You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by mj...@apache.org on 2006/07/03 12:36:31 UTC

svn commit: r418737 - in /httpd/site/trunk: docs/security/vulnerabilities_22.html xdocs/security/vulnerabilities-httpd.xml xdocs/security/vulnerabilities_22.xml

Author: mjc
Date: Mon Jul  3 03:36:30 2006
New Revision: 418737

URL: http://svn.apache.org/viewvc?rev=418737&view=rev
Log:
Noticed this one was missing from the db earlier whilst updating FC5 audit

Modified:
    httpd/site/trunk/docs/security/vulnerabilities_22.html
    httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
    httpd/site/trunk/xdocs/security/vulnerabilities_22.xml

Modified: httpd/site/trunk/docs/security/vulnerabilities_22.html
URL: http://svn.apache.org/viewvc/httpd/site/trunk/docs/security/vulnerabilities_22.html?rev=418737&r1=418736&r2=418737&view=diff
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities_22.html (original)
+++ httpd/site/trunk/docs/security/vulnerabilities_22.html Mon Jul  3 03:36:30 2006
@@ -87,6 +87,27 @@
   <blockquote>
 <dl>
 <dd>
+<b>low: </b>
+<b>
+<name name="CVE-2005-3357">mod_ssl access control DoS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3357">CVE-2005-3357</a>
+<p>
+A NULL pointer dereference flaw in mod_ssl was discovered affecting server
+configurations where an SSL virtual host is configured with access control
+and a custom 400 error document. A remote attacker could send a carefully
+crafted request to trigger this issue which would lead to a crash. This
+crash would only be a denial of service if using the worker MPM.
+</p>
+</dd>
+<dd>
+  Update Released: 1st May 2006<br />
+</dd>
+<dd>
+      Affects: 
+    2.2.0<p />
+</dd>
+<dd>
 <b>moderate: </b>
 <b>
 <name name="CVE-2005-3352">mod_imap Referer Cross-Site Scripting</name>

Modified: httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml?rev=418737&r1=418736&r2=418737&view=diff
==============================================================================
--- httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml (original)
+++ httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml Mon Jul  3 03:36:30 2006
@@ -1,4 +1,20 @@
-<security updated="20051222">
+<security updated="20060703">
+
+<issue fixed="2.2.2" public="20051212" reported="20051205" released="20060501">
+<cve name="CVE-2005-3357"/>
+<severity level="4">low</severity>
+<title>mod_ssl access control DoS</title>
+<description>
+<p>
+A NULL pointer dereference flaw in mod_ssl was discovered affecting server
+configurations where an SSL virtual host is configured with access control
+and a custom 400 error document. A remote attacker could send a carefully
+crafted request to trigger this issue which would lead to a crash. This
+crash would only be a denial of service if using the worker MPM.
+</p>
+</description>
+<affects prod="httpd" version="2.2.0"/>
+</issue>
 
 <issue fixed="2.0.58" public="20051212" reported="20051205" released="20060501">
 <cve name="CVE-2005-3357"/>

Modified: httpd/site/trunk/xdocs/security/vulnerabilities_22.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/xdocs/security/vulnerabilities_22.xml?rev=418737&r1=418736&r2=418737&view=diff
==============================================================================
--- httpd/site/trunk/xdocs/security/vulnerabilities_22.xml (original)
+++ httpd/site/trunk/xdocs/security/vulnerabilities_22.xml Mon Jul  3 03:36:30 2006
@@ -23,6 +23,27 @@
 <title>Fixed in Apache httpd 2.2.2</title>
 <dl>
 <dd>
+<b>low: </b>
+<b>
+<name name="CVE-2005-3357">mod_ssl access control DoS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3357">CVE-2005-3357</a>
+<p>
+A NULL pointer dereference flaw in mod_ssl was discovered affecting server
+configurations where an SSL virtual host is configured with access control
+and a custom 400 error document. A remote attacker could send a carefully
+crafted request to trigger this issue which would lead to a crash. This
+crash would only be a denial of service if using the worker MPM.
+</p>
+</dd>
+<dd>
+  Update Released: 1st May 2006<br/>
+</dd>
+<dd>
+      Affects: 
+    2.2.0<p/>
+</dd>
+<dd>
 <b>moderate: </b>
 <b>
 <name name="CVE-2005-3352">mod_imap Referer Cross-Site Scripting</name>