You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by mj...@apache.org on 2011/09/14 10:46:47 UTC

svn commit: r1170475 - /httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml

Author: mjc
Date: Wed Sep 14 08:46:47 2011
New Revision: 1170475

URL: http://svn.apache.org/viewvc?rev=1170475&view=rev
Log:
Tomas Hoger pointed out that prior to patch 
revision=734703 there was no real effect or security
consequence

Modified:
    httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml

Modified: httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml?rev=1170475&r1=1170474&r2=1170475&view=diff
==============================================================================
--- httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml [utf-8] (original)
+++ httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml [utf-8] Wed Sep 14 08:46:47 2011
@@ -7,8 +7,9 @@
 <description><p>
 A flaw was found when mod_proxy_ajp is used together with
 mod_proxy_balancer.  Given a specific configuration, a remote attacker
-could use unrecognized HTTP methods to mark ajp: balancer members in
-an error state.  This could be used in a denial of service attack.</p>
+could send certain malformed HTTP requests, putting a backend server
+into an error state until the retry timeout expired.
+This could lead to a temporary denial of service.</p>
 </description>
 <affects prod="httpd" version="2.2.20"/>
 <affects prod="httpd" version="2.2.19"/>
@@ -19,16 +20,6 @@ an error state.  This could be used in a
 <affects prod="httpd" version="2.2.14"/>
 <affects prod="httpd" version="2.2.13"/>
 <affects prod="httpd" version="2.2.12"/>
-<affects prod="httpd" version="2.2.11"/>
-<affects prod="httpd" version="2.2.10"/>
-<affects prod="httpd" version="2.2.9"/>
-<affects prod="httpd" version="2.2.8"/>
-<affects prod="httpd" version="2.2.6"/>
-<affects prod="httpd" version="2.2.5"/>
-<affects prod="httpd" version="2.2.4"/>
-<affects prod="httpd" version="2.2.3"/>
-<affects prod="httpd" version="2.2.2"/>
-<affects prod="httpd" version="2.2.0"/>
 </issue>
 
 <issue fixed="2.2.20" reported="20110820" public="20110820" released="20110830">