You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by bu...@apache.org on 2021/03/30 10:14:14 UTC
svn commit: r1073139 [6/13] - in /websites/staging/httpd/trunk/content: ./
security/json/
Added: websites/staging/httpd/trunk/content/security/json/CVE-2009-1955.json
==============================================================================
--- websites/staging/httpd/trunk/content/security/json/CVE-2009-1955.json (added)
+++ websites/staging/httpd/trunk/content/security/json/CVE-2009-1955.json Tue Mar 30 10:14:12 2021
@@ -0,0 +1,137 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "generator": {
+ "engine": "xmltojsonmjc 1.0"
+ },
+ "references": {},
+ "timeline": [
+ {
+ "time": "2009-06-06",
+ "lang": "eng",
+ "value": "reported"
+ },
+ {
+ "time": "2009-06-01",
+ "lang": "eng",
+ "value": "public"
+ },
+ {
+ "time": "2009-07-27",
+ "lang": "eng",
+ "value": "2.2.12 released"
+ }
+ ],
+ "CNA_private": {
+ "owner": "httpd"
+ },
+ "CVE_data_meta": {
+ "ASSIGNER": "security@apache.org",
+ "AKA": "",
+ "STATE": "PUBLIC",
+ "DATE_PUBLIC": "2009-06-01",
+ "ID": "CVE-2009-1955",
+ "TITLE": "APR-util XML DoS"
+ },
+ "source": {
+ "defect": [],
+ "advisory": "",
+ "discovery": "UNKNOWN"
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "APR-util XML DoS"
+ }
+ ]
+ }
+ ]
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "A denial of service flaw was found in the bundled copy of the APR-util library Extensible Markup Language (XML) parser. A remote attacker could create a specially-crafted XML document that would cause excessive memory consumption when processed by the XML decoding engine."
+ }
+ ]
+ },
+ "impact": [
+ {
+ "other": "moderate"
+ }
+ ],
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Apache Software Foundation",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Apache HTTP Server",
+ "version": {
+ "version_data": [
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.11"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.10"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.9"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.8"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.6"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.5"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.4"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.3"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.2"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+}
\ No newline at end of file
Added: websites/staging/httpd/trunk/content/security/json/CVE-2009-1956.json
==============================================================================
--- websites/staging/httpd/trunk/content/security/json/CVE-2009-1956.json (added)
+++ websites/staging/httpd/trunk/content/security/json/CVE-2009-1956.json Tue Mar 30 10:14:12 2021
@@ -0,0 +1,137 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "generator": {
+ "engine": "xmltojsonmjc 1.0"
+ },
+ "references": {},
+ "timeline": [
+ {
+ "time": "2009-04-24",
+ "lang": "eng",
+ "value": "reported"
+ },
+ {
+ "time": "2009-04-24",
+ "lang": "eng",
+ "value": "public"
+ },
+ {
+ "time": "2009-07-27",
+ "lang": "eng",
+ "value": "2.2.12 released"
+ }
+ ],
+ "CNA_private": {
+ "owner": "httpd"
+ },
+ "CVE_data_meta": {
+ "ASSIGNER": "security@apache.org",
+ "AKA": "",
+ "STATE": "PUBLIC",
+ "DATE_PUBLIC": "2009-04-24",
+ "ID": "CVE-2009-1956",
+ "TITLE": "APR-util off-by-one overflow"
+ },
+ "source": {
+ "defect": [],
+ "advisory": "",
+ "discovery": "UNKNOWN"
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "APR-util off-by-one overflow"
+ }
+ ]
+ }
+ ]
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "An off-by-one overflow flaw was found in the way the bundled copy of the APR-util library processed a variable list of arguments. An attacker could provide a specially-crafted string as input for the formatted output conversion routine, which could, on big-endian platforms, potentially lead to the disclosure of sensitive information or a denial of service."
+ }
+ ]
+ },
+ "impact": [
+ {
+ "other": "moderate"
+ }
+ ],
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Apache Software Foundation",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Apache HTTP Server",
+ "version": {
+ "version_data": [
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.11"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.10"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.9"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.8"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.6"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.5"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.4"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.3"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.2"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+}
\ No newline at end of file
Added: websites/staging/httpd/trunk/content/security/json/CVE-2009-2412.json
==============================================================================
--- websites/staging/httpd/trunk/content/security/json/CVE-2009-2412.json (added)
+++ websites/staging/httpd/trunk/content/security/json/CVE-2009-2412.json Tue Mar 30 10:14:12 2021
@@ -0,0 +1,262 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "generator": {
+ "engine": "xmltojsonmjc 1.0"
+ },
+ "references": {},
+ "timeline": [
+ {
+ "time": "2009-07-27",
+ "lang": "eng",
+ "value": "reported"
+ },
+ {
+ "time": "2009-08-04",
+ "lang": "eng",
+ "value": "public"
+ },
+ {
+ "time": "2009-08-09",
+ "lang": "eng",
+ "value": "2.2.13 released"
+ },
+ {
+ "time": "2010-10-19",
+ "lang": "eng",
+ "value": "2.0.64 released"
+ }
+ ],
+ "CNA_private": {
+ "owner": "httpd"
+ },
+ "CVE_data_meta": {
+ "ASSIGNER": "security@apache.org",
+ "AKA": "",
+ "STATE": "PUBLIC",
+ "DATE_PUBLIC": "2009-08-04",
+ "ID": "CVE-2009-2412",
+ "TITLE": "APR apr_palloc heap overflow"
+ },
+ "source": {
+ "defect": [],
+ "advisory": "",
+ "discovery": "UNKNOWN"
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "APR apr_palloc heap overflow"
+ }
+ ]
+ }
+ ]
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "A flaw in apr_palloc() in the bundled copy of APR could cause heap overflows in programs that try to apr_palloc() a user controlled size. The Apache HTTP Server itself does not pass unsanitized user-provided sizes to this function, so it could only be triggered through some other application which uses apr_palloc() in a vulnerable way."
+ }
+ ]
+ },
+ "impact": [
+ {
+ "other": "low"
+ }
+ ],
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Apache Software Foundation",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Apache HTTP Server",
+ "version": {
+ "version_data": [
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.12"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.11"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.10"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.9"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.8"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.6"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.5"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.4"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.3"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.2"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.0"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.63"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.61"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.59"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.58"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.55"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.54"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.53"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.52"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.51"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.50"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.49"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.48"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.47"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.46"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.45"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.44"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.43"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.42"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.40"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.39"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.37"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.36"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.35"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+}
\ No newline at end of file
Added: websites/staging/httpd/trunk/content/security/json/CVE-2009-2699.json
==============================================================================
--- websites/staging/httpd/trunk/content/security/json/CVE-2009-2699.json (added)
+++ websites/staging/httpd/trunk/content/security/json/CVE-2009-2699.json Tue Mar 30 10:14:12 2021
@@ -0,0 +1,147 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "generator": {
+ "engine": "xmltojsonmjc 1.0"
+ },
+ "references": {},
+ "timeline": [
+ {
+ "time": "2009-08-05",
+ "lang": "eng",
+ "value": "reported"
+ },
+ {
+ "time": "2009-09-23",
+ "lang": "eng",
+ "value": "public"
+ },
+ {
+ "time": "2009-10-05",
+ "lang": "eng",
+ "value": "2.2.14 released"
+ }
+ ],
+ "CNA_private": {
+ "owner": "httpd"
+ },
+ "CVE_data_meta": {
+ "ASSIGNER": "security@apache.org",
+ "AKA": "",
+ "STATE": "PUBLIC",
+ "DATE_PUBLIC": "2009-09-23",
+ "ID": "CVE-2009-2699",
+ "TITLE": "Solaris pollset DoS"
+ },
+ "source": {
+ "defect": [],
+ "advisory": "",
+ "discovery": "UNKNOWN"
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Solaris pollset DoS"
+ }
+ ]
+ }
+ ]
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Faulty error handling was found affecting Solaris pollset support (Event Port backend) caused by a bug in APR. A remote attacker could trigger this issue on Solaris servers which used prefork or event MPMs, resulting in a denial of service."
+ }
+ ]
+ },
+ "impact": [
+ {
+ "other": "moderate"
+ }
+ ],
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Apache Software Foundation",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Apache HTTP Server",
+ "version": {
+ "version_data": [
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.13"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.12"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.11"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.10"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.9"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.8"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.6"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.5"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.4"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.3"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.2"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+}
\ No newline at end of file
Added: websites/staging/httpd/trunk/content/security/json/CVE-2009-3094.json
==============================================================================
--- websites/staging/httpd/trunk/content/security/json/CVE-2009-3094.json (added)
+++ websites/staging/httpd/trunk/content/security/json/CVE-2009-3094.json Tue Mar 30 10:14:12 2021
@@ -0,0 +1,267 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "generator": {
+ "engine": "xmltojsonmjc 1.0"
+ },
+ "references": {},
+ "timeline": [
+ {
+ "time": "2009-09-04",
+ "lang": "eng",
+ "value": "reported"
+ },
+ {
+ "time": "2009-09-02",
+ "lang": "eng",
+ "value": "public"
+ },
+ {
+ "time": "2009-10-05",
+ "lang": "eng",
+ "value": "2.2.14 released"
+ },
+ {
+ "time": "2010-10-19",
+ "lang": "eng",
+ "value": "2.0.64 released"
+ }
+ ],
+ "CNA_private": {
+ "owner": "httpd"
+ },
+ "CVE_data_meta": {
+ "ASSIGNER": "security@apache.org",
+ "AKA": "",
+ "STATE": "PUBLIC",
+ "DATE_PUBLIC": "2009-09-02",
+ "ID": "CVE-2009-3094",
+ "TITLE": "mod_proxy_ftp DoS"
+ },
+ "source": {
+ "defect": [],
+ "advisory": "",
+ "discovery": "UNKNOWN"
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "mod_proxy_ftp DoS"
+ }
+ ]
+ }
+ ]
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "A NULL pointer dereference flaw was found in the mod_proxy_ftp module. A malicious FTP server to which requests are being proxied could use this flaw to crash an httpd child process via a malformed reply to the EPSV or PASV commands, resulting in a limited denial of service."
+ }
+ ]
+ },
+ "impact": [
+ {
+ "other": "low"
+ }
+ ],
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Apache Software Foundation",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Apache HTTP Server",
+ "version": {
+ "version_data": [
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.13"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.12"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.11"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.10"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.9"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.8"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.6"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.5"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.4"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.3"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.2"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.0"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.63"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.61"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.59"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.58"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.55"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.54"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.53"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.52"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.51"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.50"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.49"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.48"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.47"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.46"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.45"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.44"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.43"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.42"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.40"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.39"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.37"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.36"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.35"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+}
\ No newline at end of file
Added: websites/staging/httpd/trunk/content/security/json/CVE-2009-3095.json
==============================================================================
--- websites/staging/httpd/trunk/content/security/json/CVE-2009-3095.json (added)
+++ websites/staging/httpd/trunk/content/security/json/CVE-2009-3095.json Tue Mar 30 10:14:12 2021
@@ -0,0 +1,267 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "generator": {
+ "engine": "xmltojsonmjc 1.0"
+ },
+ "references": {},
+ "timeline": [
+ {
+ "time": "2009-09-03",
+ "lang": "eng",
+ "value": "reported"
+ },
+ {
+ "time": "2009-09-03",
+ "lang": "eng",
+ "value": "public"
+ },
+ {
+ "time": "2009-10-05",
+ "lang": "eng",
+ "value": "2.2.14 released"
+ },
+ {
+ "time": "2010-10-19",
+ "lang": "eng",
+ "value": "2.0.64 released"
+ }
+ ],
+ "CNA_private": {
+ "owner": "httpd"
+ },
+ "CVE_data_meta": {
+ "ASSIGNER": "security@apache.org",
+ "AKA": "",
+ "STATE": "PUBLIC",
+ "DATE_PUBLIC": "2009-09-03",
+ "ID": "CVE-2009-3095",
+ "TITLE": "mod_proxy_ftp FTP command injection"
+ },
+ "source": {
+ "defect": [],
+ "advisory": "",
+ "discovery": "UNKNOWN"
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "mod_proxy_ftp FTP command injection"
+ }
+ ]
+ }
+ ]
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "A flaw was found in the mod_proxy_ftp module. In a reverse proxy configuration, a remote attacker could use this flaw to bypass intended access restrictions by creating a carefully-crafted HTTP Authorization header, allowing the attacker to send arbitrary commands to the FTP server."
+ }
+ ]
+ },
+ "impact": [
+ {
+ "other": "low"
+ }
+ ],
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Apache Software Foundation",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Apache HTTP Server",
+ "version": {
+ "version_data": [
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.13"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.12"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.11"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.10"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.9"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.8"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.6"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.5"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.4"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.3"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.2"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.0"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.63"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.61"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.59"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.58"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.55"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.54"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.53"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.52"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.51"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.50"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.49"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.48"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.47"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.46"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.45"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.44"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.43"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.42"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.40"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.39"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.37"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.36"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.35"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+}
\ No newline at end of file
Added: websites/staging/httpd/trunk/content/security/json/CVE-2009-3560.json
==============================================================================
--- websites/staging/httpd/trunk/content/security/json/CVE-2009-3560.json (added)
+++ websites/staging/httpd/trunk/content/security/json/CVE-2009-3560.json Tue Mar 30 10:14:12 2021
@@ -0,0 +1,282 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "generator": {
+ "engine": "xmltojsonmjc 1.0"
+ },
+ "references": {},
+ "timeline": [
+ {
+ "time": "2009-12-18",
+ "lang": "eng",
+ "value": "reported"
+ },
+ {
+ "time": "2009-12-02",
+ "lang": "eng",
+ "value": "public"
+ },
+ {
+ "time": "2010-10-19",
+ "lang": "eng",
+ "value": "2.2.17 released"
+ },
+ {
+ "time": "2010-10-19",
+ "lang": "eng",
+ "value": "2.0.64 released"
+ }
+ ],
+ "CNA_private": {
+ "owner": "httpd"
+ },
+ "CVE_data_meta": {
+ "ASSIGNER": "security@apache.org",
+ "AKA": "",
+ "STATE": "PUBLIC",
+ "DATE_PUBLIC": "2009-12-02",
+ "ID": "CVE-2009-3560",
+ "TITLE": "expat DoS"
+ },
+ "source": {
+ "defect": [],
+ "advisory": "",
+ "discovery": "UNKNOWN"
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "expat DoS"
+ }
+ ]
+ }
+ ]
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "A buffer over-read flaw was found in the bundled expat library. An attacker who is able to get Apache to parse an untrused XML document (for example through mod_dav) may be able to cause a crash. This crash would only be a denial of service if using the worker MPM."
+ }
+ ]
+ },
+ "impact": [
+ {
+ "other": "low"
+ }
+ ],
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Apache Software Foundation",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Apache HTTP Server",
+ "version": {
+ "version_data": [
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.16"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.15"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.14"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.13"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.12"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.11"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.10"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.9"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.8"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.6"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.5"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.4"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.3"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.2"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.0"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.63"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.61"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.59"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.58"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.55"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.54"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.53"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.52"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.51"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.50"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.49"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.48"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.47"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.46"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.45"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.44"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.43"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.42"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.40"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.39"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.37"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.36"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.35"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+}
\ No newline at end of file
Added: websites/staging/httpd/trunk/content/security/json/CVE-2009-3720.json
==============================================================================
--- websites/staging/httpd/trunk/content/security/json/CVE-2009-3720.json (added)
+++ websites/staging/httpd/trunk/content/security/json/CVE-2009-3720.json Tue Mar 30 10:14:12 2021
@@ -0,0 +1,282 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "generator": {
+ "engine": "xmltojsonmjc 1.0"
+ },
+ "references": {},
+ "timeline": [
+ {
+ "time": "2009-08-21",
+ "lang": "eng",
+ "value": "reported"
+ },
+ {
+ "time": "2009-01-17",
+ "lang": "eng",
+ "value": "public"
+ },
+ {
+ "time": "2010-10-19",
+ "lang": "eng",
+ "value": "2.2.17 released"
+ },
+ {
+ "time": "2010-10-19",
+ "lang": "eng",
+ "value": "2.0.64 released"
+ }
+ ],
+ "CNA_private": {
+ "owner": "httpd"
+ },
+ "CVE_data_meta": {
+ "ASSIGNER": "security@apache.org",
+ "AKA": "",
+ "STATE": "PUBLIC",
+ "DATE_PUBLIC": "2009-01-17",
+ "ID": "CVE-2009-3720",
+ "TITLE": "expat DoS"
+ },
+ "source": {
+ "defect": [],
+ "advisory": "",
+ "discovery": "UNKNOWN"
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "expat DoS"
+ }
+ ]
+ }
+ ]
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "A buffer over-read flaw was found in the bundled expat library. An attacker who is able to get Apache to parse an untrused XML document (for example through mod_dav) may be able to cause a crash. This crash would only be a denial of service if using the worker MPM."
+ }
+ ]
+ },
+ "impact": [
+ {
+ "other": "low"
+ }
+ ],
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Apache Software Foundation",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Apache HTTP Server",
+ "version": {
+ "version_data": [
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.16"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.15"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.14"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.13"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.12"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.11"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.10"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.9"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.8"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.6"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.5"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.4"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.3"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.2"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.0"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.63"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.61"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.59"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.58"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.55"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.54"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.53"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.52"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.51"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.50"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.49"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.48"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.47"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.46"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.45"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.44"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.43"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.42"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.40"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.39"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.37"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.36"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.35"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+}
\ No newline at end of file
Added: websites/staging/httpd/trunk/content/security/json/CVE-2010-0010.json
==============================================================================
--- websites/staging/httpd/trunk/content/security/json/CVE-2010-0010.json (added)
+++ websites/staging/httpd/trunk/content/security/json/CVE-2010-0010.json Tue Mar 30 10:14:12 2021
@@ -0,0 +1,217 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "generator": {
+ "engine": "xmltojsonmjc 1.0"
+ },
+ "references": {},
+ "timeline": [
+ {
+ "time": "2009-12-30",
+ "lang": "eng",
+ "value": "reported"
+ },
+ {
+ "time": "2010-01-27",
+ "lang": "eng",
+ "value": "public"
+ },
+ {
+ "time": "2010-02-03",
+ "lang": "eng",
+ "value": "1.3.42 released"
+ }
+ ],
+ "CNA_private": {
+ "owner": "httpd"
+ },
+ "CVE_data_meta": {
+ "ASSIGNER": "security@apache.org",
+ "AKA": "",
+ "STATE": "PUBLIC",
+ "DATE_PUBLIC": "2010-01-27",
+ "ID": "CVE-2010-0010",
+ "TITLE": "mod_proxy overflow on 64-bit systems"
+ },
+ "source": {
+ "defect": [],
+ "advisory": "",
+ "discovery": "UNKNOWN"
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "mod_proxy overflow on 64-bit systems"
+ }
+ ]
+ }
+ ]
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "An incorrect conversion between numeric types flaw was found in the mod_proxy module which affects some 64-bit architecture systems. A malicious HTTP server to which requests are being proxied could use this flaw to trigger a heap buffer overflow in an httpd child process via a carefully crafted response."
+ }
+ ]
+ },
+ "impact": [
+ {
+ "other": "moderate"
+ }
+ ],
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Apache Software Foundation",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Apache HTTP Server",
+ "version": {
+ "version_data": [
+ {
+ "version_name": "1.3",
+ "version_affected": "=",
+ "version_value": "1.3.41"
+ },
+ {
+ "version_name": "1.3",
+ "version_affected": "=",
+ "version_value": "1.3.39"
+ },
+ {
+ "version_name": "1.3",
+ "version_affected": "=",
+ "version_value": "1.3.37"
+ },
+ {
+ "version_name": "1.3",
+ "version_affected": "=",
+ "version_value": "1.3.36"
+ },
+ {
+ "version_name": "1.3",
+ "version_affected": "=",
+ "version_value": "1.3.35"
+ },
+ {
+ "version_name": "1.3",
+ "version_affected": "=",
+ "version_value": "1.3.34"
+ },
+ {
+ "version_name": "1.3",
+ "version_affected": "=",
+ "version_value": "1.3.33"
+ },
+ {
+ "version_name": "1.3",
+ "version_affected": "=",
+ "version_value": "1.3.32"
+ },
+ {
+ "version_name": "1.3",
+ "version_affected": "=",
+ "version_value": "1.3.31"
+ },
+ {
+ "version_name": "1.3",
+ "version_affected": "=",
+ "version_value": "1.3.29"
+ },
+ {
+ "version_name": "1.3",
+ "version_affected": "=",
+ "version_value": "1.3.28"
+ },
+ {
+ "version_name": "1.3",
+ "version_affected": "=",
+ "version_value": "1.3.27"
+ },
+ {
+ "version_name": "1.3",
+ "version_affected": "=",
+ "version_value": "1.3.26"
+ },
+ {
+ "version_name": "1.3",
+ "version_affected": "=",
+ "version_value": "1.3.24"
+ },
+ {
+ "version_name": "1.3",
+ "version_affected": "=",
+ "version_value": "1.3.22"
+ },
+ {
+ "version_name": "1.3",
+ "version_affected": "=",
+ "version_value": "1.3.20"
+ },
+ {
+ "version_name": "1.3",
+ "version_affected": "=",
+ "version_value": "1.3.19"
+ },
+ {
+ "version_name": "1.3",
+ "version_affected": "=",
+ "version_value": "1.3.17"
+ },
+ {
+ "version_name": "1.3",
+ "version_affected": "=",
+ "version_value": "1.3.14"
+ },
+ {
+ "version_name": "1.3",
+ "version_affected": "=",
+ "version_value": "1.3.12"
+ },
+ {
+ "version_name": "1.3",
+ "version_affected": "=",
+ "version_value": "1.3.11"
+ },
+ {
+ "version_name": "1.3",
+ "version_affected": "=",
+ "version_value": "1.3.9"
+ },
+ {
+ "version_name": "1.3",
+ "version_affected": "=",
+ "version_value": "1.3.6"
+ },
+ {
+ "version_name": "1.3",
+ "version_affected": "=",
+ "version_value": "1.3.4"
+ },
+ {
+ "version_name": "1.3",
+ "version_affected": "=",
+ "version_value": "1.3.3"
+ },
+ {
+ "version_name": "1.3",
+ "version_affected": "=",
+ "version_value": "1.3.2"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+}
\ No newline at end of file
Added: websites/staging/httpd/trunk/content/security/json/CVE-2010-0408.json
==============================================================================
--- websites/staging/httpd/trunk/content/security/json/CVE-2010-0408.json (added)
+++ websites/staging/httpd/trunk/content/security/json/CVE-2010-0408.json Tue Mar 30 10:14:12 2021
@@ -0,0 +1,158 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "generator": {
+ "engine": "xmltojsonmjc 1.0"
+ },
+ "references": {},
+ "timeline": [
+ {
+ "time": "2010-02-02",
+ "lang": "eng",
+ "value": "reported"
+ },
+ {
+ "time": "2010-03-02",
+ "lang": "eng",
+ "value": "public"
+ },
+ {
+ "time": "2010-03-05",
+ "lang": "eng",
+ "value": "2.2.15 released"
+ }
+ ],
+ "CNA_private": {
+ "owner": "httpd"
+ },
+ "CVE_data_meta": {
+ "ASSIGNER": "security@apache.org",
+ "AKA": "",
+ "STATE": "PUBLIC",
+ "DATE_PUBLIC": "2010-03-02",
+ "ID": "CVE-2010-0408",
+ "TITLE": "mod_proxy_ajp DoS"
+ },
+ "source": {
+ "defect": [],
+ "advisory": "",
+ "discovery": "UNKNOWN"
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "mod_proxy_ajp DoS"
+ }
+ ]
+ }
+ ]
+ },
+ "credit": [
+ {
+ "lang": "eng",
+ "value": "We would like to thank Niku Toivola of Sulake Corporation for reporting and proposing a patch fix for this issue."
+ }
+ ],
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "mod_proxy_ajp would return the wrong status code if it encountered an error, causing a backend server to be put into an error state until the retry timeout expired. A remote attacker could send malicious requests to trigger this issue, resulting in denial of service."
+ }
+ ]
+ },
+ "impact": [
+ {
+ "other": "moderate"
+ }
+ ],
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Apache Software Foundation",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Apache HTTP Server",
+ "version": {
+ "version_data": [
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.14"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.13"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.12"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.11"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.10"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.9"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.8"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.6"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.5"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.4"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.3"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.2"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+}
\ No newline at end of file
Added: websites/staging/httpd/trunk/content/security/json/CVE-2010-0425.json
==============================================================================
--- websites/staging/httpd/trunk/content/security/json/CVE-2010-0425.json (added)
+++ websites/staging/httpd/trunk/content/security/json/CVE-2010-0425.json Tue Mar 30 10:14:12 2021
@@ -0,0 +1,268 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "generator": {
+ "engine": "xmltojsonmjc 1.0"
+ },
+ "references": {},
+ "timeline": [
+ {
+ "time": "2010-02-09",
+ "lang": "eng",
+ "value": "reported"
+ },
+ {
+ "time": "2010-03-02",
+ "lang": "eng",
+ "value": "public"
+ },
+ {
+ "time": "2010-03-05",
+ "lang": "eng",
+ "value": "2.2.15 released"
+ },
+ {
+ "time": "2010-10-19",
+ "lang": "eng",
+ "value": "2.0.64 released"
+ }
+ ],
+ "CNA_private": {
+ "owner": "httpd"
+ },
+ "CVE_data_meta": {
+ "ASSIGNER": "security@apache.org",
+ "AKA": "",
+ "STATE": "PUBLIC",
+ "DATE_PUBLIC": "2010-03-02",
+ "ID": "CVE-2010-0425",
+ "TITLE": "mod_isapi module unload flaw"
+ },
+ "source": {
+ "defect": [],
+ "advisory": "",
+ "discovery": "UNKNOWN"
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "mod_isapi module unload flaw"
+ }
+ ]
+ }
+ ]
+ },
+ "credit": [
+ {
+ "lang": "eng",
+ "value": "We would like to thank Brett Gervasoni of Sense of Security for reporting and proposing a patch fix for this issue."
+ }
+ ],
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "A flaw was found with within mod_isapi which would attempt to unload the ISAPI dll when it encountered various error states. This could leave the callbacks in an undefined state and result in a segfault. On Windows platforms using mod_isapi, a remote attacker could send a malicious request to trigger this issue, and as win32 MPM runs only one process, this would result in a denial of service, and potentially allow arbitrary code execution."
+ }
+ ]
+ },
+ "impact": [
+ {
+ "other": "important"
+ }
+ ],
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Apache Software Foundation",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Apache HTTP Server",
+ "version": {
+ "version_data": [
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.14"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.13"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.12"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.11"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.10"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.9"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.8"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.6"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.5"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.4"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.3"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.2"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.0"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.63"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.61"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.59"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.58"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.55"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.54"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.53"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.52"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.51"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.50"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.49"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.48"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.47"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.46"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.45"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.44"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.43"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.42"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.40"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.39"
+ },
+ {
+ "version_name": "2.0",
+ "version_affected": "=",
+ "version_value": "2.0.37"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+}
\ No newline at end of file