You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by mj...@apache.org on 2011/09/14 10:46:47 UTC
svn commit: r1170475 -
/httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
Author: mjc
Date: Wed Sep 14 08:46:47 2011
New Revision: 1170475
URL: http://svn.apache.org/viewvc?rev=1170475&view=rev
Log:
Tomas Hoger pointed out that prior to patch
revision=734703 there was no real effect or security
consequence
Modified:
httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
Modified: httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml?rev=1170475&r1=1170474&r2=1170475&view=diff
==============================================================================
--- httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml [utf-8] (original)
+++ httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml [utf-8] Wed Sep 14 08:46:47 2011
@@ -7,8 +7,9 @@
<description><p>
A flaw was found when mod_proxy_ajp is used together with
mod_proxy_balancer. Given a specific configuration, a remote attacker
-could use unrecognized HTTP methods to mark ajp: balancer members in
-an error state. This could be used in a denial of service attack.</p>
+could send certain malformed HTTP requests, putting a backend server
+into an error state until the retry timeout expired.
+This could lead to a temporary denial of service.</p>
</description>
<affects prod="httpd" version="2.2.20"/>
<affects prod="httpd" version="2.2.19"/>
@@ -19,16 +20,6 @@ an error state. This could be used in a
<affects prod="httpd" version="2.2.14"/>
<affects prod="httpd" version="2.2.13"/>
<affects prod="httpd" version="2.2.12"/>
-<affects prod="httpd" version="2.2.11"/>
-<affects prod="httpd" version="2.2.10"/>
-<affects prod="httpd" version="2.2.9"/>
-<affects prod="httpd" version="2.2.8"/>
-<affects prod="httpd" version="2.2.6"/>
-<affects prod="httpd" version="2.2.5"/>
-<affects prod="httpd" version="2.2.4"/>
-<affects prod="httpd" version="2.2.3"/>
-<affects prod="httpd" version="2.2.2"/>
-<affects prod="httpd" version="2.2.0"/>
</issue>
<issue fixed="2.2.20" reported="20110820" public="20110820" released="20110830">