You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by jo...@apache.org on 2015/07/17 17:01:54 UTC
svn commit: r1691588 -
/httpd/site/trunk/content/security/vulnerabilities-httpd.xml
Author: jorton
Date: Fri Jul 17 15:01:54 2015
New Revision: 1691588
URL: http://svn.apache.org/r1691588
Log:
Credit Ben.
Modified:
httpd/site/trunk/content/security/vulnerabilities-httpd.xml
Modified: httpd/site/trunk/content/security/vulnerabilities-httpd.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/security/vulnerabilities-httpd.xml?rev=1691588&r1=1691587&r2=1691588&view=diff
==============================================================================
--- httpd/site/trunk/content/security/vulnerabilities-httpd.xml (original)
+++ httpd/site/trunk/content/security/vulnerabilities-httpd.xml Fri Jul 17 15:01:54 2015
@@ -80,9 +80,9 @@ This issue was reported by Régis Lero
2.4.x Require lines are used for authorization as well and can
appear in configurations even when no authentication is required and
the request is entirely unrestricted. This could lead to modules
- using this API to allow access when they should otherwise not do so
- (e.g. mod_authz_svn in CVE-2015-3184). API users should use the new
- ap_some_authn_required API added in 2.4.16 instead.
+ using this API to allow access when they should otherwise not do so.
+ API users should use the new ap_some_authn_required API added in
+ 2.4.16 instead.
</p></description>
<affects prod="httpd" version="2.4.12"/>
@@ -97,6 +97,9 @@ This issue was reported by Régis Lero
<affects prod="httpd" version="2.4.2"/>
<affects prod="httpd" version="2.4.1"/>
<affects prod="httpd" version="2.4.0"/>
+<acknowledgements>
+This issue was reported by Ben Reser.
+</acknowledgements>
</issue>
<issue fixed="2.4.12" reported="20141109" public="20141109" released="20150130">