You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by jo...@apache.org on 2014/07/15 18:15:46 UTC
svn commit: r1610739 -
/httpd/site/trunk/content/security/vulnerabilities-httpd.xml
Author: jorton
Date: Tue Jul 15 16:15:46 2014
New Revision: 1610739
URL: http://svn.apache.org/r1610739
Log:
Add CVE-2014-0117, again thanks to Mark.
Modified:
httpd/site/trunk/content/security/vulnerabilities-httpd.xml
Modified: httpd/site/trunk/content/security/vulnerabilities-httpd.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/security/vulnerabilities-httpd.xml?rev=1610739&r1=1610738&r2=1610739&view=diff
==============================================================================
--- httpd/site/trunk/content/security/vulnerabilities-httpd.xml (original)
+++ httpd/site/trunk/content/security/vulnerabilities-httpd.xml Tue Jul 15 16:15:46 2014
@@ -1,4 +1,26 @@
-<security updated="20140714">
+<security updated="20140715">
+
+<issue fixed="2.4.10-dev" reported="20140407" public="20140715" released="20140715">
+<cve name="CVE-2014-0117"/>
+<severity level="3">moderate</severity>
+<title>mod_proxy denial of service</title>
+<description><p>
+A flaw was found in mod_proxy. A remote attacker could send a carefully crafted request
+to a server configured as a reverse proxy, and cause the child process
+to crash. This could lead to a denial of service against a threaded MPM.
+</p></description>
+<acknowledgements>
+This issue was reported by Marek Kroemeke via HP ZDI
+</acknowledgements>
+<affects prod="httpd" version="2.4.9"/>
+<affects prod="httpd" version="2.4.8"/>
+<affects prod="httpd" version="2.4.7"/>
+<affects prod="httpd" version="2.4.6"/>
+<affects prod="httpd" version="2.4.4"/>
+<affects prod="httpd" version="2.4.3"/>
+<affects prod="httpd" version="2.4.2"/>
+<affects prod="httpd" version="2.4.1"/>
+</issue>
<issue fixed="2.4.10-dev" reported="20140701" public="20140715" released="20140715">
<cve name="CVE-2014-3523"/>