You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by mj...@apache.org on 2011/01/06 14:20:04 UTC
svn commit: r1055863 - in /httpd/site/trunk:
docs/security/vulnerabilities_13.html docs/security/vulnerabilities_20.html
docs/security/vulnerabilities_22.html xdocs/stylesheets/securitydb.xsl
Author: mjc
Date: Thu Jan 6 13:20:04 2011
New Revision: 1055863
URL: http://svn.apache.org/viewvc?rev=1055863&view=rev
Log:
Expose the 'reported to security team' and 'issue public' fields that we
collect (and is publicly visible from svn anyway); many researchers find
this information useful in establishing the lifetime of vulnerabilities
and vendor response.
Modified:
httpd/site/trunk/docs/security/vulnerabilities_13.html
httpd/site/trunk/docs/security/vulnerabilities_20.html
httpd/site/trunk/docs/security/vulnerabilities_22.html
httpd/site/trunk/xdocs/stylesheets/securitydb.xsl
Modified: httpd/site/trunk/docs/security/vulnerabilities_13.html
URL: http://svn.apache.org/viewvc/httpd/site/trunk/docs/security/vulnerabilities_13.html?rev=1055863&r1=1055862&r2=1055863&view=diff
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities_13.html [utf-8] (original)
+++ httpd/site/trunk/docs/security/vulnerabilities_13.html [utf-8] Thu Jan 6 13:20:04 2011
@@ -115,10 +115,12 @@ via a carefully crafted response.
</p>
</dd>
<dd>
- Update Released: 3rd February 2010<br />
+ Reported to security team: 30th December 2009<br />
+ Issue public: 7th December 2010<br />
+ Update released: 3rd February 2010<br />
</dd>
<dd>
- Affects:
+ Affected:
1.3.41, 1.3.39, 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2<p />
</dd>
</dl>
@@ -149,10 +151,12 @@ scripting attack is possible.
Note that the server-status page is not enabled by default and it is best practice to not make this publicly available.</p>
</dd>
<dd>
- Update Released: 19th January 2008<br />
+ Reported to security team: 15th December 2007<br />
+ Issue public: 2nd January 2008<br />
+ Update released: 19th January 2008<br />
</dd>
<dd>
- Affects:
+ Affected:
1.3.39, 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2<p />
</dd>
<dd>
@@ -167,10 +171,12 @@ mod_imap is enabled and an imagemap file
cross-site scripting attack is possible.</p>
</dd>
<dd>
- Update Released: 19th January 2008<br />
+ Reported to security team: 23rd October 2007<br />
+ Issue public: 11th December 2007<br />
+ Update released: 19th January 2008<br />
</dd>
<dd>
- Affects:
+ Affected:
1.3.39, 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
</dd>
</dl>
@@ -203,10 +209,12 @@ page is not enabled by default and it is
this publicly available.</p>
</dd>
<dd>
- Update Released: 7th September 2007<br />
+ Reported to security team: 19th October 2006<br />
+ Issue public: 20th June 2007<br />
+ Update released: 7th September 2007<br />
</dd>
<dd>
- Affects:
+ Affected:
1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2<p />
</dd>
<dd>
@@ -222,10 +230,12 @@ manipulate the scoreboard and cause arbi
terminated which could lead to a denial of service.</p>
</dd>
<dd>
- Update Released: 7th September 2007<br />
+ Reported to security team: 15th May 2006<br />
+ Issue public: 19th June 2007<br />
+ Update released: 7th September 2007<br />
</dd>
<dd>
- Affects:
+ Affected:
1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
</dd>
</dl>
@@ -260,10 +270,12 @@ processes) or potentially allow arbitrar
</p>
</dd>
<dd>
- Update Released: 27th July 2006<br />
+ Reported to security team: 21st July 2006<br />
+ Issue public: 27th July 2006<br />
+ Update released: 27th July 2006<br />
</dd>
<dd>
- Affects:
+ Affected:
1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28<p />
</dd>
</dl>
@@ -298,10 +310,11 @@ the server times out a connection.
</p>
</dd>
<dd>
- Update Released: 1st May 2006<br />
+ Issue public: 8th May 2006<br />
+ Update released: 1st May 2006<br />
</dd>
<dd>
- Affects:
+ Affected:
1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3<p />
</dd>
<dd>
@@ -318,10 +331,12 @@ URL using certain web browsers.
</p>
</dd>
<dd>
- Update Released: 1st May 2006<br />
+ Reported to security team: 1st November 2005<br />
+ Issue public: 12th December 2005<br />
+ Update released: 1st May 2006<br />
</dd>
<dd>
- Affects:
+ Affected:
1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
</dd>
</dl>
@@ -352,10 +367,11 @@ the privileges of a httpd child.
</p>
</dd>
<dd>
- Update Released: 28th October 2004<br />
+ Issue public: 21st October 2004<br />
+ Update released: 28th October 2004<br />
</dd>
<dd>
- Affects:
+ Affected:
1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
</dd>
</dl>
@@ -391,10 +407,12 @@ lead to remote arbitrary code execution
</p>
</dd>
<dd>
- Update Released: 20th October 2004<br />
+ Reported to security team: 8th June 2003<br />
+ Issue public: 10th June 2003<br />
+ Update released: 20th October 2004<br />
</dd>
<dd>
- Affects:
+ Affected:
1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26<p />
</dd>
</dl>
@@ -429,10 +447,12 @@ is known to not affect FreeBSD or Linux.
</p>
</dd>
<dd>
- Update Released: 12th May 2004<br />
+ Reported to security team: 25th February 2004<br />
+ Issue public: 18th March 2004<br />
+ Update released: 12th May 2004<br />
</dd>
<dd>
- Affects:
+ Affected:
1.3.29, 1.3.28?, 1.3.27?, 1.3.26?, 1.3.24?, 1.3.22?, 1.3.20?, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p />
</dd>
<dd>
@@ -448,10 +468,11 @@ to fail to match.
</p>
</dd>
<dd>
- Update Released: 12th May 2004<br />
+ Issue public: 15th October 2003<br />
+ Update released: 12th May 2004<br />
</dd>
<dd>
- Affects:
+ Affected:
1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
</dd>
<dd>
@@ -468,10 +489,11 @@ sequences.
</p>
</dd>
<dd>
- Update Released: 12th May 2004<br />
+ Issue public: 24th February 2003<br />
+ Update released: 12th May 2004<br />
</dd>
<dd>
- Affects:
+ Affected:
1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
</dd>
<dd>
@@ -493,10 +515,11 @@ mod_auth_digest.
</p>
</dd>
<dd>
- Update Released: 12th May 2004<br />
+ Issue public: 18th December 2003<br />
+ Update released: 12th May 2004<br />
</dd>
<dd>
- Affects:
+ Affected:
1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
</dd>
</dl>
@@ -528,10 +551,12 @@ file (.htaccess or httpd.conf)
</p>
</dd>
<dd>
- Update Released: 27th October 2003<br />
+ Reported to security team: 4th August 2003<br />
+ Issue public: 27th October 2003<br />
+ Update released: 27th October 2003<br />
</dd>
<dd>
- Affects:
+ Affected:
1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
</dd>
</dl>
@@ -560,10 +585,12 @@ and exit if it received special control
</p>
</dd>
<dd>
- Update Released: 18th July 2003<br />
+ Reported to security team: 4th July 2003<br />
+ Issue public: 18th July 2003<br />
+ Update released: 18th July 2003<br />
</dd>
<dd>
- Affects:
+ Affected:
1.3.27, 1.3.26?, 1.3.24?, 1.3.22?, 1.3.20?, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p />
</dd>
</dl>
@@ -592,10 +619,12 @@ ab is run against a malicious server
</p>
</dd>
<dd>
- Update Released: 3rd October 2002<br />
+ Reported to security team: 23rd September 2002<br />
+ Issue public: 3rd October 2002<br />
+ Update released: 3rd October 2002<br />
</dd>
<dd>
- Affects:
+ Affected:
1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
</dd>
<dd>
@@ -611,10 +640,12 @@ denial of service attack.
</p>
</dd>
<dd>
- Update Released: 3rd October 2002<br />
+ Reported to security team: 11th November 2001<br />
+ Issue public: 3rd October 2002<br />
+ Update released: 3rd October 2002<br />
</dd>
<dd>
- Affects:
+ Affected:
1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
</dd>
<dd>
@@ -630,10 +661,12 @@ allows remote attackers to execute scrip
via the Host: header.</p>
</dd>
<dd>
- Update Released: 3rd October 2002<br />
+ Reported to security team: 20th September 2002<br />
+ Issue public: 2nd October 2002<br />
+ Update released: 3rd October 2002<br />
</dd>
<dd>
- Affects:
+ Affected:
1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
</dd>
</dl>
@@ -663,10 +696,12 @@ system resources through to denial of se
cases the ability to be remotely exploited.</p>
</dd>
<dd>
- Update Released: 18th June 2002<br />
+ Reported to security team: 27th May 2002<br />
+ Issue public: 17th June 2002<br />
+ Update released: 18th June 2002<br />
</dd>
<dd>
- Affects:
+ Affected:
1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
</dd>
<dd>
@@ -683,10 +718,11 @@ to escape sequences,
</p>
</dd>
<dd>
- Update Released: 18th June 2002<br />
+ Issue public: 24th February 2003<br />
+ Update released: 18th June 2002<br />
</dd>
<dd>
- Affects:
+ Affected:
1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
</dd>
</dl>
@@ -715,10 +751,10 @@ attackers to execute arbitrary commands
to batch file CGI scripts.</p>
</dd>
<dd>
- Update Released: 22nd March 2002<br />
+ Update released: 22nd March 2002<br />
</dd>
<dd>
- Affects:
+ Affected:
1.3.22, 1.3.20?, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p />
</dd>
</dl>
@@ -748,10 +784,12 @@ could cause a directory listing to be re
the default index page. </p>
</dd>
<dd>
- Update Released: 12th October 2001<br />
+ Reported to security team: 18th September 2001<br />
+ Issue public: 28th September 2001<br />
+ Update released: 12th October 2001<br />
</dd>
<dd>
- Affects:
+ Affected:
1.3.20<p />
</dd>
<dd>
@@ -767,10 +805,11 @@ the default index page. </p>
return a directory listing rather than the expected index page.</p>
</dd>
<dd>
- Update Released: 12th October 2001<br />
+ Issue public: 9th July 2001<br />
+ Update released: 12th October 2001<br />
</dd>
<dd>
- Affects:
+ Affected:
1.3.20, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p />
</dd>
<dd>
@@ -785,10 +824,11 @@ the default index page. </p>
the system to be written to. </p>
</dd>
<dd>
- Update Released: 12th October 2001<br />
+ Issue public: 28th September 2001<br />
+ Update released: 12th October 2001<br />
</dd>
<dd>
- Affects:
+ Affected:
1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
</dd>
</dl>
@@ -820,10 +860,10 @@ the default index page. </p>
other than introducing a possible denial of service. </p>
</dd>
<dd>
- Update Released: 22nd May 2001<br />
+ Update released: 22nd May 2001<br />
</dd>
<dd>
- Affects:
+ Affected:
1.3.20, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p />
</dd>
</dl>
@@ -853,10 +893,10 @@ the default index page. </p>
very long path was created artificially by using many slashes. </p>
</dd>
<dd>
- Update Released: 28th February 2001<br />
+ Update released: 28th February 2001<br />
</dd>
<dd>
- Affects:
+ Affected:
1.3.17, 1.3.14, 1.3.12, 1.3.11<p />
</dd>
</dl>
@@ -888,10 +928,11 @@ the default index page. </p>
then an attacker will be able to access any file on the server.</p>
</dd>
<dd>
- Update Released: 13th October 2000<br />
+ Issue public: 29th September 2000<br />
+ Update released: 13th October 2000<br />
</dd>
<dd>
- Affects:
+ Affected:
1.3.12, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p />
</dd>
<dd>
@@ -907,10 +948,10 @@ the default index page. </p>
cgi-bin directory under a document root.</p>
</dd>
<dd>
- Update Released: 13th October 2000<br />
+ Update released: 13th October 2000<br />
</dd>
<dd>
- Affects:
+ Affected:
1.3.12, 1.3.11, 1.3.9<p />
</dd>
<dd>
@@ -925,10 +966,10 @@ the default index page. </p>
constructed request.</p>
</dd>
<dd>
- Update Released: 13th October 2000<br />
+ Update released: 13th October 2000<br />
</dd>
<dd>
- Affects:
+ Affected:
1.3.12, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p />
</dd>
</dl>
@@ -962,10 +1003,10 @@ the default index page. </p>
you to other sites.</p>
</dd>
<dd>
- Update Released: 25th February 2000<br />
+ Update released: 25th February 2000<br />
</dd>
<dd>
- Affects:
+ Affected:
1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
</dd>
</dl>
@@ -999,10 +1040,10 @@ the new <samp>mod_vhost_alias</samp> mod
</p>
</dd>
<dd>
- Update Released: 21st January 2000<br />
+ Update released: 21st January 2000<br />
</dd>
<dd>
- Affects:
+ Affected:
1.3.9, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p />
</dd>
</dl>
@@ -1031,10 +1072,10 @@ against people trying to access special
"nul"). </p>
</dd>
<dd>
- Update Released: 11th January 1999<br />
+ Update released: 11th January 1999<br />
</dd>
<dd>
- Affects:
+ Affected:
1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
</dd>
</dl>
@@ -1068,10 +1109,10 @@ method more effective than methods which
a constant rate, since the attacker has to send less data.</p>
</dd>
<dd>
- Update Released: 23rd September 1998<br />
+ Update released: 23rd September 1998<br />
</dd>
<dd>
- Affects:
+ Affected:
1.3.1, 1.3.0<p />
</dd>
<dd>
@@ -1088,10 +1129,10 @@ limit the size of requests (these direct
</p>
</dd>
<dd>
- Update Released: 23rd September 1998<br />
+ Update released: 23rd September 1998<br />
</dd>
<dd>
- Affects:
+ Affected:
1.3.1, 1.3.0<p />
</dd>
</dl>
Modified: httpd/site/trunk/docs/security/vulnerabilities_20.html
URL: http://svn.apache.org/viewvc/httpd/site/trunk/docs/security/vulnerabilities_20.html?rev=1055863&r1=1055862&r2=1055863&view=diff
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities_20.html [utf-8] (original)
+++ httpd/site/trunk/docs/security/vulnerabilities_20.html [utf-8] Thu Jan 6 13:20:04 2011
@@ -122,10 +122,12 @@ proposing a patch fix for this issue.
</p>
</dd>
<dd>
- Update Released: 19th October 2010<br />
+ Reported to security team: 9th February 2010<br />
+ Issue public: 2nd March 2010<br />
+ Update released: 19th October 2010<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37<p />
</dd>
<dd>
@@ -143,10 +145,12 @@ be a denial of service if using the work
</p>
</dd>
<dd>
- Update Released: 19th October 2010<br />
+ Reported to security team: 21st August 2009<br />
+ Issue public: 17th January 2009<br />
+ Update released: 19th October 2010<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
</dd>
<dd>
@@ -164,10 +168,11 @@ be a denial of service if using the work
</p>
</dd>
<dd>
- Update Released: 19th October 2010<br />
+ Issue public: 2nd December 2009<br />
+ Update released: 19th October 2010<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
</dd>
<dd>
@@ -185,10 +190,12 @@ service.
</p>
</dd>
<dd>
- Update Released: 19th October 2010<br />
+ Reported to security team: 3rd March 2010<br />
+ Issue public: 1st October 2010<br />
+ Update released: 19th October 2010<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
</dd>
<dd>
@@ -211,10 +218,12 @@ This issue was reported by Mark Drayton.
</p>
</dd>
<dd>
- Update Released: 19th October 2010<br />
+ Reported to security team: 4th May 2010<br />
+ Issue public: 25th July 2010<br />
+ Update released: 19th October 2010<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
</dd>
<dd>
@@ -233,10 +242,12 @@ in a vulnerable way.
</p>
</dd>
<dd>
- Update Released: 19th October 2010<br />
+ Reported to security team: 27th July 2009<br />
+ Issue public: 4th August 2009<br />
+ Update released: 19th October 2010<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
</dd>
<dd>
@@ -254,10 +265,11 @@ to consume large amounts of CPU if mod_d
file.</p>
</dd>
<dd>
- Update Released: 19th October 2010<br />
+ Issue public: 26th June 2009<br />
+ Update released: 19th October 2010<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
</dd>
<dd>
@@ -275,10 +287,12 @@ to the FTP server.
</p>
</dd>
<dd>
- Update Released: 19th October 2010<br />
+ Reported to security team: 3rd September 2009<br />
+ Issue public: 3rd August 2009<br />
+ Update released: 19th October 2010<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
</dd>
<dd>
@@ -296,10 +310,12 @@ service.
</p>
</dd>
<dd>
- Update Released: 19th October 2010<br />
+ Reported to security team: 4th September 2009<br />
+ Issue public: 2nd August 2009<br />
+ Update released: 19th October 2010<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
</dd>
<dd>
@@ -328,10 +344,11 @@ fix for this issue.
</p>
</dd>
<dd>
- Update Released: 19th October 2010<br />
+ Issue public: 9th December 2009<br />
+ Update released: 19th October 2010<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
</dd>
<dd>
@@ -347,10 +364,12 @@ FTP-over-HTTP, requests containing globb
to cross-site scripting (XSS) attacks.</p>
</dd>
<dd>
- Update Released: 19th October 2010<br />
+ Reported to security team: 28th July 2008<br />
+ Issue public: 5th August 2008<br />
+ Update released: 19th October 2010<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
</dd>
<dd>
@@ -365,10 +384,12 @@ from an origin server when using mod_pro
could cause a denial of service or high memory usage.</p>
</dd>
<dd>
- Update Released: 19th October 2010<br />
+ Reported to security team: 29th May 2008<br />
+ Issue public: 10th June 2008<br />
+ Update released: 19th October 2010<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
</dd>
</dl>
@@ -401,10 +422,12 @@ RFC 2616.
</p>
</dd>
<dd>
- Update Released: 19th January 2008<br />
+ Reported to security team: 15th December 2007<br />
+ Issue public: 8th January 2008<br />
+ Update released: 19th January 2008<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
</dd>
<dd>
@@ -420,10 +443,12 @@ scripting attack is possible.
Note that the server-status page is not enabled by default and it is best practice to not make this publicly available.</p>
</dd>
<dd>
- Update Released: 19th January 2008<br />
+ Reported to security team: 15th December 2007<br />
+ Issue public: 2nd January 2008<br />
+ Update released: 19th January 2008<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
</dd>
<dd>
@@ -438,10 +463,12 @@ mod_imap is enabled and an imagemap file
cross-site scripting attack is possible.</p>
</dd>
<dd>
- Update Released: 19th January 2008<br />
+ Reported to security team: 23rd October 2007<br />
+ Issue public: 11th December 2007<br />
+ Update released: 19th January 2008<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
</dd>
</dl>
@@ -475,10 +502,11 @@ malicious site using the proxy. This cou
using a threaded Multi-Processing Module.</p>
</dd>
<dd>
- Update Released: 7th September 2007<br />
+ Issue public: 10th December 2006<br />
+ Update released: 7th September 2007<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
</dd>
<dd>
@@ -496,10 +524,12 @@ page is not enabled by default and it is
this publicly available.</p>
</dd>
<dd>
- Update Released: 7th September 2007<br />
+ Reported to security team: 19th October 2006<br />
+ Issue public: 20th June 2007<br />
+ Update released: 7th September 2007<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
</dd>
<dd>
@@ -515,10 +545,12 @@ manipulate the scoreboard and cause arbi
terminated which could lead to a denial of service.</p>
</dd>
<dd>
- Update Released: 7th September 2007<br />
+ Reported to security team: 15th May 2006<br />
+ Issue public: 19th June 2007<br />
+ Update released: 7th September 2007<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
</dd>
<dd>
@@ -534,10 +566,12 @@ crash. This could lead to a denial of se
Multi-Processing Module.</p>
</dd>
<dd>
- Update Released: 7th September 2007<br />
+ Reported to security team: 2nd May 2007<br />
+ Issue public: 18th June 2007<br />
+ Update released: 7th September 2007<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37<p />
</dd>
</dl>
@@ -572,10 +606,12 @@ processes) or potentially allow arbitrar
</p>
</dd>
<dd>
- Update Released: 27th July 2006<br />
+ Reported to security team: 21st July 2006<br />
+ Issue public: 27th July 2006<br />
+ Update released: 27th July 2006<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46<p />
</dd>
</dl>
@@ -608,10 +644,12 @@ crash would only be a denial of service
</p>
</dd>
<dd>
- Update Released: 1st May 2006<br />
+ Reported to security team: 5th December 2005<br />
+ Issue public: 12th December 2005<br />
+ Update released: 1st May 2006<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
</dd>
<dd>
@@ -628,10 +666,12 @@ URL using certain web browsers.
</p>
</dd>
<dd>
- Update Released: 1st May 2006<br />
+ Reported to security team: 1st November 2005<br />
+ Issue public: 12th December 2005<br />
+ Update released: 1st May 2006<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
</dd>
</dl>
@@ -665,10 +705,11 @@ be protected, by not supplying a client
</p>
</dd>
<dd>
- Update Released: 14th October 2005<br />
+ Issue public: 30th August 2005<br />
+ Update released: 14th October 2005<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
</dd>
<dd>
@@ -687,10 +728,10 @@ be difficult.
</p>
</dd>
<dd>
- Update Released: 14th October 2005<br />
+ Update released: 14th October 2005<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36<p />
</dd>
<dd>
@@ -708,10 +749,11 @@ of a httpd child.
</p>
</dd>
<dd>
- Update Released: 14th October 2005<br />
+ Issue public: 1st August 2005<br />
+ Update released: 14th October 2005<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
</dd>
<dd>
@@ -728,10 +770,11 @@ revocation list (CRL)
</p>
</dd>
<dd>
- Update Released: 14th October 2005<br />
+ Issue public: 8th June 2005<br />
+ Update released: 14th October 2005<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
</dd>
<dd>
@@ -749,10 +792,11 @@ potentially leading to a Denial of Servi
</p>
</dd>
<dd>
- Update Released: 14th October 2005<br />
+ Issue public: 7th July 2005<br />
+ Update released: 14th October 2005<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
</dd>
<dd>
@@ -772,10 +816,11 @@ lead to cross-site scripting (XSS) attac
</p>
</dd>
<dd>
- Update Released: 14th October 2005<br />
+ Issue public: 11th June 2005<br />
+ Update released: 14th October 2005<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
</dd>
</dl>
@@ -808,10 +853,12 @@ a denial of service.
</p>
</dd>
<dd>
- Update Released: 8th February 2005<br />
+ Reported to security team: 28th October 2004<br />
+ Issue public: 1st November 2004<br />
+ Update released: 8th February 2005<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
</dd>
<dd>
@@ -827,10 +874,12 @@ and Basic Authentication passwords on di
</p>
</dd>
<dd>
- Update Released: 8th February 2005<br />
+ Reported to security team: 2nd March 2004<br />
+ Issue public: 20th March 2004<br />
+ Update released: 8th February 2005<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
</dd>
<dd>
@@ -848,10 +897,11 @@ any cipher suite allowed by the virtual
</p>
</dd>
<dd>
- Update Released: 8th February 2005<br />
+ Issue public: 1st October 2004<br />
+ Update released: 8th February 2005<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
</dd>
</dl>
@@ -882,10 +932,11 @@ resources despite any configured authent
</p>
</dd>
<dd>
- Update Released: 28th September 2004<br />
+ Issue public: 18th September 2004<br />
+ Update released: 28th September 2004<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.51<p />
</dd>
</dl>
@@ -919,10 +970,12 @@ is believed this flaw may be able to lea
</p>
</dd>
<dd>
- Update Released: 15th September 2004<br />
+ Reported to security team: 25th August 2004<br />
+ Issue public: 15th September 2004<br />
+ Update released: 15th September 2004<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
</dd>
<dd>
@@ -939,10 +992,11 @@ enter an infinite loop, consuming CPU re
</p>
</dd>
<dd>
- Update Released: 15th September 2004<br />
+ Issue public: 7th July 2004<br />
+ Update released: 15th September 2004<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.50, 2.0.49?, 2.0.48?, 2.0.47?, 2.0.46?, 2.0.45?, 2.0.44?, 2.0.43?, 2.0.42?, 2.0.40?, 2.0.39?, 2.0.37?, 2.0.36?, 2.0.35?<p />
</dd>
<dd>
@@ -966,10 +1020,12 @@ this issue.
</p>
</dd>
<dd>
- Update Released: 15th September 2004<br />
+ Reported to security team: 5th August 2004<br />
+ Issue public: 15th September 2004<br />
+ Update released: 15th September 2004<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
</dd>
<dd>
@@ -989,10 +1045,11 @@ of service where a threaded process mode
</p>
</dd>
<dd>
- Update Released: 15th September 2004<br />
+ Issue public: 7th July 2004<br />
+ Update released: 15th September 2004<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44<p />
</dd>
<dd>
@@ -1012,10 +1069,11 @@ threaded process model is in use.
</p>
</dd>
<dd>
- Update Released: 15th September 2004<br />
+ Issue public: 12th September 2004<br />
+ Update released: 15th September 2004<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
</dd>
</dl>
@@ -1046,10 +1104,12 @@ consumption.
</p>
</dd>
<dd>
- Update Released: 1st July 2004<br />
+ Reported to security team: 13th June 2004<br />
+ Issue public: 1st July 2004<br />
+ Update released: 1st July 2004<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.49, 2.0.48?, 2.0.47?, 2.0.46?, 2.0.45?, 2.0.44?, 2.0.43?, 2.0.42?, 2.0.40?, 2.0.39?, 2.0.37?, 2.0.36?, 2.0.35?<p />
</dd>
<dd>
@@ -1065,10 +1125,11 @@ field which exceeds 6K in length.
</p>
</dd>
<dd>
- Update Released: 1st July 2004<br />
+ Issue public: 17th May 2004<br />
+ Update released: 1st July 2004<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
</dd>
</dl>
@@ -1103,10 +1164,12 @@ is known to not affect FreeBSD or Linux.
</p>
</dd>
<dd>
- Update Released: 19th March 2004<br />
+ Reported to security team: 25th February 2004<br />
+ Issue public: 18th March 2004<br />
+ Update released: 19th March 2004<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
</dd>
<dd>
@@ -1122,10 +1185,11 @@ SSL port.
</p>
</dd>
<dd>
- Update Released: 19th March 2004<br />
+ Issue public: 20th February 2004<br />
+ Update released: 19th March 2004<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
</dd>
<dd>
@@ -1142,10 +1206,11 @@ sequences.
</p>
</dd>
<dd>
- Update Released: 19th March 2004<br />
+ Issue public: 24th February 2003<br />
+ Update released: 19th March 2004<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
</dd>
</dl>
@@ -1177,10 +1242,12 @@ file (.htaccess or httpd.conf)
</p>
</dd>
<dd>
- Update Released: 27th October 2003<br />
+ Reported to security team: 4th August 2003<br />
+ Issue public: 27th October 2003<br />
+ Update released: 27th October 2003<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
</dd>
<dd>
@@ -1196,10 +1263,12 @@ is used.
</p>
</dd>
<dd>
- Update Released: 27th October 2003<br />
+ Reported to security team: 3rd October 2003<br />
+ Issue public: 27th October 2003<br />
+ Update released: 27th October 2003<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
</dd>
</dl>
@@ -1230,10 +1299,12 @@ service, due to a bug in the prefork MPM
</p>
</dd>
<dd>
- Update Released: 9th July 2003<br />
+ Reported to security team: 25th June 2003<br />
+ Issue public: 9th July 2003<br />
+ Update released: 9th July 2003<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
</dd>
<dd>
@@ -1251,10 +1322,12 @@ and a change to the cipher suite over th
</p>
</dd>
<dd>
- Update Released: 9th July 2003<br />
+ Reported to security team: 30th April 2003<br />
+ Issue public: 9th July 2003<br />
+ Update released: 9th July 2003<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
</dd>
<dd>
@@ -1270,10 +1343,12 @@ an infinite loop occurs causing a remote
</p>
</dd>
<dd>
- Update Released: 9th July 2003<br />
+ Reported to security team: 25th June 2003<br />
+ Issue public: 9th July 2003<br />
+ Update released: 9th July 2003<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
</dd>
</dl>
@@ -1306,10 +1381,12 @@ mod_dav, and possibly other vectors.
</p>
</dd>
<dd>
- Update Released: 28th May 2003<br />
+ Reported to security team: 9th April 2003<br />
+ Issue public: 28th May 2003<br />
+ Update released: 28th May 2003<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37<p />
</dd>
<dd>
@@ -1325,10 +1402,12 @@ server is used.
</p>
</dd>
<dd>
- Update Released: 28th May 2003<br />
+ Reported to security team: 25th April 2003<br />
+ Issue public: 28th May 2003<br />
+ Update released: 28th May 2003<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40<p />
</dd>
<dd>
@@ -1344,10 +1423,11 @@ device names.
</p>
</dd>
<dd>
- Update Released: 28th May 2003<br />
+ Issue public: 31st March 2003<br />
+ Update released: 28th May 2003<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.45, 2.0.44?, 2.0.43?, 2.0.42?, 2.0.40?, 2.0.39?, 2.0.37?, 2.0.36?, 2.0.35?<p />
</dd>
<dd>
@@ -1364,10 +1444,11 @@ to escape sequences.
</p>
</dd>
<dd>
- Update Released: 2nd April 2004<br />
+ Issue public: 24th February 2003<br />
+ Update released: 2nd April 2004<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
</dd>
</dl>
@@ -1399,10 +1480,11 @@ causes Apache to allocate 80 bytes for e
</p>
</dd>
<dd>
- Update Released: 2nd April 2004<br />
+ Issue public: 2nd April 2004<br />
+ Update released: 2nd April 2004<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
</dd>
</dl>
@@ -1432,10 +1514,12 @@ could lead to denial of service attacks
</p>
</dd>
<dd>
- Update Released: 20th January 2003<br />
+ Reported to security team: 4th December 2002<br />
+ Issue public: 20th January 2003<br />
+ Update released: 20th January 2003<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.43, 2.0.42?, 2.0.40?, 2.0.39?, 2.0.37?, 2.0.36?, 2.0.35?<p />
</dd>
<dd>
@@ -1450,10 +1534,12 @@ by appending illegal characters such as
</p>
</dd>
<dd>
- Update Released: 20th January 2003<br />
+ Reported to security team: 15th November 2002<br />
+ Issue public: 20th January 2003<br />
+ Update released: 20th January 2003<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.43, 2.0.42?, 2.0.40?, 2.0.39?, 2.0.37?, 2.0.36?, 2.0.35?<p />
</dd>
</dl>
@@ -1484,10 +1570,12 @@ allows remote attackers to execute scrip
via the Host: header.</p>
</dd>
<dd>
- Update Released: 3rd October 2002<br />
+ Reported to security team: 20th September 2002<br />
+ Issue public: 2nd October 2002<br />
+ Update released: 3rd October 2002<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
</dd>
<dd>
@@ -1501,10 +1589,10 @@ enabled, a POST request to a CGI script
a remote user. </p>
</dd>
<dd>
- Update Released: 3rd October 2002<br />
+ Update released: 3rd October 2002<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.42<p />
</dd>
</dl>
@@ -1536,10 +1624,11 @@ in a denial of service where a threaded
</p>
</dd>
<dd>
- Update Released: 24th September 2002<br />
+ Issue public: 19th September 2002<br />
+ Update released: 24th September 2002<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
</dd>
</dl>
@@ -1569,10 +1658,12 @@ configuration. Affects Windows, OS2, Ne
only.</p>
</dd>
<dd>
- Update Released: 9th August 2002<br />
+ Reported to security team: 7th August 2002<br />
+ Issue public: 9th August 2002<br />
+ Update released: 9th August 2002<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
</dd>
<dd>
@@ -1591,10 +1682,12 @@ child process /path-to-script/script.pl"
of the script.</p>
</dd>
<dd>
- Update Released: 9th August 2002<br />
+ Reported to security team: 5th July 2002<br />
+ Issue public: 9th August 2002<br />
+ Update released: 9th August 2002<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.39, 2.0.37?, 2.0.36?, 2.0.35?<p />
</dd>
</dl>
@@ -1624,10 +1717,12 @@ system resources through to denial of se
cases the ability to execute arbitrary remote code.</p>
</dd>
<dd>
- Update Released: 18th June 2002<br />
+ Reported to security team: 27th May 2002<br />
+ Issue public: 17th June 2002<br />
+ Update released: 18th June 2002<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.36, 2.0.35<p />
</dd>
</dl>
@@ -1658,10 +1753,11 @@ path to a CGI script for example, a mino
</p>
</dd>
<dd>
- Update Released: 8th May 2002<br />
+ Issue public: 22nd April 2002<br />
+ Update released: 8th May 2002<br />
</dd>
<dd>
- Affects:
+ Affected:
2.0.35<p />
</dd>
</dl>
Modified: httpd/site/trunk/docs/security/vulnerabilities_22.html
URL: http://svn.apache.org/viewvc/httpd/site/trunk/docs/security/vulnerabilities_22.html?rev=1055863&r1=1055862&r2=1055863&view=diff
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities_22.html [utf-8] (original)
+++ httpd/site/trunk/docs/security/vulnerabilities_22.html [utf-8] Thu Jan 6 13:20:04 2011
@@ -115,10 +115,12 @@ be a denial of service if using the work
</p>
</dd>
<dd>
- Update Released: 19th October 2010<br />
+ Reported to security team: 21st August 2009<br />
+ Issue public: 17th January 2009<br />
+ Update released: 19th October 2010<br />
</dd>
<dd>
- Affects:
+ Affected:
2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
</dd>
<dd>
@@ -136,10 +138,11 @@ be a denial of service if using the work
</p>
</dd>
<dd>
- Update Released: 19th October 2010<br />
+ Issue public: 2nd December 2009<br />
+ Update released: 19th October 2010<br />
</dd>
<dd>
- Affects:
+ Affected:
2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
</dd>
<dd>
@@ -157,10 +160,12 @@ service.
</p>
</dd>
<dd>
- Update Released: 19th October 2010<br />
+ Reported to security team: 3rd March 2010<br />
+ Issue public: 1st October 2010<br />
+ Update released: 19th October 2010<br />
</dd>
<dd>
- Affects:
+ Affected:
2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
</dd>
</dl>
@@ -216,10 +221,11 @@ reporting of this issue.
</p>
</dd>
<dd>
- Update Released: 25th July 2010<br />
+ Issue public: 9th June 2010<br />
+ Update released: 25th July 2010<br />
</dd>
<dd>
- Affects:
+ Affected:
2.3.5-alpha, 2.3.4-alpha, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9<p />
</dd>
<dd>
@@ -245,10 +251,12 @@ This issue was reported by Mark Drayton.
</p>
</dd>
<dd>
- Update Released: 25th July 2010<br />
+ Reported to security team: 4th May 2010<br />
+ Issue public: 25th July 2010<br />
+ Update released: 25th July 2010<br />
</dd>
<dd>
- Affects:
+ Affected:
2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
</dd>
</dl>
@@ -288,10 +296,12 @@ proposing a patch fix for this issue.
</p>
</dd>
<dd>
- Update Released: 5th March 2010<br />
+ Reported to security team: 9th February 2010<br />
+ Issue public: 2nd March 2010<br />
+ Update released: 5th March 2010<br />
</dd>
<dd>
- Affects:
+ Affected:
2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
</dd>
<dd>
@@ -320,10 +330,11 @@ fix for this issue.
</p>
</dd>
<dd>
- Update Released: 5th March 2010<br />
+ Issue public: 9th December 2009<br />
+ Update released: 5th March 2010<br />
</dd>
<dd>
- Affects:
+ Affected:
2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
</dd>
<dd>
@@ -346,10 +357,12 @@ proposing a patch fix for this issue.
</p>
</dd>
<dd>
- Update Released: 5th March 2010<br />
+ Reported to security team: 2nd February 2010<br />
+ Issue public: 2nd March 2010<br />
+ Update released: 5th March 2010<br />
</dd>
<dd>
- Affects:
+ Affected:
2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
</dd>
</dl>
@@ -382,10 +395,12 @@ service.
</p>
</dd>
<dd>
- Update Released: 5th October 2009<br />
+ Reported to security team: 4th September 2009<br />
+ Issue public: 2nd August 2009<br />
+ Update released: 5th October 2009<br />
</dd>
<dd>
- Affects:
+ Affected:
2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
</dd>
<dd>
@@ -403,10 +418,12 @@ to the FTP server.
</p>
</dd>
<dd>
- Update Released: 5th October 2009<br />
+ Reported to security team: 3rd September 2009<br />
+ Issue public: 3rd August 2009<br />
+ Update released: 5th October 2009<br />
</dd>
<dd>
- Affects:
+ Affected:
2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
</dd>
<dd>
@@ -422,10 +439,12 @@ event MPMs, resulting in a denial of ser
</p>
</dd>
<dd>
- Update Released: 5th October 2009<br />
+ Reported to security team: 5th August 2009<br />
+ Issue public: 23rd September 2009<br />
+ Update released: 5th October 2009<br />
</dd>
<dd>
- Affects:
+ Affected:
2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
</dd>
</dl>
@@ -459,10 +478,12 @@ in a vulnerable way.
</p>
</dd>
<dd>
- Update Released: 9th August 2009<br />
+ Reported to security team: 27th July 2009<br />
+ Issue public: 4th August 2009<br />
+ Update released: 9th August 2009<br />
</dd>
<dd>
- Affects:
+ Affected:
2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
</dd>
</dl>
@@ -493,10 +514,12 @@ force a proxy process to consume large a
</p>
</dd>
<dd>
- Update Released: 27th July 2009<br />
+ Reported to security team: 30th June 2009<br />
+ Issue public: 2nd July 2009<br />
+ Update released: 27th July 2009<br />
</dd>
<dd>
- Affects:
+ Affected:
2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
</dd>
<dd>
@@ -513,10 +536,12 @@ could return a response intended for ano
</p>
</dd>
<dd>
- Update Released: 27th July 2009<br />
+ Reported to security team: 5th March 2009<br />
+ Issue public: 21st April 2009<br />
+ Update released: 27th July 2009<br />
</dd>
<dd>
- Affects:
+ Affected:
2.2.11<p />
</dd>
<dd>
@@ -534,10 +559,11 @@ to consume large amounts of CPU if mod_d
file.</p>
</dd>
<dd>
- Update Released: 27th July 2009<br />
+ Issue public: 26th June 2009<br />
+ Update released: 27th July 2009<br />
</dd>
<dd>
- Affects:
+ Affected:
2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
</dd>
<dd>
@@ -554,10 +580,12 @@ from executing commands from a Server-Si
</p>
</dd>
<dd>
- Update Released: 27th July 2009<br />
+ Reported to security team: 9th March 2009<br />
+ Issue public: 22nd April 2009<br />
+ Update released: 27th July 2009<br />
</dd>
<dd>
- Affects:
+ Affected:
2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
</dd>
<dd>
@@ -576,10 +604,11 @@ or a denial of service.
</p>
</dd>
<dd>
- Update Released: 72th 2009<br />
+ Issue public: 24th April 2009<br />
+ Update released: 72th 2009<br />
</dd>
<dd>
- Affects:
+ Affected:
2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
</dd>
<dd>
@@ -597,10 +626,11 @@ engine.
</p>
</dd>
<dd>
- Update Released: 27th July 2009<br />
+ Issue public: 1st June 2009<br />
+ Update released: 27th July 2009<br />
</dd>
<dd>
- Affects:
+ Affected:
2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
</dd>
<dd>
@@ -618,10 +648,11 @@ processed by the pattern preparation eng
</p>
</dd>
<dd>
- Update Released: 27th July 2009<br />
+ Issue public: 1st June 2009<br />
+ Update released: 27th July 2009<br />
</dd>
<dd>
- Affects:
+ Affected:
2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
</dd>
</dl>
@@ -656,10 +687,11 @@ globally configure:</p>
<p>SetEnv proxy-nokeepalive 1</p>
</dd>
<dd>
- Update Released: 31st October 2008<br />
+ Issue public: 23rd July 2010<br />
+ Update released: 31st October 2008<br />
</dd>
<dd>
- Affects:
+ Affected:
2.2.9<p />
</dd>
<dd>
@@ -675,10 +707,12 @@ FTP-over-HTTP, requests containing globb
to cross-site scripting (XSS) attacks.</p>
</dd>
<dd>
- Update Released: 31st October 2008<br />
+ Reported to security team: 28th July 2008<br />
+ Issue public: 5th August 2008<br />
+ Update released: 31st October 2008<br />
</dd>
<dd>
- Affects:
+ Affected:
2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
</dd>
</dl>
@@ -708,10 +742,12 @@ vulnerable to cross-site request forgery
</p>
</dd>
<dd>
- Update Released: 14th June 2008<br />
+ Reported to security team: 12th October 2007<br />
+ Issue public: 9th January 2008<br />
+ Update released: 14th June 2008<br />
</dd>
<dd>
- Affects:
+ Affected:
2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
</dd>
<dd>
@@ -726,10 +762,12 @@ from an origin server when using mod_pro
could cause a denial of service or high memory usage.</p>
</dd>
<dd>
- Update Released: 14th June 2008<br />
+ Reported to security team: 29th May 2008<br />
+ Issue public: 10th June 2008<br />
+ Update released: 14th June 2008<br />
</dd>
<dd>
- Affects:
+ Affected:
2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
</dd>
</dl>
@@ -762,10 +800,12 @@ RFC 2616.
</p>
</dd>
<dd>
- Update Released: 19th January 2008<br />
+ Reported to security team: 15th December 2007<br />
+ Issue public: 8th January 2008<br />
+ Update released: 19th January 2008<br />
</dd>
<dd>
- Affects:
+ Affected:
2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
</dd>
<dd>
@@ -782,10 +822,12 @@ request to crash. This could lead to a d
threaded Multi-Processing Module. </p>
</dd>
<dd>
- Update Released: 19th January 2008<br />
+ Reported to security team: 12th December 2007<br />
+ Issue public: 2nd January 2008<br />
+ Update released: 19th January 2008<br />
</dd>
<dd>
- Affects:
+ Affected:
2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
</dd>
<dd>
@@ -800,10 +842,12 @@ mod_proxy_balancer is enabled, a cross-s
authorized user is possible. </p>
</dd>
<dd>
- Update Released: 19th January 2008<br />
+ Reported to security team: 12th December 2007<br />
+ Issue public: 2nd January 2008<br />
+ Update released: 19th January 2008<br />
</dd>
<dd>
- Affects:
+ Affected:
2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
</dd>
<dd>
@@ -819,10 +863,12 @@ scripting attack is possible.
Note that the server-status page is not enabled by default and it is best practice to not make this publicly available.</p>
</dd>
<dd>
- Update Released: 19th January 2008<br />
+ Reported to security team: 15th December 2007<br />
+ Issue public: 2nd January 2008<br />
+ Update released: 19th January 2008<br />
</dd>
<dd>
- Affects:
+ Affected:
2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
</dd>
<dd>
@@ -837,10 +883,12 @@ mod_imagemap is enabled and an imagemap
cross-site scripting attack is possible.</p>
</dd>
<dd>
- Update Released: 19th January 2008<br />
+ Reported to security team: 23rd October 2007<br />
+ Issue public: 11th December 2007<br />
+ Update released: 19th January 2008<br />
</dd>
<dd>
- Affects:
+ Affected:
2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
</dd>
</dl>
@@ -874,10 +922,11 @@ malicious site using the proxy. This cou
using a threaded Multi-Processing Module.</p>
</dd>
<dd>
- Update Released: 7th September 2007<br />
+ Issue public: 10th December 2006<br />
+ Update released: 7th September 2007<br />
</dd>
<dd>
- Affects:
+ Affected:
2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
</dd>
<dd>
@@ -895,10 +944,12 @@ page is not enabled by default and it is
this publicly available.</p>
</dd>
<dd>
- Update Released: 7th September 2007<br />
+ Reported to security team: 19th October 2006<br />
+ Issue public: 20th June 2007<br />
+ Update released: 7th September 2007<br />
</dd>
<dd>
- Affects:
+ Affected:
2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
</dd>
<dd>
@@ -914,10 +965,12 @@ manipulate the scoreboard and cause arbi
terminated which could lead to a denial of service.</p>
</dd>
<dd>
- Update Released: 7th September 2007<br />
+ Reported to security team: 15th May 2006<br />
+ Issue public: 19th June 2007<br />
+ Update released: 7th September 2007<br />
</dd>
<dd>
- Affects:
+ Affected:
2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
</dd>
<dd>
@@ -933,10 +986,12 @@ used by remote attackers to obtain poten
</p>
</dd>
<dd>
- Update Released: 7th September 2007<br />
+ Reported to security team: 26th April 2007<br />
+ Issue public: 1st June 2007<br />
+ Update released: 7th September 2007<br />
</dd>
<dd>
- Affects:
+ Affected:
2.2.4<p />
</dd>
<dd>
@@ -952,10 +1007,12 @@ crash. This could lead to a denial of se
Multi-Processing Module.</p>
</dd>
<dd>
- Update Released: 7th September 2007<br />
+ Reported to security team: 2nd May 2007<br />
+ Issue public: 18th June 2007<br />
+ Update released: 7th September 2007<br />
</dd>
<dd>
- Affects:
+ Affected:
2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
</dd>
</dl>
@@ -990,10 +1047,12 @@ processes) or potentially allow arbitrar
</p>
</dd>
<dd>
- Update Released: 27th July 2006<br />
+ Reported to security team: 21st July 2006<br />
+ Issue public: 27th July 2006<br />
+ Update released: 27th July 2006<br />
</dd>
<dd>
- Affects:
+ Affected:
2.2.2, 2.2.0<p />
</dd>
</dl>
@@ -1026,10 +1085,12 @@ crash would only be a denial of service
</p>
</dd>
<dd>
- Update Released: 1st May 2006<br />
+ Reported to security team: 5th December 2005<br />
+ Issue public: 12th December 2005<br />
+ Update released: 1st May 2006<br />
</dd>
<dd>
- Affects:
+ Affected:
2.2.0<p />
</dd>
<dd>
@@ -1046,10 +1107,12 @@ URL using certain web browsers.
</p>
</dd>
<dd>
- Update Released: 1st May 2006<br />
+ Reported to security team: 1st November 2005<br />
+ Issue public: 12th December 2005<br />
+ Update released: 1st May 2006<br />
</dd>
<dd>
- Affects:
+ Affected:
2.2.0<p />
</dd>
</dl>
Modified: httpd/site/trunk/xdocs/stylesheets/securitydb.xsl
URL: http://svn.apache.org/viewvc/httpd/site/trunk/xdocs/stylesheets/securitydb.xsl?rev=1055863&r1=1055862&r2=1055863&view=diff
==============================================================================
--- httpd/site/trunk/xdocs/stylesheets/securitydb.xsl (original)
+++ httpd/site/trunk/xdocs/stylesheets/securitydb.xsl Thu Jan 6 13:20:04 2011
@@ -69,22 +69,30 @@ Team</a>. </p>
</xsl:if>
<dd>
- <xsl:if test="@released != ''">
- Update Released: <xsl:call-template name="dateformat">
- <xsl:with-param name="date" select="@released"/>
+ <xsl:if test="@reported != ''">
+ <xsl:if test="@public != @reported">
+ Reported to security team: <xsl:call-template name="dateformat">
+ <xsl:with-param name="date" select="@reported"/>
</xsl:call-template><br/>
</xsl:if>
- <!-- <xsl:if test="@public != ''">
- Issue Public: <xsl:call-template name="dateformat">
+ </xsl:if>
+ <xsl:if test="@public != ''">
+ Issue public: <xsl:call-template name="dateformat">
<xsl:with-param name="date" select="@public"/>
</xsl:call-template><br/>
- </xsl:if>-->
+ </xsl:if>
+
+ <xsl:if test="@released != ''">
+ Update released: <xsl:call-template name="dateformat">
+ <xsl:with-param name="date" select="@released"/>
+ </xsl:call-template><br/>
+ </xsl:if>
</dd>
<dd>
<xsl:for-each select="affects|maybeaffects">
<xsl:if test="position() = 1">
- Affects:
+ Affected:
</xsl:if>
<xsl:value-of select="@version"/>
<xsl:if test="name() = 'maybeaffects'">