svn commit: r1610739 - /httpd/site/trunk/content/security/vulnerabilities-httpd.xml

[jo...@apache.org]

Author: jorton
Date: Tue Jul 15 16:15:46 2014
New Revision: 1610739

URL: http://svn.apache.org/r1610739
Log:
Add CVE-2014-0117, again thanks to Mark.

Modified:
    httpd/site/trunk/content/security/vulnerabilities-httpd.xml

Modified: httpd/site/trunk/content/security/vulnerabilities-httpd.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/security/vulnerabilities-httpd.xml?rev=1610739&r1=1610738&r2=1610739&view=diff
==============================================================================
--- httpd/site/trunk/content/security/vulnerabilities-httpd.xml (original)
+++ httpd/site/trunk/content/security/vulnerabilities-httpd.xml Tue Jul 15 16:15:46 2014
@@ -1,4 +1,26 @@
-<security updated="20140714">
+<security updated="20140715">
+
+<issue fixed="2.4.10-dev" reported="20140407" public="20140715" released="20140715">
+<cve name="CVE-2014-0117"/>
+<severity level="3">moderate</severity>
+<title>mod_proxy denial of service</title>
+<description><p>
+A flaw was found in mod_proxy.  A remote attacker could send a carefully crafted request
+to a server configured as a reverse proxy, and cause the child process
+to crash.  This could lead to a denial of service against a threaded MPM.
+</p></description>
+<acknowledgements>
+This issue was reported by Marek Kroemeke via HP ZDI
+</acknowledgements>
+<affects prod="httpd" version="2.4.9"/>
+<affects prod="httpd" version="2.4.8"/>
+<affects prod="httpd" version="2.4.7"/>
+<affects prod="httpd" version="2.4.6"/>
+<affects prod="httpd" version="2.4.4"/>
+<affects prod="httpd" version="2.4.3"/>
+<affects prod="httpd" version="2.4.2"/>
+<affects prod="httpd" version="2.4.1"/>
+</issue>
 
 <issue fixed="2.4.10-dev" reported="20140701" public="20140715" released="20140715">
 <cve name="CVE-2014-3523"/>