You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by bu...@apache.org on 2021/03/30 17:44:59 UTC

svn commit: r1073171 - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-11984.json security/json/CVE-2020-11993.json security/vulnerabilities_24.html

Author: buildbot
Date: Tue Mar 30 17:44:58 2021
New Revision: 1073171

Log:
Staging update by buildbot for httpd

Modified:
    websites/staging/httpd/trunk/content/   (props changed)
    websites/staging/httpd/trunk/content/security/json/CVE-2020-11984.json
    websites/staging/httpd/trunk/content/security/json/CVE-2020-11993.json
    websites/staging/httpd/trunk/content/security/vulnerabilities_24.html

Propchange: websites/staging/httpd/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Tue Mar 30 17:44:58 2021
@@ -1 +1 @@
-1888227
+1888228

Modified: websites/staging/httpd/trunk/content/security/json/CVE-2020-11984.json
==============================================================================
--- websites/staging/httpd/trunk/content/security/json/CVE-2020-11984.json (original)
+++ websites/staging/httpd/trunk/content/security/json/CVE-2020-11984.json Tue Mar 30 17:44:58 2021
@@ -61,7 +61,7 @@
     "description_data": [
       {
         "lang": "eng",
-        "value": "Apache HTTP Server versions 2.4.32 to 2.4.43 mod_proxy_uwsgi info disclosure and possible RCE"
+        "value": "In Apache HTTP Server versions 2.4.32 to 2.4.43, mod_proxy_uwsgi has a information disclosure and possible RCE"
       }
     ]
   },
@@ -120,4 +120,4 @@
       ]
     }
   }
-}
\ No newline at end of file
+}

Modified: websites/staging/httpd/trunk/content/security/json/CVE-2020-11993.json
==============================================================================
--- websites/staging/httpd/trunk/content/security/json/CVE-2020-11993.json (original)
+++ websites/staging/httpd/trunk/content/security/json/CVE-2020-11993.json Tue Mar 30 17:44:58 2021
@@ -61,7 +61,7 @@
     "description_data": [
       {
         "lang": "eng",
-        "value": "Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above \"info\" will mitigate this vulnerability for unpatched servers."
+        "value": "In Apache HTTP Server versions 2.4.20 to 2.4.43, when trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools.\nConfiguring the LogLevel of mod_http2 above \"info\" will mitigate this vulnerability for unpatched servers."
       }
     ]
   },
@@ -165,4 +165,4 @@
       ]
     }
   }
-}
\ No newline at end of file
+}

Modified: websites/staging/httpd/trunk/content/security/vulnerabilities_24.html
==============================================================================
--- websites/staging/httpd/trunk/content/security/vulnerabilities_24.html (original)
+++ websites/staging/httpd/trunk/content/security/vulnerabilities_24.html Tue Mar 30 17:44:58 2021
@@ -118,7 +118,7 @@ h2:hover > .headerlink, h3:hover > .head
 </table></dd>
 <dt><h3 id="CVE-2020-11984">moderate: <name name="CVE-2020-11984">mod_proxy_uwsgi buffer overflow</name>
 (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984">CVE-2020-11984</a>)</h3></dt>
-<dd><p>Apache HTTP Server versions 2.4.32 to 2.4.43 mod_proxy_uwsgi info disclosure and possible RCE</p>
+<dd><p>In Apache HTTP Server versions 2.4.32 to 2.4.43, mod_proxy_uwsgi has a information disclosure and possible RCE</p>
 <p>Acknowledgements: Discovered by Felix Wilhelm of Google Project Zero</p>
 <table class="cve"><tr><td class="cve-header">Reported to security team</td><td class="cve-value">2020-07-22</td></tr>
 <tr><td class="cve-header">Issue public</td><td class="cve-value">2020-08-07</td></tr>
@@ -127,7 +127,7 @@ h2:hover > .headerlink, h3:hover > .head
 </table></dd>
 <dt><h3 id="CVE-2020-11993">moderate: <name name="CVE-2020-11993">Push Diary Crash on Specifically Crafted HTTP/2 Header</name>
 (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993">CVE-2020-11993</a>)</h3></dt>
-<dd><p>Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers.</p>
+<dd><p>In Apache HTTP Server versions 2.4.20 to 2.4.43, when trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools.</p><p>Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers.</p>
 <p>Acknowledgements: Felix Wilhelm of Google Project Zero</p>
 <table class="cve"><tr><td class="cve-header">Reported to security team</td><td class="cve-value">2020-06-16</td></tr>
 <tr><td class="cve-header">Issue public</td><td class="cve-value">2020-08-07</td></tr>