You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by mj...@apache.org on 2006/07/03 12:36:31 UTC
svn commit: r418737 - in /httpd/site/trunk:
docs/security/vulnerabilities_22.html
xdocs/security/vulnerabilities-httpd.xml
xdocs/security/vulnerabilities_22.xml
Author: mjc
Date: Mon Jul 3 03:36:30 2006
New Revision: 418737
URL: http://svn.apache.org/viewvc?rev=418737&view=rev
Log:
Noticed this one was missing from the db earlier whilst updating FC5 audit
Modified:
httpd/site/trunk/docs/security/vulnerabilities_22.html
httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
httpd/site/trunk/xdocs/security/vulnerabilities_22.xml
Modified: httpd/site/trunk/docs/security/vulnerabilities_22.html
URL: http://svn.apache.org/viewvc/httpd/site/trunk/docs/security/vulnerabilities_22.html?rev=418737&r1=418736&r2=418737&view=diff
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities_22.html (original)
+++ httpd/site/trunk/docs/security/vulnerabilities_22.html Mon Jul 3 03:36:30 2006
@@ -87,6 +87,27 @@
<blockquote>
<dl>
<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2005-3357">mod_ssl access control DoS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3357">CVE-2005-3357</a>
+<p>
+A NULL pointer dereference flaw in mod_ssl was discovered affecting server
+configurations where an SSL virtual host is configured with access control
+and a custom 400 error document. A remote attacker could send a carefully
+crafted request to trigger this issue which would lead to a crash. This
+crash would only be a denial of service if using the worker MPM.
+</p>
+</dd>
+<dd>
+ Update Released: 1st May 2006<br />
+</dd>
+<dd>
+ Affects:
+ 2.2.0<p />
+</dd>
+<dd>
<b>moderate: </b>
<b>
<name name="CVE-2005-3352">mod_imap Referer Cross-Site Scripting</name>
Modified: httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml?rev=418737&r1=418736&r2=418737&view=diff
==============================================================================
--- httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml (original)
+++ httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml Mon Jul 3 03:36:30 2006
@@ -1,4 +1,20 @@
-<security updated="20051222">
+<security updated="20060703">
+
+<issue fixed="2.2.2" public="20051212" reported="20051205" released="20060501">
+<cve name="CVE-2005-3357"/>
+<severity level="4">low</severity>
+<title>mod_ssl access control DoS</title>
+<description>
+<p>
+A NULL pointer dereference flaw in mod_ssl was discovered affecting server
+configurations where an SSL virtual host is configured with access control
+and a custom 400 error document. A remote attacker could send a carefully
+crafted request to trigger this issue which would lead to a crash. This
+crash would only be a denial of service if using the worker MPM.
+</p>
+</description>
+<affects prod="httpd" version="2.2.0"/>
+</issue>
<issue fixed="2.0.58" public="20051212" reported="20051205" released="20060501">
<cve name="CVE-2005-3357"/>
Modified: httpd/site/trunk/xdocs/security/vulnerabilities_22.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/xdocs/security/vulnerabilities_22.xml?rev=418737&r1=418736&r2=418737&view=diff
==============================================================================
--- httpd/site/trunk/xdocs/security/vulnerabilities_22.xml (original)
+++ httpd/site/trunk/xdocs/security/vulnerabilities_22.xml Mon Jul 3 03:36:30 2006
@@ -23,6 +23,27 @@
<title>Fixed in Apache httpd 2.2.2</title>
<dl>
<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2005-3357">mod_ssl access control DoS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3357">CVE-2005-3357</a>
+<p>
+A NULL pointer dereference flaw in mod_ssl was discovered affecting server
+configurations where an SSL virtual host is configured with access control
+and a custom 400 error document. A remote attacker could send a carefully
+crafted request to trigger this issue which would lead to a crash. This
+crash would only be a denial of service if using the worker MPM.
+</p>
+</dd>
+<dd>
+ Update Released: 1st May 2006<br/>
+</dd>
+<dd>
+ Affects:
+ 2.2.0<p/>
+</dd>
+<dd>
<b>moderate: </b>
<b>
<name name="CVE-2005-3352">mod_imap Referer Cross-Site Scripting</name>