You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by jo...@apache.org on 2014/07/15 13:45:47 UTC
svn commit: r1610663 -
/httpd/site/trunk/content/security/vulnerabilities-httpd.xml
Author: jorton
Date: Tue Jul 15 11:45:46 2014
New Revision: 1610663
URL: http://svn.apache.org/r1610663
Log:
Note CVE-2014-3523.
Modified:
httpd/site/trunk/content/security/vulnerabilities-httpd.xml
Modified: httpd/site/trunk/content/security/vulnerabilities-httpd.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/security/vulnerabilities-httpd.xml?rev=1610663&r1=1610662&r2=1610663&view=diff
==============================================================================
--- httpd/site/trunk/content/security/vulnerabilities-httpd.xml (original)
+++ httpd/site/trunk/content/security/vulnerabilities-httpd.xml Tue Jul 15 11:45:46 2014
@@ -1,5 +1,29 @@
<security updated="20140714">
+<issue fixed="2.4.10-dev" reported="20140701" public="20140715" released="20140715">
+<cve name="CVE-2014-3523"/>
+<severity level="2">important</severity>
+<title>WinNT MPM denial of service</title>
+<description><p>
+A flaw was found in the WinNT MPM in httpd versions 2.4.1 to 2.4.9, when
+using the default AcceptFilter for that platform. A remote attacker
+could send carefully crafted requests that would leak memory and
+eventually lead to a denial of service against the server.
+</p></description>
+<acknowledgements>
+This issue was reported by Jeff Trawick of the ASF
+</acknowledgements>
+<affects prod="httpd" version="2.4.9"/>
+<affects prod="httpd" version="2.4.8"/>
+<affects prod="httpd" version="2.4.7"/>
+<affects prod="httpd" version="2.4.6"/>
+<affects prod="httpd" version="2.4.4"/>
+<affects prod="httpd" version="2.4.3"/>
+<affects prod="httpd" version="2.4.2"/>
+<affects prod="httpd" version="2.4.1"/>
+</issue>
+
+
<issue fixed="2.4.10-dev" reported="20140219" public="20140714" released="20140714">
<cve name="CVE-2014-0118"/>
<severity level="3">moderate</severity>