You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by jo...@apache.org on 2007/12/12 13:39:34 UTC
svn commit: r603600 - in /httpd/site/trunk:
docs/security/vulnerabilities-oval.xml docs/security/vulnerabilities_13.html
xdocs/security/vulnerabilities-httpd.xml
Author: jorton
Date: Wed Dec 12 04:39:33 2007
New Revision: 603600
URL: http://svn.apache.org/viewvc?rev=603600&view=rev
Log:
Add CVE-2007-5000 for 1.3.x.
Modified:
httpd/site/trunk/docs/security/vulnerabilities-oval.xml
httpd/site/trunk/docs/security/vulnerabilities_13.html
httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
Modified: httpd/site/trunk/docs/security/vulnerabilities-oval.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/docs/security/vulnerabilities-oval.xml?rev=603600&r1=603599&r2=603600&view=diff
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities-oval.xml (original)
+++ httpd/site/trunk/docs/security/vulnerabilities-oval.xml Wed Dec 12 04:39:33 2007
@@ -29,6 +29,35 @@
<criterion test_ref="oval:org.apache.httpd:tst:222" comment="the version of httpd is 2.2.2"/>
<criterion test_ref="oval:org.apache.httpd:tst:220" comment="the version of httpd is 2.2.0"/>
</criteria>
+<criteria operator="OR">
+<criterion test_ref="oval:org.apache.httpd:tst:1339" comment="the version of httpd is 1.3.39"/>
+<criterion test_ref="oval:org.apache.httpd:tst:1337" comment="the version of httpd is 1.3.37"/>
+<criterion test_ref="oval:org.apache.httpd:tst:1336" comment="the version of httpd is 1.3.36"/>
+<criterion test_ref="oval:org.apache.httpd:tst:1335" comment="the version of httpd is 1.3.35"/>
+<criterion test_ref="oval:org.apache.httpd:tst:1334" comment="the version of httpd is 1.3.34"/>
+<criterion test_ref="oval:org.apache.httpd:tst:1333" comment="the version of httpd is 1.3.33"/>
+<criterion test_ref="oval:org.apache.httpd:tst:1332" comment="the version of httpd is 1.3.32"/>
+<criterion test_ref="oval:org.apache.httpd:tst:1331" comment="the version of httpd is 1.3.31"/>
+<criterion test_ref="oval:org.apache.httpd:tst:1329" comment="the version of httpd is 1.3.29"/>
+<criterion test_ref="oval:org.apache.httpd:tst:1328" comment="the version of httpd is 1.3.28"/>
+<criterion test_ref="oval:org.apache.httpd:tst:1327" comment="the version of httpd is 1.3.27"/>
+<criterion test_ref="oval:org.apache.httpd:tst:1326" comment="the version of httpd is 1.3.26"/>
+<criterion test_ref="oval:org.apache.httpd:tst:1324" comment="the version of httpd is 1.3.24"/>
+<criterion test_ref="oval:org.apache.httpd:tst:1322" comment="the version of httpd is 1.3.22"/>
+<criterion test_ref="oval:org.apache.httpd:tst:1320" comment="the version of httpd is 1.3.20"/>
+<criterion test_ref="oval:org.apache.httpd:tst:1319" comment="the version of httpd is 1.3.19"/>
+<criterion test_ref="oval:org.apache.httpd:tst:1317" comment="the version of httpd is 1.3.17"/>
+<criterion test_ref="oval:org.apache.httpd:tst:1314" comment="the version of httpd is 1.3.14"/>
+<criterion test_ref="oval:org.apache.httpd:tst:1312" comment="the version of httpd is 1.3.12"/>
+<criterion test_ref="oval:org.apache.httpd:tst:1311" comment="the version of httpd is 1.3.11"/>
+<criterion test_ref="oval:org.apache.httpd:tst:139" comment="the version of httpd is 1.3.9"/>
+<criterion test_ref="oval:org.apache.httpd:tst:136" comment="the version of httpd is 1.3.6"/>
+<criterion test_ref="oval:org.apache.httpd:tst:134" comment="the version of httpd is 1.3.4"/>
+<criterion test_ref="oval:org.apache.httpd:tst:133" comment="the version of httpd is 1.3.3"/>
+<criterion test_ref="oval:org.apache.httpd:tst:132" comment="the version of httpd is 1.3.2"/>
+<criterion test_ref="oval:org.apache.httpd:tst:131" comment="the version of httpd is 1.3.1"/>
+<criterion test_ref="oval:org.apache.httpd:tst:130" comment="the version of httpd is 1.3.0"/>
+</criteria>
</criteria>
</definition>
<definition id="oval:org.apache.httpd:def:20073847" version="1" class="vulnerability">
@@ -2561,89 +2590,9 @@
<object object_ref="oval:org.apache.httpd:obj:1"/>
<state state_ref="oval:org.apache.httpd:ste:220"/>
</httpd_test>
-<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:2059" version="1" comment="the version of httpd is 2.0.59" check="at least one">
-<object object_ref="oval:org.apache.httpd:obj:1"/>
-<state state_ref="oval:org.apache.httpd:ste:2059"/>
-</httpd_test>
-<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:2058" version="1" comment="the version of httpd is 2.0.58" check="at least one">
-<object object_ref="oval:org.apache.httpd:obj:1"/>
-<state state_ref="oval:org.apache.httpd:ste:2058"/>
-</httpd_test>
-<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:2055" version="1" comment="the version of httpd is 2.0.55" check="at least one">
-<object object_ref="oval:org.apache.httpd:obj:1"/>
-<state state_ref="oval:org.apache.httpd:ste:2055"/>
-</httpd_test>
-<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:2054" version="1" comment="the version of httpd is 2.0.54" check="at least one">
-<object object_ref="oval:org.apache.httpd:obj:1"/>
-<state state_ref="oval:org.apache.httpd:ste:2054"/>
-</httpd_test>
-<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:2053" version="1" comment="the version of httpd is 2.0.53" check="at least one">
-<object object_ref="oval:org.apache.httpd:obj:1"/>
-<state state_ref="oval:org.apache.httpd:ste:2053"/>
-</httpd_test>
-<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:2052" version="1" comment="the version of httpd is 2.0.52" check="at least one">
-<object object_ref="oval:org.apache.httpd:obj:1"/>
-<state state_ref="oval:org.apache.httpd:ste:2052"/>
-</httpd_test>
-<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:2051" version="1" comment="the version of httpd is 2.0.51" check="at least one">
-<object object_ref="oval:org.apache.httpd:obj:1"/>
-<state state_ref="oval:org.apache.httpd:ste:2051"/>
-</httpd_test>
-<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:2050" version="1" comment="the version of httpd is 2.0.50" check="at least one">
-<object object_ref="oval:org.apache.httpd:obj:1"/>
-<state state_ref="oval:org.apache.httpd:ste:2050"/>
-</httpd_test>
-<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:2049" version="1" comment="the version of httpd is 2.0.49" check="at least one">
-<object object_ref="oval:org.apache.httpd:obj:1"/>
-<state state_ref="oval:org.apache.httpd:ste:2049"/>
-</httpd_test>
-<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:2048" version="1" comment="the version of httpd is 2.0.48" check="at least one">
-<object object_ref="oval:org.apache.httpd:obj:1"/>
-<state state_ref="oval:org.apache.httpd:ste:2048"/>
-</httpd_test>
-<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:2047" version="1" comment="the version of httpd is 2.0.47" check="at least one">
-<object object_ref="oval:org.apache.httpd:obj:1"/>
-<state state_ref="oval:org.apache.httpd:ste:2047"/>
-</httpd_test>
-<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:2046" version="1" comment="the version of httpd is 2.0.46" check="at least one">
-<object object_ref="oval:org.apache.httpd:obj:1"/>
-<state state_ref="oval:org.apache.httpd:ste:2046"/>
-</httpd_test>
-<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:2045" version="1" comment="the version of httpd is 2.0.45" check="at least one">
-<object object_ref="oval:org.apache.httpd:obj:1"/>
-<state state_ref="oval:org.apache.httpd:ste:2045"/>
-</httpd_test>
-<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:2044" version="1" comment="the version of httpd is 2.0.44" check="at least one">
-<object object_ref="oval:org.apache.httpd:obj:1"/>
-<state state_ref="oval:org.apache.httpd:ste:2044"/>
-</httpd_test>
-<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:2043" version="1" comment="the version of httpd is 2.0.43" check="at least one">
-<object object_ref="oval:org.apache.httpd:obj:1"/>
-<state state_ref="oval:org.apache.httpd:ste:2043"/>
-</httpd_test>
-<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:2042" version="1" comment="the version of httpd is 2.0.42" check="at least one">
-<object object_ref="oval:org.apache.httpd:obj:1"/>
-<state state_ref="oval:org.apache.httpd:ste:2042"/>
-</httpd_test>
-<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:2040" version="1" comment="the version of httpd is 2.0.40" check="at least one">
-<object object_ref="oval:org.apache.httpd:obj:1"/>
-<state state_ref="oval:org.apache.httpd:ste:2040"/>
-</httpd_test>
-<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:2039" version="1" comment="the version of httpd is 2.0.39" check="at least one">
-<object object_ref="oval:org.apache.httpd:obj:1"/>
-<state state_ref="oval:org.apache.httpd:ste:2039"/>
-</httpd_test>
-<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:2037" version="1" comment="the version of httpd is 2.0.37" check="at least one">
-<object object_ref="oval:org.apache.httpd:obj:1"/>
-<state state_ref="oval:org.apache.httpd:ste:2037"/>
-</httpd_test>
-<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:2036" version="1" comment="the version of httpd is 2.0.36" check="at least one">
+<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:1339" version="1" comment="the version of httpd is 1.3.39" check="at least one">
<object object_ref="oval:org.apache.httpd:obj:1"/>
-<state state_ref="oval:org.apache.httpd:ste:2036"/>
-</httpd_test>
-<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:2035" version="1" comment="the version of httpd is 2.0.35" check="at least one">
-<object object_ref="oval:org.apache.httpd:obj:1"/>
-<state state_ref="oval:org.apache.httpd:ste:2035"/>
+<state state_ref="oval:org.apache.httpd:ste:1339"/>
</httpd_test>
<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:1337" version="1" comment="the version of httpd is 1.3.37" check="at least one">
<object object_ref="oval:org.apache.httpd:obj:1"/>
@@ -2749,6 +2698,90 @@
<object object_ref="oval:org.apache.httpd:obj:1"/>
<state state_ref="oval:org.apache.httpd:ste:130"/>
</httpd_test>
+<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:2059" version="1" comment="the version of httpd is 2.0.59" check="at least one">
+<object object_ref="oval:org.apache.httpd:obj:1"/>
+<state state_ref="oval:org.apache.httpd:ste:2059"/>
+</httpd_test>
+<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:2058" version="1" comment="the version of httpd is 2.0.58" check="at least one">
+<object object_ref="oval:org.apache.httpd:obj:1"/>
+<state state_ref="oval:org.apache.httpd:ste:2058"/>
+</httpd_test>
+<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:2055" version="1" comment="the version of httpd is 2.0.55" check="at least one">
+<object object_ref="oval:org.apache.httpd:obj:1"/>
+<state state_ref="oval:org.apache.httpd:ste:2055"/>
+</httpd_test>
+<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:2054" version="1" comment="the version of httpd is 2.0.54" check="at least one">
+<object object_ref="oval:org.apache.httpd:obj:1"/>
+<state state_ref="oval:org.apache.httpd:ste:2054"/>
+</httpd_test>
+<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:2053" version="1" comment="the version of httpd is 2.0.53" check="at least one">
+<object object_ref="oval:org.apache.httpd:obj:1"/>
+<state state_ref="oval:org.apache.httpd:ste:2053"/>
+</httpd_test>
+<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:2052" version="1" comment="the version of httpd is 2.0.52" check="at least one">
+<object object_ref="oval:org.apache.httpd:obj:1"/>
+<state state_ref="oval:org.apache.httpd:ste:2052"/>
+</httpd_test>
+<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:2051" version="1" comment="the version of httpd is 2.0.51" check="at least one">
+<object object_ref="oval:org.apache.httpd:obj:1"/>
+<state state_ref="oval:org.apache.httpd:ste:2051"/>
+</httpd_test>
+<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:2050" version="1" comment="the version of httpd is 2.0.50" check="at least one">
+<object object_ref="oval:org.apache.httpd:obj:1"/>
+<state state_ref="oval:org.apache.httpd:ste:2050"/>
+</httpd_test>
+<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:2049" version="1" comment="the version of httpd is 2.0.49" check="at least one">
+<object object_ref="oval:org.apache.httpd:obj:1"/>
+<state state_ref="oval:org.apache.httpd:ste:2049"/>
+</httpd_test>
+<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:2048" version="1" comment="the version of httpd is 2.0.48" check="at least one">
+<object object_ref="oval:org.apache.httpd:obj:1"/>
+<state state_ref="oval:org.apache.httpd:ste:2048"/>
+</httpd_test>
+<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:2047" version="1" comment="the version of httpd is 2.0.47" check="at least one">
+<object object_ref="oval:org.apache.httpd:obj:1"/>
+<state state_ref="oval:org.apache.httpd:ste:2047"/>
+</httpd_test>
+<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:2046" version="1" comment="the version of httpd is 2.0.46" check="at least one">
+<object object_ref="oval:org.apache.httpd:obj:1"/>
+<state state_ref="oval:org.apache.httpd:ste:2046"/>
+</httpd_test>
+<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:2045" version="1" comment="the version of httpd is 2.0.45" check="at least one">
+<object object_ref="oval:org.apache.httpd:obj:1"/>
+<state state_ref="oval:org.apache.httpd:ste:2045"/>
+</httpd_test>
+<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:2044" version="1" comment="the version of httpd is 2.0.44" check="at least one">
+<object object_ref="oval:org.apache.httpd:obj:1"/>
+<state state_ref="oval:org.apache.httpd:ste:2044"/>
+</httpd_test>
+<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:2043" version="1" comment="the version of httpd is 2.0.43" check="at least one">
+<object object_ref="oval:org.apache.httpd:obj:1"/>
+<state state_ref="oval:org.apache.httpd:ste:2043"/>
+</httpd_test>
+<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:2042" version="1" comment="the version of httpd is 2.0.42" check="at least one">
+<object object_ref="oval:org.apache.httpd:obj:1"/>
+<state state_ref="oval:org.apache.httpd:ste:2042"/>
+</httpd_test>
+<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:2040" version="1" comment="the version of httpd is 2.0.40" check="at least one">
+<object object_ref="oval:org.apache.httpd:obj:1"/>
+<state state_ref="oval:org.apache.httpd:ste:2040"/>
+</httpd_test>
+<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:2039" version="1" comment="the version of httpd is 2.0.39" check="at least one">
+<object object_ref="oval:org.apache.httpd:obj:1"/>
+<state state_ref="oval:org.apache.httpd:ste:2039"/>
+</httpd_test>
+<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:2037" version="1" comment="the version of httpd is 2.0.37" check="at least one">
+<object object_ref="oval:org.apache.httpd:obj:1"/>
+<state state_ref="oval:org.apache.httpd:ste:2037"/>
+</httpd_test>
+<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:2036" version="1" comment="the version of httpd is 2.0.36" check="at least one">
+<object object_ref="oval:org.apache.httpd:obj:1"/>
+<state state_ref="oval:org.apache.httpd:ste:2036"/>
+</httpd_test>
+<httpd_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:tst:2035" version="1" comment="the version of httpd is 2.0.35" check="at least one">
+<object object_ref="oval:org.apache.httpd:obj:1"/>
+<state state_ref="oval:org.apache.httpd:ste:2035"/>
+</httpd_test>
</tests>
<objects>
<httpd_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" comment="the collection apache httpd binaries" version="1" id="oval:org.apache.httpd:obj:1">
@@ -2776,68 +2809,8 @@
<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:220" version="1" comment="the version of httpd is 2.2.0">
<version operation="equals" datatype="version">2.2.0</version>
</httpd_state>
-<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:2059" version="1" comment="the version of httpd is 2.0.59">
-<version operation="equals" datatype="version">2.0.59</version>
-</httpd_state>
-<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:2058" version="1" comment="the version of httpd is 2.0.58">
-<version operation="equals" datatype="version">2.0.58</version>
-</httpd_state>
-<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:2055" version="1" comment="the version of httpd is 2.0.55">
-<version operation="equals" datatype="version">2.0.55</version>
-</httpd_state>
-<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:2054" version="1" comment="the version of httpd is 2.0.54">
-<version operation="equals" datatype="version">2.0.54</version>
-</httpd_state>
-<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:2053" version="1" comment="the version of httpd is 2.0.53">
-<version operation="equals" datatype="version">2.0.53</version>
-</httpd_state>
-<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:2052" version="1" comment="the version of httpd is 2.0.52">
-<version operation="equals" datatype="version">2.0.52</version>
-</httpd_state>
-<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:2051" version="1" comment="the version of httpd is 2.0.51">
-<version operation="equals" datatype="version">2.0.51</version>
-</httpd_state>
-<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:2050" version="1" comment="the version of httpd is 2.0.50">
-<version operation="equals" datatype="version">2.0.50</version>
-</httpd_state>
-<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:2049" version="1" comment="the version of httpd is 2.0.49">
-<version operation="equals" datatype="version">2.0.49</version>
-</httpd_state>
-<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:2048" version="1" comment="the version of httpd is 2.0.48">
-<version operation="equals" datatype="version">2.0.48</version>
-</httpd_state>
-<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:2047" version="1" comment="the version of httpd is 2.0.47">
-<version operation="equals" datatype="version">2.0.47</version>
-</httpd_state>
-<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:2046" version="1" comment="the version of httpd is 2.0.46">
-<version operation="equals" datatype="version">2.0.46</version>
-</httpd_state>
-<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:2045" version="1" comment="the version of httpd is 2.0.45">
-<version operation="equals" datatype="version">2.0.45</version>
-</httpd_state>
-<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:2044" version="1" comment="the version of httpd is 2.0.44">
-<version operation="equals" datatype="version">2.0.44</version>
-</httpd_state>
-<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:2043" version="1" comment="the version of httpd is 2.0.43">
-<version operation="equals" datatype="version">2.0.43</version>
-</httpd_state>
-<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:2042" version="1" comment="the version of httpd is 2.0.42">
-<version operation="equals" datatype="version">2.0.42</version>
-</httpd_state>
-<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:2040" version="1" comment="the version of httpd is 2.0.40">
-<version operation="equals" datatype="version">2.0.40</version>
-</httpd_state>
-<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:2039" version="1" comment="the version of httpd is 2.0.39">
-<version operation="equals" datatype="version">2.0.39</version>
-</httpd_state>
-<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:2037" version="1" comment="the version of httpd is 2.0.37">
-<version operation="equals" datatype="version">2.0.37</version>
-</httpd_state>
-<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:2036" version="1" comment="the version of httpd is 2.0.36">
-<version operation="equals" datatype="version">2.0.36</version>
-</httpd_state>
-<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:2035" version="1" comment="the version of httpd is 2.0.35">
-<version operation="equals" datatype="version">2.0.35</version>
+<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:1339" version="1" comment="the version of httpd is 1.3.39">
+<version operation="equals" datatype="version">1.3.39</version>
</httpd_state>
<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:1337" version="1" comment="the version of httpd is 1.3.37">
<version operation="equals" datatype="version">1.3.37</version>
@@ -2916,6 +2889,69 @@
</httpd_state>
<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:130" version="1" comment="the version of httpd is 1.3.0">
<version operation="equals" datatype="version">1.3.0</version>
+</httpd_state>
+<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:2059" version="1" comment="the version of httpd is 2.0.59">
+<version operation="equals" datatype="version">2.0.59</version>
+</httpd_state>
+<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:2058" version="1" comment="the version of httpd is 2.0.58">
+<version operation="equals" datatype="version">2.0.58</version>
+</httpd_state>
+<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:2055" version="1" comment="the version of httpd is 2.0.55">
+<version operation="equals" datatype="version">2.0.55</version>
+</httpd_state>
+<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:2054" version="1" comment="the version of httpd is 2.0.54">
+<version operation="equals" datatype="version">2.0.54</version>
+</httpd_state>
+<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:2053" version="1" comment="the version of httpd is 2.0.53">
+<version operation="equals" datatype="version">2.0.53</version>
+</httpd_state>
+<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:2052" version="1" comment="the version of httpd is 2.0.52">
+<version operation="equals" datatype="version">2.0.52</version>
+</httpd_state>
+<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:2051" version="1" comment="the version of httpd is 2.0.51">
+<version operation="equals" datatype="version">2.0.51</version>
+</httpd_state>
+<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:2050" version="1" comment="the version of httpd is 2.0.50">
+<version operation="equals" datatype="version">2.0.50</version>
+</httpd_state>
+<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:2049" version="1" comment="the version of httpd is 2.0.49">
+<version operation="equals" datatype="version">2.0.49</version>
+</httpd_state>
+<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:2048" version="1" comment="the version of httpd is 2.0.48">
+<version operation="equals" datatype="version">2.0.48</version>
+</httpd_state>
+<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:2047" version="1" comment="the version of httpd is 2.0.47">
+<version operation="equals" datatype="version">2.0.47</version>
+</httpd_state>
+<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:2046" version="1" comment="the version of httpd is 2.0.46">
+<version operation="equals" datatype="version">2.0.46</version>
+</httpd_state>
+<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:2045" version="1" comment="the version of httpd is 2.0.45">
+<version operation="equals" datatype="version">2.0.45</version>
+</httpd_state>
+<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:2044" version="1" comment="the version of httpd is 2.0.44">
+<version operation="equals" datatype="version">2.0.44</version>
+</httpd_state>
+<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:2043" version="1" comment="the version of httpd is 2.0.43">
+<version operation="equals" datatype="version">2.0.43</version>
+</httpd_state>
+<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:2042" version="1" comment="the version of httpd is 2.0.42">
+<version operation="equals" datatype="version">2.0.42</version>
+</httpd_state>
+<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:2040" version="1" comment="the version of httpd is 2.0.40">
+<version operation="equals" datatype="version">2.0.40</version>
+</httpd_state>
+<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:2039" version="1" comment="the version of httpd is 2.0.39">
+<version operation="equals" datatype="version">2.0.39</version>
+</httpd_state>
+<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:2037" version="1" comment="the version of httpd is 2.0.37">
+<version operation="equals" datatype="version">2.0.37</version>
+</httpd_state>
+<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:2036" version="1" comment="the version of httpd is 2.0.36">
+<version operation="equals" datatype="version">2.0.36</version>
+</httpd_state>
+<httpd_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" id="oval:org.apache.httpd:ste:2035" version="1" comment="the version of httpd is 2.0.35">
+<version operation="equals" datatype="version">2.0.35</version>
</httpd_state>
</states>
</oval_definitions>
Modified: httpd/site/trunk/docs/security/vulnerabilities_13.html
URL: http://svn.apache.org/viewvc/httpd/site/trunk/docs/security/vulnerabilities_13.html?rev=603600&r1=603599&r2=603600&view=diff
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities_13.html (original)
+++ httpd/site/trunk/docs/security/vulnerabilities_13.html Wed Dec 12 04:39:33 2007
@@ -86,6 +86,37 @@
<tr>
<td bgcolor="#525D76">
<font color="#ffffff" face="arial,helvetica,sanserif">
+ <a name="1.3.40-dev"><strong>Fixed in Apache httpd 1.3.40-dev</strong></a>
+ </font>
+ </td>
+ </tr>
+ <tr><td>
+ <blockquote>
+<dl>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2007-5000">mod_imap XSS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000">CVE-2007-5000</a>
+<p>
+A flaw was found in the mod_imap module. On sites where
+mod_imap is enabled and an imagemap file is publicly available, a
+cross-site scripting attack is possible.</p>
+</dd>
+<dd />
+<dd>
+ Affects:
+ 1.3.39, 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
+</dd>
+</dl>
+ </blockquote>
+ </td></tr>
+</table>
+ <table border="0" cellspacing="0" cellpadding="2" width="100%">
+ <tr>
+ <td bgcolor="#525D76">
+ <font color="#ffffff" face="arial,helvetica,sanserif">
<a name="1.3.39"><strong>Fixed in Apache httpd 1.3.39</strong></a>
</font>
</td>
Modified: httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml?rev=603600&r1=603599&r2=603600&view=diff
==============================================================================
--- httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml (original)
+++ httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml Wed Dec 12 04:39:33 2007
@@ -16,6 +16,43 @@
<affects prod="httpd" version="2.2.0"/>
</issue>
+<issue fixed="1.3.40-dev" public="20071211" reported="20071023">
+<cve name="CVE-2007-5000"/>
+<severity level="3">moderate</severity>
+<title>mod_imap XSS</title>
+<description><p>
+A flaw was found in the mod_imap module. On sites where
+mod_imap is enabled and an imagemap file is publicly available, a
+cross-site scripting attack is possible.</p></description>
+<affects prod="httpd" version="1.3.39"/>
+<affects prod="httpd" version="1.3.37"/>
+<affects prod="httpd" version="1.3.36"/>
+<affects prod="httpd" version="1.3.35"/>
+<affects prod="httpd" version="1.3.34"/>
+<affects prod="httpd" version="1.3.33"/>
+<affects prod="httpd" version="1.3.32"/>
+<affects prod="httpd" version="1.3.31"/>
+<affects prod="httpd" version="1.3.29"/>
+<affects prod="httpd" version="1.3.28"/>
+<affects prod="httpd" version="1.3.27"/>
+<affects prod="httpd" version="1.3.26"/>
+<affects prod="httpd" version="1.3.24"/>
+<affects prod="httpd" version="1.3.22"/>
+<affects prod="httpd" version="1.3.20"/>
+<affects prod="httpd" version="1.3.19"/>
+<affects prod="httpd" version="1.3.17"/>
+<affects prod="httpd" version="1.3.14"/>
+<affects prod="httpd" version="1.3.12"/>
+<affects prod="httpd" version="1.3.11"/>
+<affects prod="httpd" version="1.3.9"/>
+<affects prod="httpd" version="1.3.6"/>
+<affects prod="httpd" version="1.3.4"/>
+<affects prod="httpd" version="1.3.3"/>
+<affects prod="httpd" version="1.3.2"/>
+<affects prod="httpd" version="1.3.1"/>
+<affects prod="httpd" version="1.3.0"/>
+</issue>
+
<issue fixed="2.2.6" public="20061210" reported="20061210" released="20070907">
<cve name="CVE-2007-3847"/>
<severity level="3">moderate</severity>