svn commit: r1610663 - /httpd/site/trunk/content/security/vulnerabilities-httpd.xml

[jo...@apache.org]

Author: jorton
Date: Tue Jul 15 11:45:46 2014
New Revision: 1610663

URL: http://svn.apache.org/r1610663
Log:
Note CVE-2014-3523.

Modified:
    httpd/site/trunk/content/security/vulnerabilities-httpd.xml

Modified: httpd/site/trunk/content/security/vulnerabilities-httpd.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/security/vulnerabilities-httpd.xml?rev=1610663&r1=1610662&r2=1610663&view=diff
==============================================================================
--- httpd/site/trunk/content/security/vulnerabilities-httpd.xml (original)
+++ httpd/site/trunk/content/security/vulnerabilities-httpd.xml Tue Jul 15 11:45:46 2014
@@ -1,5 +1,29 @@
 <security updated="20140714">
 
+<issue fixed="2.4.10-dev" reported="20140701" public="20140715" released="20140715">
+<cve name="CVE-2014-3523"/>
+<severity level="2">important</severity>
+<title>WinNT MPM denial of service</title>
+<description><p>
+A flaw was found in the WinNT MPM in httpd versions 2.4.1 to 2.4.9, when
+using the default AcceptFilter for that platform.  A remote attacker
+could send carefully crafted requests that would leak memory and
+eventually lead to a denial of service against the server.
+</p></description>
+<acknowledgements>
+This issue was reported by Jeff Trawick of the ASF
+</acknowledgements>
+<affects prod="httpd" version="2.4.9"/>
+<affects prod="httpd" version="2.4.8"/>
+<affects prod="httpd" version="2.4.7"/>
+<affects prod="httpd" version="2.4.6"/>
+<affects prod="httpd" version="2.4.4"/>
+<affects prod="httpd" version="2.4.3"/>
+<affects prod="httpd" version="2.4.2"/>
+<affects prod="httpd" version="2.4.1"/>
+</issue>
+
+
 <issue fixed="2.4.10-dev" reported="20140219" public="20140714" released="20140714">
 <cve name="CVE-2014-0118"/>
 <severity level="3">moderate</severity>