.0.45"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2044" comment="the version of httpd is 2.0.44"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2043" comment="the version of httpd is 2.0.43"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2042" comment="the version of httpd is 2.0.42"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2040" comment="the version of httpd is 2.0.40"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2039" comment="the version of httpd is 2.0.39"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2037" comment="the version of httpd is 2.0.37"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2036" comment="the version of httpd is 2.0.36"/>
+<criterion test_ref="oval:org.apache.httpd:tst:2035" comment="the version of httpd is 2.0.35"/>
+</criteria>
+<criteria operator="OR">
+<criterion test_ref="oval:org.apache.httpd:tst:224" comment="the version of httpd is 2.2.4"/>
+<criterion test_ref="oval:org.apache.httpd:tst:223" comment="the version of httpd is 2.2.3"/>
+<criterion test_ref="oval:org.apache.httpd:tst:222" comment="the version of httpd is 2.2.2"/>
+<criterion test_ref="oval:org.apache.httpd:tst:220" comment="the version of httpd is 2.2.0"/>
+</criteria>
+</criteria>
+</definition>
<definition id="oval:org.apache.httpd:def:20073304" version="1" class="vulnerability">
<metadata>
<title>Signals to arbitrary processes</title>
@@ -2384,6 +2460,102 @@
</definition>
</definitions>
<tests>
+<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:1337" version="1" comment="the version of httpd is 1.3.37" check="at least one">
+<object object_ref="oval:org.apache.httpd:obj:1"/>
+<state state_ref="oval:org.apache.httpd:ste:1337"/>
+</httpd_test>
+<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:1336" version="1" comment="the version of httpd is 1.3.36" check="at least one">
+<object object_ref="oval:org.apache.httpd:obj:1"/>
+<state state_ref="oval:org.apache.httpd:ste:1336"/>
+</httpd_test>
+<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:1335" version="1" comment="the version of httpd is 1.3.35" check="at least one">
+<object object_ref="oval:org.apache.httpd:obj:1"/>
+<state state_ref="oval:org.apache.httpd:ste:1335"/>
+</httpd_test>
+<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:1334" version="1" comment="the version of httpd is 1.3.34" check="at least one">
+<object object_ref="oval:org.apache.httpd:obj:1"/>
+<state state_ref="oval:org.apache.httpd:ste:1334"/>
+</httpd_test>
+<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:1333" version="1" comment="the version of httpd is 1.3.33" check="at least one">
+<object object_ref="oval:org.apache.httpd:obj:1"/>
+<state state_ref="oval:org.apache.httpd:ste:1333"/>
+</httpd_test>
+<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:1332" version="1" comment="the version of httpd is 1.3.32" check="at least one">
+<object object_ref="oval:org.apache.httpd:obj:1"/>
+<state state_ref="oval:org.apache.httpd:ste:1332"/>
+</httpd_test>
+<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:1331" version="1" comment="the version of httpd is 1.3.31" check="at least one">
+<object object_ref="oval:org.apache.httpd:obj:1"/>
+<state state_ref="oval:org.apache.httpd:ste:1331"/>
+</httpd_test>
+<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:1329" version="1" comment="the version of httpd is 1.3.29" check="at least one">
+<object object_ref="oval:org.apache.httpd:obj:1"/>
+<state state_ref="oval:org.apache.httpd:ste:1329"/>
+</httpd_test>
+<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:1328" version="1" comment="the version of httpd is 1.3.28" check="at least one">
+<object object_ref="oval:org.apache.httpd:obj:1"/>
+<state state_ref="oval:org.apache.httpd:ste:1328"/>
+</httpd_test>
+<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:1327" version="1" comment="the version of httpd is 1.3.27" check="at least one">
+<object object_ref="oval:org.apache.httpd:obj:1"/>
+<state state_ref="oval:org.apache.httpd:ste:1327"/>
+</httpd_test>
+<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:1326" version="1" comment="the version of httpd is 1.3.26" check="at least one">
+<object object_ref="oval:org.apache.httpd:obj:1"/>
+<state state_ref="oval:org.apache.httpd:ste:1326"/>
+</httpd_test>
+<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:1324" version="1" comment="the version of httpd is 1.3.24" check="at least one">
+<object object_ref="oval:org.apache.httpd:obj:1"/>
+<state state_ref="oval:org.apache.httpd:ste:1324"/>
+</httpd_test>
+<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:1322" version="1" comment="the version of httpd is 1.3.22" check="at least one">
+<object object_ref="oval:org.apache.httpd:obj:1"/>
+<state state_ref="oval:org.apache.httpd:ste:1322"/>
+</httpd_test>
+<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:1320" version="1" comment="the version of httpd is 1.3.20" check="at least one">
+<object object_ref="oval:org.apache.httpd:obj:1"/>
+<state state_ref="oval:org.apache.httpd:ste:1320"/>
+</httpd_test>
+<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:1319" version="1" comment="the version of httpd is 1.3.19" check="at least one">
+<object object_ref="oval:org.apache.httpd:obj:1"/>
+<state state_ref="oval:org.apache.httpd:ste:1319"/>
+</httpd_test>
+<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:1317" version="1" comment="the version of httpd is 1.3.17" check="at least one">
+<object object_ref="oval:org.apache.httpd:obj:1"/>
+<state state_ref="oval:org.apache.httpd:ste:1317"/>
+</httpd_test>
+<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:1314" version="1" comment="the version of httpd is 1.3.14" check="at least one">
+<object object_ref="oval:org.apache.httpd:obj:1"/>
+<state state_ref="oval:org.apache.httpd:ste:1314"/>
+</httpd_test>
+<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:1312" version="1" comment="the version of httpd is 1.3.12" check="at least one">
+<object object_ref="oval:org.apache.httpd:obj:1"/>
+<state state_ref="oval:org.apache.httpd:ste:1312"/>
+</httpd_test>
+<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:1311" version="1" comment="the version of httpd is 1.3.11" check="at least one">
+<object object_ref="oval:org.apache.httpd:obj:1"/>
+<state state_ref="oval:org.apache.httpd:ste:1311"/>
+</httpd_test>
+<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:139" version="1" comment="the version of httpd is 1.3.9" check="at least one">
+<object object_ref="oval:org.apache.httpd:obj:1"/>
+<state state_ref="oval:org.apache.httpd:ste:139"/>
+</httpd_test>
+<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:136" version="1" comment="the version of httpd is 1.3.6" check="at least one">
+<object object_ref="oval:org.apache.httpd:obj:1"/>
+<state state_ref="oval:org.apache.httpd:ste:136"/>
+</httpd_test>
+<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:134" version="1" comment="the version of httpd is 1.3.4" check="at least one">
+<object object_ref="oval:org.apache.httpd:obj:1"/>
+<state state_ref="oval:org.apache.httpd:ste:134"/>
+</httpd_test>
+<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:133" version="1" comment="the version of httpd is 1.3.3" check="at least one">
+<object object_ref="oval:org.apache.httpd:obj:1"/>
+<state state_ref="oval:org.apache.httpd:ste:133"/>
+</httpd_test>
+<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:132" version="1" comment="the version of httpd is 1.3.2" check="at least one">
+<object object_ref="oval:org.apache.httpd:obj:1"/>
+<state state_ref="oval:org.apache.httpd:ste:132"/>
+</httpd_test>
<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:2059" version="1" comment="the version of httpd is 2.0.59" check="at least one">
<object object_ref="oval:org.apache.httpd:obj:1"/>
<state state_ref="oval:org.apache.httpd:ste:2059"/>
@@ -2484,102 +2656,6 @@
<object object_ref="oval:org.apache.httpd:obj:1"/>
<state state_ref="oval:org.apache.httpd:ste:220"/>
</httpd_test>
-<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:1337" version="1" comment="the version of httpd is 1.3.37" check="at least one">
-<object object_ref="oval:org.apache.httpd:obj:1"/>
-<state state_ref="oval:org.apache.httpd:ste:1337"/>
-</httpd_test>
-<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:1336" version="1" comment="the version of httpd is 1.3.36" check="at least one">
-<object object_ref="oval:org.apache.httpd:obj:1"/>
-<state state_ref="oval:org.apache.httpd:ste:1336"/>
-</httpd_test>
-<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:1335" version="1" comment="the version of httpd is 1.3.35" check="at least one">
-<object object_ref="oval:org.apache.httpd:obj:1"/>
-<state state_ref="oval:org.apache.httpd:ste:1335"/>
-</httpd_test>
-<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:1334" version="1" comment="the version of httpd is 1.3.34" check="at least one">
-<object object_ref="oval:org.apache.httpd:obj:1"/>
-<state state_ref="oval:org.apache.httpd:ste:1334"/>
-</httpd_test>
-<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:1333" version="1" comment="the version of httpd is 1.3.33" check="at least one">
-<object object_ref="oval:org.apache.httpd:obj:1"/>
-<state state_ref="oval:org.apache.httpd:ste:1333"/>
-</httpd_test>
-<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:1332" version="1" comment="the version of httpd is 1.3.32" check="at least one">
-<object object_ref="oval:org.apache.httpd:obj:1"/>
-<state state_ref="oval:org.apache.httpd:ste:1332"/>
-</httpd_test>
-<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:1331" version="1" comment="the version of httpd is 1.3.31" check="at least one">
-<object object_ref="oval:org.apache.httpd:obj:1"/>
-<state state_ref="oval:org.apache.httpd:ste:1331"/>
-</httpd_test>
-<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:1329" version="1" comment="the version of httpd is 1.3.29" check="at least one">
-<object object_ref="oval:org.apache.httpd:obj:1"/>
-<state state_ref="oval:org.apache.httpd:ste:1329"/>
-</httpd_test>
-<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:1328" version="1" comment="the version of httpd is 1.3.28" check="at least one">
-<object object_ref="oval:org.apache.httpd:obj:1"/>
-<state state_ref="oval:org.apache.httpd:ste:1328"/>
-</httpd_test>
-<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:1327" version="1" comment="the version of httpd is 1.3.27" check="at least one">
-<object object_ref="oval:org.apache.httpd:obj:1"/>
-<state state_ref="oval:org.apache.httpd:ste:1327"/>
-</httpd_test>
-<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:1326" version="1" comment="the version of httpd is 1.3.26" check="at least one">
-<object object_ref="oval:org.apache.httpd:obj:1"/>
-<state state_ref="oval:org.apache.httpd:ste:1326"/>
-</httpd_test>
-<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:1324" version="1" comment="the version of httpd is 1.3.24" check="at least one">
-<object object_ref="oval:org.apache.httpd:obj:1"/>
-<state state_ref="oval:org.apache.httpd:ste:1324"/>
-</httpd_test>
-<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:1322" version="1" comment="the version of httpd is 1.3.22" check="at least one">
-<object object_ref="oval:org.apache.httpd:obj:1"/>
-<state state_ref="oval:org.apache.httpd:ste:1322"/>
-</httpd_test>
-<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:1320" version="1" comment="the version of httpd is 1.3.20" check="at least one">
-<object object_ref="oval:org.apache.httpd:obj:1"/>
-<state state_ref="oval:org.apache.httpd:ste:1320"/>
-</httpd_test>
-<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:1319" version="1" comment="the version of httpd is 1.3.19" check="at least one">
-<object object_ref="oval:org.apache.httpd:obj:1"/>
-<state state_ref="oval:org.apache.httpd:ste:1319"/>
-</httpd_test>
-<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:1317" version="1" comment="the version of httpd is 1.3.17" check="at least one">
-<object object_ref="oval:org.apache.httpd:obj:1"/>
-<state state_ref="oval:org.apache.httpd:ste:1317"/>
-</httpd_test>
-<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:1314" version="1" comment="the version of httpd is 1.3.14" check="at least one">
-<object object_ref="oval:org.apache.httpd:obj:1"/>
-<state state_ref="oval:org.apache.httpd:ste:1314"/>
-</httpd_test>
-<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:1312" version="1" comment="the version of httpd is 1.3.12" check="at least one">
-<object object_ref="oval:org.apache.httpd:obj:1"/>
-<state state_ref="oval:org.apache.httpd:ste:1312"/>
-</httpd_test>
-<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:1311" version="1" comment="the version of httpd is 1.3.11" check="at least one">
-<object object_ref="oval:org.apache.httpd:obj:1"/>
-<state state_ref="oval:org.apache.httpd:ste:1311"/>
-</httpd_test>
-<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:139" version="1" comment="the version of httpd is 1.3.9" check="at least one">
-<object object_ref="oval:org.apache.httpd:obj:1"/>
-<state state_ref="oval:org.apache.httpd:ste:139"/>
-</httpd_test>
-<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:136" version="1" comment="the version of httpd is 1.3.6" check="at least one">
-<object object_ref="oval:org.apache.httpd:obj:1"/>
-<state state_ref="oval:org.apache.httpd:ste:136"/>
-</httpd_test>
-<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:134" version="1" comment="the version of httpd is 1.3.4" check="at least one">
-<object object_ref="oval:org.apache.httpd:obj:1"/>
-<state state_ref="oval:org.apache.httpd:ste:134"/>
-</httpd_test>
-<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:133" version="1" comment="the version of httpd is 1.3.3" check="at least one">
-<object object_ref="oval:org.apache.httpd:obj:1"/>
-<state state_ref="oval:org.apache.httpd:ste:133"/>
-</httpd_test>
-<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:132" version="1" comment="the version of httpd is 1.3.2" check="at least one">
-<object object_ref="oval:org.apache.httpd:obj:1"/>
-<state state_ref="oval:org.apache.httpd:ste:132"/>
-</httpd_test>
<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:131" version="1" comment="the version of httpd is 1.3.1" check="at least one">
<object object_ref="oval:org.apache.httpd:obj:1"/>
<state state_ref="oval:org.apache.httpd:ste:131"/>
@@ -2597,6 +2673,78 @@
</httpd_object>
</objects>
<states>
+<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:1337" version="1" comment="the version of httpd is 1.3.37">
+<version operation="equals" datatype="version">1.3.37</version>
+</httpd_state>
+<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:1336" version="1" comment="the version of httpd is 1.3.36">
+<version operation="equals" datatype="version">1.3.36</version>
+</httpd_state>
+<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:1335" version="1" comment="the version of httpd is 1.3.35">
+<version operation="equals" datatype="version">1.3.35</version>
+</httpd_state>
+<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:1334" version="1" comment="the version of httpd is 1.3.34">
+<version operation="equals" datatype="version">1.3.34</version>
+</httpd_state>
+<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:1333" version="1" comment="the version of httpd is 1.3.33">
+<version operation="equals" datatype="version">1.3.33</version>
+</httpd_state>
+<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:1332" version="1" comment="the version of httpd is 1.3.32">
+<version operation="equals" datatype="version">1.3.32</version>
+</httpd_state>
+<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:1331" version="1" comment="the version of httpd is 1.3.31">
+<version operation="equals" datatype="version">1.3.31</version>
+</httpd_state>
+<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:1329" version="1" comment="the version of httpd is 1.3.29">
+<version operation="equals" datatype="version">1.3.29</version>
+</httpd_state>
+<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:1328" version="1" comment="the version of httpd is 1.3.28">
+<version operation="equals" datatype="version">1.3.28</version>
+</httpd_state>
+<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:1327" version="1" comment="the version of httpd is 1.3.27">
+<version operation="equals" datatype="version">1.3.27</version>
+</httpd_state>
+<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:1326" version="1" comment="the version of httpd is 1.3.26">
+<version operation="equals" datatype="version">1.3.26</version>
+</httpd_state>
+<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:1324" version="1" comment="the version of httpd is 1.3.24">
+<version operation="equals" datatype="version">1.3.24</version>
+</httpd_state>
+<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:1322" version="1" comment="the version of httpd is 1.3.22">
+<version operation="equals" datatype="version">1.3.22</version>
+</httpd_state>
+<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:1320" version="1" comment="the version of httpd is 1.3.20">
+<version operation="equals" datatype="version">1.3.20</version>
+</httpd_state>
+<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:1319" version="1" comment="the version of httpd is 1.3.19">
+<version operation="equals" datatype="version">1.3.19</version>
+</httpd_state>
+<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:1317" version="1" comment="the version of httpd is 1.3.17">
+<version operation="equals" datatype="version">1.3.17</version>
+</httpd_state>
+<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:1314" version="1" comment="the version of httpd is 1.3.14">
+<version operation="equals" datatype="version">1.3.14</version>
+</httpd_state>
+<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:1312" version="1" comment="the version of httpd is 1.3.12">
+<version operation="equals" datatype="version">1.3.12</version>
+</httpd_state>
+<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:1311" version="1" comment="the version of httpd is 1.3.11">
+<version operation="equals" datatype="version">1.3.11</version>
+</httpd_state>
+<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:139" version="1" comment="the version of httpd is 1.3.9">
+<version operation="equals" datatype="version">1.3.9</version>
+</httpd_state>
+<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:136" version="1" comment="the version of httpd is 1.3.6">
+<version operation="equals" datatype="version">1.3.6</version>
+</httpd_state>
+<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:134" version="1" comment="the version of httpd is 1.3.4">
+<version operation="equals" datatype="version">1.3.4</version>
+</httpd_state>
+<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:133" version="1" comment="the version of httpd is 1.3.3">
+<version operation="equals" datatype="version">1.3.3</version>
+</httpd_state>
+<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:132" version="1" comment="the version of httpd is 1.3.2">
+<version operation="equals" datatype="version">1.3.2</version>
+</httpd_state>
<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:2059" version="1" comment="the version of httpd is 2.0.59">
<version operation="equals" datatype="version">2.0.59</version>
</httpd_state>
@@ -2671,78 +2819,6 @@
</httpd_state>
<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:220" version="1" comment="the version of httpd is 2.2.0">
<version operation="equals" datatype="version">2.2.0</version>
-</httpd_state>
-<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:1337" version="1" comment="the version of httpd is 1.3.37">
-<version operation="equals" datatype="version">1.3.37</version>
-</httpd_state>
-<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:1336" version="1" comment="the version of httpd is 1.3.36">
-<version operation="equals" datatype="version">1.3.36</version>
-</httpd_state>
-<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:1335" version="1" comment="the version of httpd is 1.3.35">
-<version operation="equals" datatype="version">1.3.35</version>
-</httpd_state>
-<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:1334" version="1" comment="the version of httpd is 1.3.34">
-<version operation="equals" datatype="version">1.3.34</version>
-</httpd_state>
-<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:1333" version="1" comment="the version of httpd is 1.3.33">
-<version operation="equals" datatype="version">1.3.33</version>
-</httpd_state>
-<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:1332" version="1" comment="the version of httpd is 1.3.32">
-<version operation="equals" datatype="version">1.3.32</version>
-</httpd_state>
-<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:1331" version="1" comment="the version of httpd is 1.3.31">
-<version operation="equals" datatype="version">1.3.31</version>
-</httpd_state>
-<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:1329" version="1" comment="the version of httpd is 1.3.29">
-<version operation="equals" datatype="version">1.3.29</version>
-</httpd_state>
-<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:1328" version="1" comment="the version of httpd is 1.3.28">
-<version operation="equals" datatype="version">1.3.28</version>
-</httpd_state>
-<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:1327" version="1" comment="the version of httpd is 1.3.27">
-<version operation="equals" datatype="version">1.3.27</version>
-</httpd_state>
-<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:1326" version="1" comment="the version of httpd is 1.3.26">
-<version operation="equals" datatype="version">1.3.26</version>
-</httpd_state>
-<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:1324" version="1" comment="the version of httpd is 1.3.24">
-<version operation="equals" datatype="version">1.3.24</version>
-</httpd_state>
-<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:1322" version="1" comment="the version of httpd is 1.3.22">
-<version operation="equals" datatype="version">1.3.22</version>
-</httpd_state>
-<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:1320" version="1" comment="the version of httpd is 1.3.20">
-<version operation="equals" datatype="version">1.3.20</version>
-</httpd_state>
-<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:1319" version="1" comment="the version of httpd is 1.3.19">
-<version operation="equals" datatype="version">1.3.19</version>
-</httpd_state>
-<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:1317" version="1" comment="the version of httpd is 1.3.17">
-<version operation="equals" datatype="version">1.3.17</version>
-</httpd_state>
-<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:1314" version="1" comment="the version of httpd is 1.3.14">
-<version operation="equals" datatype="version">1.3.14</version>
-</httpd_state>
-<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:1312" version="1" comment="the version of httpd is 1.3.12">
-<version operation="equals" datatype="version">1.3.12</version>
-</httpd_state>
-<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:1311" version="1" comment="the version of httpd is 1.3.11">
-<version operation="equals" datatype="version">1.3.11</version>
-</httpd_state>
-<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:139" version="1" comment="the version of httpd is 1.3.9">
-<version operation="equals" datatype="version">1.3.9</version>
-</httpd_state>
-<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:136" version="1" comment="the version of httpd is 1.3.6">
-<version operation="equals" datatype="version">1.3.6</version>
-</httpd_state>
-<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:134" version="1" comment="the version of httpd is 1.3.4">
-<version operation="equals" datatype="version">1.3.4</version>
-</httpd_state>
-<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:133" version="1" comment="the version of httpd is 1.3.3">
-<version operation="equals" datatype="version">1.3.3</version>
-</httpd_state>
-<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:132" version="1" comment="the version of httpd is 1.3.2">
-<version operation="equals" datatype="version">1.3.2</version>
</httpd_state>
<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:131" version="1" comment="the version of httpd is 1.3.1">
<version operation="equals" datatype="version">1.3.1</version>
Modified: httpd/site/trunk/docs/security/vulnerabilities_13.html
URL: http://svn.apache.org/viewvc/httpd/site/trunk/docs/security/vulnerabilities_13.html?view=diff&rev=560887&r1=560886&r2=560887
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities_13.html (original)
+++ httpd/site/trunk/docs/security/vulnerabilities_13.html Mon Jul 30 01:28:59 2007
@@ -90,6 +90,25 @@
<dd>
<b>moderate: </b>
<b>
+<name name="CVE-2006-5752">mod_status cross-site scripting</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752">CVE-2006-5752</a>
+<p>
+A flaw was found in the mod_status module. On sites where the
+server-status page is publicly accessible and ExtendedStatus is
+enabled this could lead to a cross-site scripting attack.
+Note that the server-status
+page is not enabled by default and it is best practice to not make
+this publicly available.</p>
+</dd>
+<dd />
+<dd>
+ Affects:
+ 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2<p />
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
<name name="CVE-2007-3304">Signals to arbitrary processes</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304">CVE-2007-3304</a>
Modified: httpd/site/trunk/docs/security/vulnerabilities_20.html
URL: http://svn.apache.org/viewvc/httpd/site/trunk/docs/security/vulnerabilities_20.html?view=diff&rev=560887&r1=560886&r2=560887
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities_20.html (original)
+++ httpd/site/trunk/docs/security/vulnerabilities_20.html Mon Jul 30 01:28:59 2007
@@ -90,6 +90,25 @@
<dd>
<b>moderate: </b>
<b>
+<name name="CVE-2006-5752">mod_status cross-site scripting</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752">CVE-2006-5752</a>
+<p>
+A flaw was found in the mod_status module. On sites where the
+server-status page is publicly accessible and ExtendedStatus is
+enabled this could lead to a cross-site scripting attack.
+Note that the server-status
+page is not enabled by default and it is best practice to not make
+this publicly available.</p>
+</dd>
+<dd />
+<dd>
+ Affects:
+ 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
<name name="CVE-2007-3304">Signals to arbitrary processes</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304">CVE-2007-3304</a>
Modified: httpd/site/trunk/docs/security/vulnerabilities_22.html
URL: http://svn.apache.org/viewvc/httpd/site/trunk/docs/security/vulnerabilities_22.html?view=diff&rev=560887&r1=560886&r2=560887
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities_22.html (original)
+++ httpd/site/trunk/docs/security/vulnerabilities_22.html Mon Jul 30 01:28:59 2007
@@ -90,6 +90,25 @@
<dd>
<b>moderate: </b>
<b>
+<name name="CVE-2006-5752">mod_status cross-site scripting</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752">CVE-2006-5752</a>
+<p>
+A flaw was found in the mod_status module. On sites where the
+server-status page is publicly accessible and ExtendedStatus is
+enabled this could lead to a cross-site scripting attack.
+Note that the server-status
+page is not enabled by default and it is best practice to not make
+this publicly available.</p>
+</dd>
+<dd />
+<dd>
+ Affects:
+ 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
<name name="CVE-2007-3304">Signals to arbitrary processes</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304">CVE-2007-3304</a>
Modified: httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml?view=diff&rev=560887&r1=560886&r2=560887
==============================================================================
--- httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml (original)
+++ httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml Mon Jul 30 01:28:59 2007
@@ -1,4 +1,92 @@
-<security updated="20070717">
+<security updated="20070730">
+
+<issue fixed="1.3.38-dev" public="20070620" reported="20061019">
+<cve name="CVE-2006-5752"/>
+<severity level="3">moderate</severity>
+<title>mod_status cross-site scripting</title>
+<description><p>
+A flaw was found in the mod_status module. On sites where the
+server-status page is publicly accessible and ExtendedStatus is
+enabled this could lead to a cross-site scripting attack.
+Note that the server-status
+page is not enabled by default and it is best practice to not make
+this publicly available.</p></description>
+<affects prod="httpd" version="1.3.37"/>
+<affects prod="httpd" version="1.3.36"/>
+<affects prod="httpd" version="1.3.35"/>
+<affects prod="httpd" version="1.3.34"/>
+<affects prod="httpd" version="1.3.33"/>
+<affects prod="httpd" version="1.3.32"/>
+<affects prod="httpd" version="1.3.31"/>
+<affects prod="httpd" version="1.3.29"/>
+<affects prod="httpd" version="1.3.28"/>
+<affects prod="httpd" version="1.3.27"/>
+<affects prod="httpd" version="1.3.26"/>
+<affects prod="httpd" version="1.3.24"/>
+<affects prod="httpd" version="1.3.22"/>
+<affects prod="httpd" version="1.3.20"/>
+<affects prod="httpd" version="1.3.19"/>
+<affects prod="httpd" version="1.3.17"/>
+<affects prod="httpd" version="1.3.14"/>
+<affects prod="httpd" version="1.3.12"/>
+<affects prod="httpd" version="1.3.11"/>
+<affects prod="httpd" version="1.3.9"/>
+<affects prod="httpd" version="1.3.6"/>
+<affects prod="httpd" version="1.3.4"/>
+<affects prod="httpd" version="1.3.3"/>
+<affects prod="httpd" version="1.3.2"/>
+</issue>
+
+<issue fixed="2.0.60-dev" public="20070620" reported="20061019">
+<cve name="CVE-2006-5752"/>
+<severity level="3">moderate</severity>
+<title>mod_status cross-site scripting</title>
+<description><p>
+A flaw was found in the mod_status module. On sites where the
+server-status page is publicly accessible and ExtendedStatus is
+enabled this could lead to a cross-site scripting attack.
+Note that the server-status
+page is not enabled by default and it is best practice to not make
+this publicly available.</p></description>
+<affects prod="httpd" version="2.0.59"/>
+<affects prod="httpd" version="2.0.58"/>
+<affects prod="httpd" version="2.0.55"/>
+<affects prod="httpd" version="2.0.54"/>
+<affects prod="httpd" version="2.0.53"/>
+<affects prod="httpd" version="2.0.52"/>
+<affects prod="httpd" version="2.0.51"/>
+<affects prod="httpd" version="2.0.50"/>
+<affects prod="httpd" version="2.0.49"/>
+<affects prod="httpd" version="2.0.48"/>
+<affects prod="httpd" version="2.0.47"/>
+<affects prod="httpd" version="2.0.46"/>
+<affects prod="httpd" version="2.0.45"/>
+<affects prod="httpd" version="2.0.44"/>
+<affects prod="httpd" version="2.0.43"/>
+<affects prod="httpd" version="2.0.42"/>
+<affects prod="httpd" version="2.0.40"/>
+<affects prod="httpd" version="2.0.39"/>
+<affects prod="httpd" version="2.0.37"/>
+<affects prod="httpd" version="2.0.36"/>
+<affects prod="httpd" version="2.0.35"/>
+</issue>
+
+<issue fixed="2.2.5-dev" public="20070620" reported="20061019">
+<cve name="CVE-2006-5752"/>
+<severity level="3">moderate</severity>
+<title>mod_status cross-site scripting</title>
+<description><p>
+A flaw was found in the mod_status module. On sites where the
+server-status page is publicly accessible and ExtendedStatus is
+enabled this could lead to a cross-site scripting attack.
+Note that the server-status
+page is not enabled by default and it is best practice to not make
+this publicly available.</p></description>
+<affects prod="httpd" version="2.2.4"/>
+<affects prod="httpd" version="2.2.3"/>
+<affects prod="httpd" version="2.2.2"/>
+<affects prod="httpd" version="2.2.0"/>
+</issue>
<issue fixed="2.0.60-dev" public="20070619" reported="20060515">
<cve name="CVE-2007-3304"/>
Modified: httpd/site/trunk/xdocs/security/vulnerabilities_22.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/xdocs/security/vulnerabilities_22.xml?view=diff&rev=560887&r1=560886&r2=560887
==============================================================================
--- httpd/site/trunk/xdocs/security/vulnerabilities_22.xml (original)
+++ httpd/site/trunk/xdocs/security/vulnerabilities_22.xml Mon Jul 30 01:28:59 2007
@@ -25,6 +25,25 @@
<dd>
<b>moderate: </b>
<b>
+<name name="CVE-2006-5752">mod_status cross-site scripting</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752">CVE-2006-5752</a>
+<p>
+A flaw was found in the mod_status module. On sites where the
+server-status page is publicly accessible and ExtendedStatus is
+enabled this could lead to a cross-site scripting attack.
+Note that the server-status
+page is not enabled by default and it is best practice to not make
+this publicly available.</p>
+</dd>
+<dd/>
+<dd>
+ Affects:
+ 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/>
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
<name name="CVE-2007-3304">Signals to arbitrary processes</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304">CVE-2007-3304</a>