You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by bu...@apache.org on 2012/07/21 23:24:37 UTC
svn commit: r826586 - in /websites/staging/httpd/trunk/content: ./
security/vulnerabilities-httpd.page/securitydb.xsl
security/vulnerabilities_13.html security/vulnerabilities_20.html
security/vulnerabilities_22.html security/vulnerabilities_24.html
Author: buildbot
Date: Sat Jul 21 21:24:36 2012
New Revision: 826586
Log:
Staging update by buildbot for httpd
Modified:
websites/staging/httpd/trunk/content/ (props changed)
websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.page/securitydb.xsl
websites/staging/httpd/trunk/content/security/vulnerabilities_13.html
websites/staging/httpd/trunk/content/security/vulnerabilities_20.html
websites/staging/httpd/trunk/content/security/vulnerabilities_22.html
websites/staging/httpd/trunk/content/security/vulnerabilities_24.html
Propchange: websites/staging/httpd/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Sat Jul 21 21:24:36 2012
@@ -1 +1 @@
-1364176
+1364178
Modified: websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.page/securitydb.xsl
==============================================================================
Binary files - no diff available.
Modified: websites/staging/httpd/trunk/content/security/vulnerabilities_13.html
==============================================================================
--- websites/staging/httpd/trunk/content/security/vulnerabilities_13.html (original)
+++ websites/staging/httpd/trunk/content/security/vulnerabilities_13.html Sat Jul 21 21:24:36 2012
@@ -107,8 +107,8 @@ This issue was reported by Context Infor
</p>
</dd>
<dd>
- Reported to security team: 16th September 2011<br/>
- Issue public: 5th October 2011<br/></dd>
+ Reported to security team: 16th September 2011<br/>
+ Issue public: 5th October 2011<br/></dd>
<dd/>
<dd>
Affects:
@@ -130,10 +130,10 @@ via a carefully crafted response.
</p>
</dd>
<dd>
- Reported to security team: 30th December 2009<br/>
- Issue public: 7th December 2010<br/></dd>
+ Reported to security team: 30th December 2009<br/>
+ Issue public: 7th December 2010<br/></dd>
<dd>
- Update Released: 3rd February 2010<br/></dd>
+ Update Released: 3rd February 2010<br/></dd>
<dd>
Affects:
1.3.41, 1.3.39, 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2<p/></dd>
@@ -152,10 +152,10 @@ scripting attack is possible.
Note that the server-status page is not enabled by default and it is best practice to not make this publicly available.</p>
</dd>
<dd>
- Reported to security team: 15th December 2007<br/>
- Issue public: 2nd January 2008<br/></dd>
+ Reported to security team: 15th December 2007<br/>
+ Issue public: 2nd January 2008<br/></dd>
<dd>
- Update Released: 19th January 2008<br/></dd>
+ Update Released: 19th January 2008<br/></dd>
<dd>
Affects:
1.3.39, 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2<p/></dd>
@@ -171,10 +171,10 @@ mod_imap is enabled and an imagemap file
cross-site scripting attack is possible.</p>
</dd>
<dd>
- Reported to security team: 23rd October 2007<br/>
- Issue public: 11th December 2007<br/></dd>
+ Reported to security team: 23rd October 2007<br/>
+ Issue public: 11th December 2007<br/></dd>
<dd>
- Update Released: 19th January 2008<br/></dd>
+ Update Released: 19th January 2008<br/></dd>
<dd>
Affects:
1.3.39, 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/></dd>
@@ -195,10 +195,10 @@ page is not enabled by default and it is
this publicly available.</p>
</dd>
<dd>
- Reported to security team: 19th October 2006<br/>
- Issue public: 20th June 2007<br/></dd>
+ Reported to security team: 19th October 2006<br/>
+ Issue public: 20th June 2007<br/></dd>
<dd>
- Update Released: 7th September 2007<br/></dd>
+ Update Released: 7th September 2007<br/></dd>
<dd>
Affects:
1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2<p/></dd>
@@ -215,10 +215,10 @@ manipulate the scoreboard and cause arbi
terminated which could lead to a denial of service.</p>
</dd>
<dd>
- Reported to security team: 15th May 2006<br/>
- Issue public: 19th June 2007<br/></dd>
+ Reported to security team: 15th May 2006<br/>
+ Issue public: 19th June 2007<br/></dd>
<dd>
- Update Released: 7th September 2007<br/></dd>
+ Update Released: 7th September 2007<br/></dd>
<dd>
Affects:
1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/></dd>
@@ -241,10 +241,10 @@ processes) or potentially allow arbitrar
</p>
</dd>
<dd>
- Reported to security team: 21st July 2006<br/>
- Issue public: 27th July 2006<br/></dd>
+ Reported to security team: 21st July 2006<br/>
+ Issue public: 27th July 2006<br/></dd>
<dd>
- Update Released: 27th July 2006<br/></dd>
+ Update Released: 27th July 2006<br/></dd>
<dd>
Affects:
1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28<p/></dd>
@@ -267,9 +267,9 @@ the server times out a connection.
</p>
</dd>
<dd>
- Issue public: 8th May 2006<br/></dd>
+ Issue public: 8th May 2006<br/></dd>
<dd>
- Update Released: 1st May 2006<br/></dd>
+ Update Released: 1st May 2006<br/></dd>
<dd>
Affects:
1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3<p/></dd>
@@ -287,10 +287,10 @@ URL using certain web browsers.
</p>
</dd>
<dd>
- Reported to security team: 1st November 2005<br/>
- Issue public: 12th December 2005<br/></dd>
+ Reported to security team: 1st November 2005<br/>
+ Issue public: 12th December 2005<br/></dd>
<dd>
- Update Released: 1st May 2006<br/></dd>
+ Update Released: 1st May 2006<br/></dd>
<dd>
Affects:
1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/></dd>
@@ -309,9 +309,9 @@ the privileges of a httpd child.
</p>
</dd>
<dd>
- Issue public: 21st October 2004<br/></dd>
+ Issue public: 21st October 2004<br/></dd>
<dd>
- Update Released: 28th October 2004<br/></dd>
+ Update Released: 28th October 2004<br/></dd>
<dd>
Affects:
1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/></dd>
@@ -335,10 +335,10 @@ lead to remote arbitrary code execution
</p>
</dd>
<dd>
- Reported to security team: 8th June 2003<br/>
- Issue public: 10th June 2003<br/></dd>
+ Reported to security team: 8th June 2003<br/>
+ Issue public: 10th June 2003<br/></dd>
<dd>
- Update Released: 20th October 2004<br/></dd>
+ Update Released: 20th October 2004<br/></dd>
<dd>
Affects:
1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26<p/></dd>
@@ -361,10 +361,10 @@ is known to not affect FreeBSD or Linux.
</p>
</dd>
<dd>
- Reported to security team: 25th February 2004<br/>
- Issue public: 18th March 2004<br/></dd>
+ Reported to security team: 25th February 2004<br/>
+ Issue public: 18th March 2004<br/></dd>
<dd>
- Update Released: 12th May 2004<br/></dd>
+ Update Released: 12th May 2004<br/></dd>
<dd>
Affects:
1.3.29, 1.3.28?, 1.3.27?, 1.3.26?, 1.3.24?, 1.3.22?, 1.3.20?, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p/></dd>
@@ -381,9 +381,9 @@ to fail to match.
</p>
</dd>
<dd>
- Issue public: 15th October 2003<br/></dd>
+ Issue public: 15th October 2003<br/></dd>
<dd>
- Update Released: 12th May 2004<br/></dd>
+ Update Released: 12th May 2004<br/></dd>
<dd>
Affects:
1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/></dd>
@@ -401,9 +401,9 @@ sequences.
</p>
</dd>
<dd>
- Issue public: 24th February 2003<br/></dd>
+ Issue public: 24th February 2003<br/></dd>
<dd>
- Update Released: 12th May 2004<br/></dd>
+ Update Released: 12th May 2004<br/></dd>
<dd>
Affects:
1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/></dd>
@@ -426,9 +426,9 @@ mod_auth_digest.
</p>
</dd>
<dd>
- Issue public: 18th December 2003<br/></dd>
+ Issue public: 18th December 2003<br/></dd>
<dd>
- Update Released: 12th May 2004<br/></dd>
+ Update Released: 12th May 2004<br/></dd>
<dd>
Affects:
1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/></dd>
@@ -448,10 +448,10 @@ file (.htaccess or httpd.conf)
</p>
</dd>
<dd>
- Reported to security team: 4th August 2003<br/>
- Issue public: 27th October 2003<br/></dd>
+ Reported to security team: 4th August 2003<br/>
+ Issue public: 27th October 2003<br/></dd>
<dd>
- Update Released: 27th October 2003<br/></dd>
+ Update Released: 27th October 2003<br/></dd>
<dd>
Affects:
1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/></dd>
@@ -468,10 +468,10 @@ and exit if it received special control
</p>
</dd>
<dd>
- Reported to security team: 4th July 2003<br/>
- Issue public: 18th July 2003<br/></dd>
+ Reported to security team: 4th July 2003<br/>
+ Issue public: 18th July 2003<br/></dd>
<dd>
- Update Released: 18th July 2003<br/></dd>
+ Update Released: 18th July 2003<br/></dd>
<dd>
Affects:
1.3.27, 1.3.26?, 1.3.24?, 1.3.22?, 1.3.20?, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p/></dd>
@@ -488,10 +488,10 @@ ab is run against a malicious server
</p>
</dd>
<dd>
- Reported to security team: 23rd September 2002<br/>
- Issue public: 3rd October 2002<br/></dd>
+ Reported to security team: 23rd September 2002<br/>
+ Issue public: 3rd October 2002<br/></dd>
<dd>
- Update Released: 3rd October 2002<br/></dd>
+ Update Released: 3rd October 2002<br/></dd>
<dd>
Affects:
1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/></dd>
@@ -508,10 +508,10 @@ denial of service attack.
</p>
</dd>
<dd>
- Reported to security team: 11th November 2001<br/>
- Issue public: 3rd October 2002<br/></dd>
+ Reported to security team: 11th November 2001<br/>
+ Issue public: 3rd October 2002<br/></dd>
<dd>
- Update Released: 3rd October 2002<br/></dd>
+ Update Released: 3rd October 2002<br/></dd>
<dd>
Affects:
1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/></dd>
@@ -528,10 +528,10 @@ allows remote attackers to execute scrip
via the Host: header.</p>
</dd>
<dd>
- Reported to security team: 20th September 2002<br/>
- Issue public: 2nd October 2002<br/></dd>
+ Reported to security team: 20th September 2002<br/>
+ Issue public: 2nd October 2002<br/></dd>
<dd>
- Update Released: 3rd October 2002<br/></dd>
+ Update Released: 3rd October 2002<br/></dd>
<dd>
Affects:
1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/></dd>
@@ -549,10 +549,10 @@ system resources through to denial of se
cases the ability to be remotely exploited.</p>
</dd>
<dd>
- Reported to security team: 27th May 2002<br/>
- Issue public: 17th June 2002<br/></dd>
+ Reported to security team: 27th May 2002<br/>
+ Issue public: 17th June 2002<br/></dd>
<dd>
- Update Released: 18th June 2002<br/></dd>
+ Update Released: 18th June 2002<br/></dd>
<dd>
Affects:
1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/></dd>
@@ -570,9 +570,9 @@ to escape sequences,
</p>
</dd>
<dd>
- Issue public: 24th February 2003<br/></dd>
+ Issue public: 24th February 2003<br/></dd>
<dd>
- Update Released: 18th June 2002<br/></dd>
+ Update Released: 18th June 2002<br/></dd>
<dd>
Affects:
1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/></dd>
@@ -590,7 +590,7 @@ to batch file CGI scripts.</p>
</dd>
<dd/>
<dd>
- Update Released: 22nd March 2002<br/></dd>
+ Update Released: 22nd March 2002<br/></dd>
<dd>
Affects:
1.3.22, 1.3.20?, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p/></dd>
@@ -608,10 +608,10 @@ could cause a directory listing to be re
the default index page. </p>
</dd>
<dd>
- Reported to security team: 18th September 2001<br/>
- Issue public: 28th September 2001<br/></dd>
+ Reported to security team: 18th September 2001<br/>
+ Issue public: 28th September 2001<br/></dd>
<dd>
- Update Released: 12th October 2001<br/></dd>
+ Update Released: 12th October 2001<br/></dd>
<dd>
Affects:
1.3.20<p/></dd>
@@ -628,9 +628,9 @@ the default index page. </p>
return a directory listing rather than the expected index page.</p>
</dd>
<dd>
- Issue public: 9th July 2001<br/></dd>
+ Issue public: 9th July 2001<br/></dd>
<dd>
- Update Released: 12th October 2001<br/></dd>
+ Update Released: 12th October 2001<br/></dd>
<dd>
Affects:
1.3.20, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p/></dd>
@@ -646,9 +646,9 @@ the default index page. </p>
the system to be written to. </p>
</dd>
<dd>
- Issue public: 28th September 2001<br/></dd>
+ Issue public: 28th September 2001<br/></dd>
<dd>
- Update Released: 12th October 2001<br/></dd>
+ Update Released: 12th October 2001<br/></dd>
<dd>
Affects:
1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/></dd>
@@ -669,7 +669,7 @@ Fixed in Apache httpd 1.3.20</h1><dl>
</dd>
<dd/>
<dd>
- Update Released: 22nd May 2001<br/></dd>
+ Update Released: 22nd May 2001<br/></dd>
<dd>
Affects:
1.3.20, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p/></dd>
@@ -688,7 +688,7 @@ Fixed in Apache httpd 1.3.19</h1><dl>
</dd>
<dd/>
<dd>
- Update Released: 28th February 2001<br/></dd>
+ Update Released: 28th February 2001<br/></dd>
<dd>
Affects:
1.3.17, 1.3.14, 1.3.12, 1.3.11<p/></dd>
@@ -708,9 +708,9 @@ Fixed in Apache httpd 1.3.14</h1><dl>
then an attacker will be able to access any file on the server.</p>
</dd>
<dd>
- Issue public: 29th September 2000<br/></dd>
+ Issue public: 29th September 2000<br/></dd>
<dd>
- Update Released: 13th October 2000<br/></dd>
+ Update Released: 13th October 2000<br/></dd>
<dd>
Affects:
1.3.12, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p/></dd>
@@ -728,7 +728,7 @@ Fixed in Apache httpd 1.3.14</h1><dl>
</dd>
<dd/>
<dd>
- Update Released: 13th October 2000<br/></dd>
+ Update Released: 13th October 2000<br/></dd>
<dd>
Affects:
1.3.12, 1.3.11, 1.3.9<p/></dd>
@@ -745,7 +745,7 @@ Fixed in Apache httpd 1.3.14</h1><dl>
</dd>
<dd/>
<dd>
- Update Released: 13th October 2000<br/></dd>
+ Update Released: 13th October 2000<br/></dd>
<dd>
Affects:
1.3.12, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p/></dd>
@@ -768,7 +768,7 @@ Fixed in Apache httpd 1.3.12</h1><dl>
</dd>
<dd/>
<dd>
- Update Released: 25th February 2000<br/></dd>
+ Update Released: 25th February 2000<br/></dd>
<dd>
Affects:
1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/></dd>
@@ -791,7 +791,7 @@ the new <samp>mod_vhost_alias</samp> mod
</dd>
<dd/>
<dd>
- Update Released: 21st January 2000<br/></dd>
+ Update Released: 21st January 2000<br/></dd>
<dd>
Affects:
1.3.9, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p/></dd>
@@ -809,7 +809,7 @@ against people trying to access special
</dd>
<dd/>
<dd>
- Update Released: 11th January 1999<br/></dd>
+ Update Released: 11th January 1999<br/></dd>
<dd>
Affects:
1.3.3, 1.3.2, 1.3.1, 1.3.0<p/></dd>
@@ -832,7 +832,7 @@ a constant rate, since the attacker has
</dd>
<dd/>
<dd>
- Update Released: 23rd September 1998<br/></dd>
+ Update Released: 23rd September 1998<br/></dd>
<dd>
Affects:
1.3.1, 1.3.0<p/></dd>
@@ -851,7 +851,7 @@ limit the size of requests (these direct
</dd>
<dd/>
<dd>
- Update Released: 23rd September 1998<br/></dd>
+ Update Released: 23rd September 1998<br/></dd>
<dd>
Affects:
1.3.1, 1.3.0<p/></dd>
Modified: websites/staging/httpd/trunk/content/security/vulnerabilities_20.html
==============================================================================
--- websites/staging/httpd/trunk/content/security/vulnerabilities_20.html (original)
+++ websites/staging/httpd/trunk/content/security/vulnerabilities_20.html Sat Jul 21 21:24:36 2012
@@ -102,9 +102,9 @@ Advisory: <a href="CVE-2011-3192.txt">CV
</p>
</dd>
<dd>
- Issue public: 20th August 2011<br/></dd>
+ Issue public: 20th August 2011<br/></dd>
<dd>
- Update Released: 30th August 2011<br/></dd>
+ Update Released: 30th August 2011<br/></dd>
<dd>
Affects:
2.0.64, 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
@@ -128,8 +128,8 @@ This issue was reported by Context Infor
</p>
</dd>
<dd>
- Reported to security team: 16th September 2011<br/>
- Issue public: 5th October 2011<br/></dd>
+ Reported to security team: 16th September 2011<br/>
+ Issue public: 5th October 2011<br/></dd>
<dd/>
<dd>
Affects:
@@ -163,10 +163,10 @@ This issue was reported by Maksymilian A
</p>
</dd>
<dd>
- Reported to security team: 2nd March 2011<br/>
- Issue public: 10th May 2011<br/></dd>
+ Reported to security team: 2nd March 2011<br/>
+ Issue public: 10th May 2011<br/></dd>
<dd>
- Update Released: 21st May 2011<br/></dd>
+ Update Released: 21st May 2011<br/></dd>
<dd>
Affects:
2.0.64, 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
@@ -194,10 +194,10 @@ proposing a patch fix for this issue.
</p>
</dd>
<dd>
- Reported to security team: 9th February 2010<br/>
- Issue public: 2nd March 2010<br/></dd>
+ Reported to security team: 9th February 2010<br/>
+ Issue public: 2nd March 2010<br/></dd>
<dd>
- Update Released: 19th October 2010<br/></dd>
+ Update Released: 19th October 2010<br/></dd>
<dd>
Affects:
2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37<p/></dd>
@@ -216,10 +216,10 @@ be a denial of service if using the work
</p>
</dd>
<dd>
- Reported to security team: 21st August 2009<br/>
- Issue public: 17th January 2009<br/></dd>
+ Reported to security team: 21st August 2009<br/>
+ Issue public: 17th January 2009<br/></dd>
<dd>
- Update Released: 19th October 2010<br/></dd>
+ Update Released: 19th October 2010<br/></dd>
<dd>
Affects:
2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
@@ -238,9 +238,9 @@ be a denial of service if using the work
</p>
</dd>
<dd>
- Issue public: 2nd December 2009<br/></dd>
+ Issue public: 2nd December 2009<br/></dd>
<dd>
- Update Released: 19th October 2010<br/></dd>
+ Update Released: 19th October 2010<br/></dd>
<dd>
Affects:
2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
@@ -259,10 +259,10 @@ service.
</p>
</dd>
<dd>
- Reported to security team: 3rd March 2010<br/>
- Issue public: 1st October 2010<br/></dd>
+ Reported to security team: 3rd March 2010<br/>
+ Issue public: 1st October 2010<br/></dd>
<dd>
- Update Released: 19th October 2010<br/></dd>
+ Update Released: 19th October 2010<br/></dd>
<dd>
Affects:
2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
@@ -286,10 +286,10 @@ This issue was reported by Mark Drayton.
</p>
</dd>
<dd>
- Reported to security team: 4th May 2010<br/>
- Issue public: 25th July 2010<br/></dd>
+ Reported to security team: 4th May 2010<br/>
+ Issue public: 25th July 2010<br/></dd>
<dd>
- Update Released: 19th October 2010<br/></dd>
+ Update Released: 19th October 2010<br/></dd>
<dd>
Affects:
2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
@@ -309,10 +309,10 @@ in a vulnerable way.
</p>
</dd>
<dd>
- Reported to security team: 27th July 2009<br/>
- Issue public: 4th August 2009<br/></dd>
+ Reported to security team: 27th July 2009<br/>
+ Issue public: 4th August 2009<br/></dd>
<dd>
- Update Released: 19th October 2010<br/></dd>
+ Update Released: 19th October 2010<br/></dd>
<dd>
Affects:
2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
@@ -331,9 +331,9 @@ to consume large amounts of CPU if mod_d
file.</p>
</dd>
<dd>
- Issue public: 26th June 2009<br/></dd>
+ Issue public: 26th June 2009<br/></dd>
<dd>
- Update Released: 19th October 2010<br/></dd>
+ Update Released: 19th October 2010<br/></dd>
<dd>
Affects:
2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
@@ -352,10 +352,10 @@ to the FTP server.
</p>
</dd>
<dd>
- Reported to security team: 3rd September 2009<br/>
- Issue public: 3rd August 2009<br/></dd>
+ Reported to security team: 3rd September 2009<br/>
+ Issue public: 3rd August 2009<br/></dd>
<dd>
- Update Released: 19th October 2010<br/></dd>
+ Update Released: 19th October 2010<br/></dd>
<dd>
Affects:
2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
@@ -374,10 +374,10 @@ service.
</p>
</dd>
<dd>
- Reported to security team: 4th September 2009<br/>
- Issue public: 2nd August 2009<br/></dd>
+ Reported to security team: 4th September 2009<br/>
+ Issue public: 2nd August 2009<br/></dd>
<dd>
- Update Released: 19th October 2010<br/></dd>
+ Update Released: 19th October 2010<br/></dd>
<dd>
Affects:
2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
@@ -407,9 +407,9 @@ fix for this issue.
</p>
</dd>
<dd>
- Issue public: 9th December 2009<br/></dd>
+ Issue public: 9th December 2009<br/></dd>
<dd>
- Update Released: 19th October 2010<br/></dd>
+ Update Released: 19th October 2010<br/></dd>
<dd>
Affects:
2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
@@ -426,10 +426,10 @@ FTP-over-HTTP, requests containing globb
to cross-site scripting (XSS) attacks.</p>
</dd>
<dd>
- Reported to security team: 28th July 2008<br/>
- Issue public: 5th August 2008<br/></dd>
+ Reported to security team: 28th July 2008<br/>
+ Issue public: 5th August 2008<br/></dd>
<dd>
- Update Released: 19th October 2010<br/></dd>
+ Update Released: 19th October 2010<br/></dd>
<dd>
Affects:
2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
@@ -445,10 +445,10 @@ from an origin server when using mod_pro
could cause a denial of service or high memory usage.</p>
</dd>
<dd>
- Reported to security team: 29th May 2008<br/>
- Issue public: 10th June 2008<br/></dd>
+ Reported to security team: 29th May 2008<br/>
+ Issue public: 10th June 2008<br/></dd>
<dd>
- Update Released: 19th October 2010<br/></dd>
+ Update Released: 19th October 2010<br/></dd>
<dd>
Affects:
2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
@@ -469,10 +469,10 @@ RFC 2616.
</p>
</dd>
<dd>
- Reported to security team: 15th December 2007<br/>
- Issue public: 8th January 2008<br/></dd>
+ Reported to security team: 15th December 2007<br/>
+ Issue public: 8th January 2008<br/></dd>
<dd>
- Update Released: 19th January 2008<br/></dd>
+ Update Released: 19th January 2008<br/></dd>
<dd>
Affects:
2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
@@ -489,10 +489,10 @@ scripting attack is possible.
Note that the server-status page is not enabled by default and it is best practice to not make this publicly available.</p>
</dd>
<dd>
- Reported to security team: 15th December 2007<br/>
- Issue public: 2nd January 2008<br/></dd>
+ Reported to security team: 15th December 2007<br/>
+ Issue public: 2nd January 2008<br/></dd>
<dd>
- Update Released: 19th January 2008<br/></dd>
+ Update Released: 19th January 2008<br/></dd>
<dd>
Affects:
2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
@@ -508,10 +508,10 @@ mod_imap is enabled and an imagemap file
cross-site scripting attack is possible.</p>
</dd>
<dd>
- Reported to security team: 23rd October 2007<br/>
- Issue public: 11th December 2007<br/></dd>
+ Reported to security team: 23rd October 2007<br/>
+ Issue public: 11th December 2007<br/></dd>
<dd>
- Update Released: 19th January 2008<br/></dd>
+ Update Released: 19th January 2008<br/></dd>
<dd>
Affects:
2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
@@ -533,9 +533,9 @@ malicious site using the proxy. This cou
using a threaded Multi-Processing Module.</p>
</dd>
<dd>
- Issue public: 10th December 2006<br/></dd>
+ Issue public: 10th December 2006<br/></dd>
<dd>
- Update Released: 7th September 2007<br/></dd>
+ Update Released: 7th September 2007<br/></dd>
<dd>
Affects:
2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
@@ -554,10 +554,10 @@ page is not enabled by default and it is
this publicly available.</p>
</dd>
<dd>
- Reported to security team: 19th October 2006<br/>
- Issue public: 20th June 2007<br/></dd>
+ Reported to security team: 19th October 2006<br/>
+ Issue public: 20th June 2007<br/></dd>
<dd>
- Update Released: 7th September 2007<br/></dd>
+ Update Released: 7th September 2007<br/></dd>
<dd>
Affects:
2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
@@ -574,10 +574,10 @@ manipulate the scoreboard and cause arbi
terminated which could lead to a denial of service.</p>
</dd>
<dd>
- Reported to security team: 15th May 2006<br/>
- Issue public: 19th June 2007<br/></dd>
+ Reported to security team: 15th May 2006<br/>
+ Issue public: 19th June 2007<br/></dd>
<dd>
- Update Released: 7th September 2007<br/></dd>
+ Update Released: 7th September 2007<br/></dd>
<dd>
Affects:
2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
@@ -594,10 +594,10 @@ crash. This could lead to a denial of se
Multi-Processing Module.</p>
</dd>
<dd>
- Reported to security team: 2nd May 2007<br/>
- Issue public: 18th June 2007<br/></dd>
+ Reported to security team: 2nd May 2007<br/>
+ Issue public: 18th June 2007<br/></dd>
<dd>
- Update Released: 7th September 2007<br/></dd>
+ Update Released: 7th September 2007<br/></dd>
<dd>
Affects:
2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37<p/></dd>
@@ -620,10 +620,10 @@ processes) or potentially allow arbitrar
</p>
</dd>
<dd>
- Reported to security team: 21st July 2006<br/>
- Issue public: 27th July 2006<br/></dd>
+ Reported to security team: 21st July 2006<br/>
+ Issue public: 27th July 2006<br/></dd>
<dd>
- Update Released: 27th July 2006<br/></dd>
+ Update Released: 27th July 2006<br/></dd>
<dd>
Affects:
2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46<p/></dd>
@@ -644,10 +644,10 @@ crash would only be a denial of service
</p>
</dd>
<dd>
- Reported to security team: 5th December 2005<br/>
- Issue public: 12th December 2005<br/></dd>
+ Reported to security team: 5th December 2005<br/>
+ Issue public: 12th December 2005<br/></dd>
<dd>
- Update Released: 1st May 2006<br/></dd>
+ Update Released: 1st May 2006<br/></dd>
<dd>
Affects:
2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
@@ -665,10 +665,10 @@ URL using certain web browsers.
</p>
</dd>
<dd>
- Reported to security team: 1st November 2005<br/>
- Issue public: 12th December 2005<br/></dd>
+ Reported to security team: 1st November 2005<br/>
+ Issue public: 12th December 2005<br/></dd>
<dd>
- Update Released: 1st May 2006<br/></dd>
+ Update Released: 1st May 2006<br/></dd>
<dd>
Affects:
2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
@@ -690,9 +690,9 @@ be protected, by not supplying a client
</p>
</dd>
<dd>
- Issue public: 30th August 2005<br/></dd>
+ Issue public: 30th August 2005<br/></dd>
<dd>
- Update Released: 14th October 2005<br/></dd>
+ Update Released: 14th October 2005<br/></dd>
<dd>
Affects:
2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
@@ -713,7 +713,7 @@ be difficult.
</dd>
<dd/>
<dd>
- Update Released: 14th October 2005<br/></dd>
+ Update Released: 14th October 2005<br/></dd>
<dd>
Affects:
2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36<p/></dd>
@@ -732,9 +732,9 @@ of a httpd child.
</p>
</dd>
<dd>
- Issue public: 1st August 2005<br/></dd>
+ Issue public: 1st August 2005<br/></dd>
<dd>
- Update Released: 14th October 2005<br/></dd>
+ Update Released: 14th October 2005<br/></dd>
<dd>
Affects:
2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
@@ -752,9 +752,9 @@ revocation list (CRL)
</p>
</dd>
<dd>
- Issue public: 8th June 2005<br/></dd>
+ Issue public: 8th June 2005<br/></dd>
<dd>
- Update Released: 14th October 2005<br/></dd>
+ Update Released: 14th October 2005<br/></dd>
<dd>
Affects:
2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
@@ -773,9 +773,9 @@ potentially leading to a Denial of Servi
</p>
</dd>
<dd>
- Issue public: 7th July 2005<br/></dd>
+ Issue public: 7th July 2005<br/></dd>
<dd>
- Update Released: 14th October 2005<br/></dd>
+ Update Released: 14th October 2005<br/></dd>
<dd>
Affects:
2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
@@ -796,9 +796,9 @@ lead to cross-site scripting (XSS) attac
</p>
</dd>
<dd>
- Issue public: 11th June 2005<br/></dd>
+ Issue public: 11th June 2005<br/></dd>
<dd>
- Update Released: 14th October 2005<br/></dd>
+ Update Released: 14th October 2005<br/></dd>
<dd>
Affects:
2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
@@ -819,10 +819,10 @@ a denial of service.
</p>
</dd>
<dd>
- Reported to security team: 28th October 2004<br/>
- Issue public: 1st November 2004<br/></dd>
+ Reported to security team: 28th October 2004<br/>
+ Issue public: 1st November 2004<br/></dd>
<dd>
- Update Released: 8th February 2005<br/></dd>
+ Update Released: 8th February 2005<br/></dd>
<dd>
Affects:
2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
@@ -839,10 +839,10 @@ and Basic Authentication passwords on di
</p>
</dd>
<dd>
- Reported to security team: 2nd March 2004<br/>
- Issue public: 20th March 2004<br/></dd>
+ Reported to security team: 2nd March 2004<br/>
+ Issue public: 20th March 2004<br/></dd>
<dd>
- Update Released: 8th February 2005<br/></dd>
+ Update Released: 8th February 2005<br/></dd>
<dd>
Affects:
2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
@@ -861,9 +861,9 @@ any cipher suite allowed by the virtual
</p>
</dd>
<dd>
- Issue public: 1st October 2004<br/></dd>
+ Issue public: 1st October 2004<br/></dd>
<dd>
- Update Released: 8th February 2005<br/></dd>
+ Update Released: 8th February 2005<br/></dd>
<dd>
Affects:
2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
@@ -882,9 +882,9 @@ resources despite any configured authent
</p>
</dd>
<dd>
- Issue public: 18th September 2004<br/></dd>
+ Issue public: 18th September 2004<br/></dd>
<dd>
- Update Released: 28th September 2004<br/></dd>
+ Update Released: 28th September 2004<br/></dd>
<dd>
Affects:
2.0.51<p/></dd>
@@ -906,10 +906,10 @@ is believed this flaw may be able to lea
</p>
</dd>
<dd>
- Reported to security team: 25th August 2004<br/>
- Issue public: 15th September 2004<br/></dd>
+ Reported to security team: 25th August 2004<br/>
+ Issue public: 15th September 2004<br/></dd>
<dd>
- Update Released: 15th September 2004<br/></dd>
+ Update Released: 15th September 2004<br/></dd>
<dd>
Affects:
2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
@@ -927,9 +927,9 @@ enter an infinite loop, consuming CPU re
</p>
</dd>
<dd>
- Issue public: 7th July 2004<br/></dd>
+ Issue public: 7th July 2004<br/></dd>
<dd>
- Update Released: 15th September 2004<br/></dd>
+ Update Released: 15th September 2004<br/></dd>
<dd>
Affects:
2.0.50, 2.0.49?, 2.0.48?, 2.0.47?, 2.0.46?, 2.0.45?, 2.0.44?, 2.0.43?, 2.0.42?, 2.0.40?, 2.0.39?, 2.0.37?, 2.0.36?, 2.0.35?<p/></dd>
@@ -954,10 +954,10 @@ this issue.
</p>
</dd>
<dd>
- Reported to security team: 5th August 2004<br/>
- Issue public: 15th September 2004<br/></dd>
+ Reported to security team: 5th August 2004<br/>
+ Issue public: 15th September 2004<br/></dd>
<dd>
- Update Released: 15th September 2004<br/></dd>
+ Update Released: 15th September 2004<br/></dd>
<dd>
Affects:
2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
@@ -978,9 +978,9 @@ of service where a threaded process mode
</p>
</dd>
<dd>
- Issue public: 7th July 2004<br/></dd>
+ Issue public: 7th July 2004<br/></dd>
<dd>
- Update Released: 15th September 2004<br/></dd>
+ Update Released: 15th September 2004<br/></dd>
<dd>
Affects:
2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44<p/></dd>
@@ -1001,9 +1001,9 @@ threaded process model is in use.
</p>
</dd>
<dd>
- Issue public: 12th September 2004<br/></dd>
+ Issue public: 12th September 2004<br/></dd>
<dd>
- Update Released: 15th September 2004<br/></dd>
+ Update Released: 15th September 2004<br/></dd>
<dd>
Affects:
2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
@@ -1022,10 +1022,10 @@ consumption.
</p>
</dd>
<dd>
- Reported to security team: 13th June 2004<br/>
- Issue public: 1st July 2004<br/></dd>
+ Reported to security team: 13th June 2004<br/>
+ Issue public: 1st July 2004<br/></dd>
<dd>
- Update Released: 1st July 2004<br/></dd>
+ Update Released: 1st July 2004<br/></dd>
<dd>
Affects:
2.0.49, 2.0.48?, 2.0.47?, 2.0.46?, 2.0.45?, 2.0.44?, 2.0.43?, 2.0.42?, 2.0.40?, 2.0.39?, 2.0.37?, 2.0.36?, 2.0.35?<p/></dd>
@@ -1042,9 +1042,9 @@ field which exceeds 6K in length.
</p>
</dd>
<dd>
- Issue public: 17th May 2004<br/></dd>
+ Issue public: 17th May 2004<br/></dd>
<dd>
- Update Released: 1st July 2004<br/></dd>
+ Update Released: 1st July 2004<br/></dd>
<dd>
Affects:
2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
@@ -1067,10 +1067,10 @@ is known to not affect FreeBSD or Linux.
</p>
</dd>
<dd>
- Reported to security team: 25th February 2004<br/>
- Issue public: 18th March 2004<br/></dd>
+ Reported to security team: 25th February 2004<br/>
+ Issue public: 18th March 2004<br/></dd>
<dd>
- Update Released: 19th March 2004<br/></dd>
+ Update Released: 19th March 2004<br/></dd>
<dd>
Affects:
2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
@@ -1087,9 +1087,9 @@ SSL port.
</p>
</dd>
<dd>
- Issue public: 20th February 2004<br/></dd>
+ Issue public: 20th February 2004<br/></dd>
<dd>
- Update Released: 19th March 2004<br/></dd>
+ Update Released: 19th March 2004<br/></dd>
<dd>
Affects:
2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
@@ -1107,9 +1107,9 @@ sequences.
</p>
</dd>
<dd>
- Issue public: 24th February 2003<br/></dd>
+ Issue public: 24th February 2003<br/></dd>
<dd>
- Update Released: 19th March 2004<br/></dd>
+ Update Released: 19th March 2004<br/></dd>
<dd>
Affects:
2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
@@ -1129,10 +1129,10 @@ file (.htaccess or httpd.conf)
</p>
</dd>
<dd>
- Reported to security team: 4th August 2003<br/>
- Issue public: 27th October 2003<br/></dd>
+ Reported to security team: 4th August 2003<br/>
+ Issue public: 27th October 2003<br/></dd>
<dd>
- Update Released: 27th October 2003<br/></dd>
+ Update Released: 27th October 2003<br/></dd>
<dd>
Affects:
2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
@@ -1149,10 +1149,10 @@ is used.
</p>
</dd>
<dd>
- Reported to security team: 3rd October 2003<br/>
- Issue public: 27th October 2003<br/></dd>
+ Reported to security team: 3rd October 2003<br/>
+ Issue public: 27th October 2003<br/></dd>
<dd>
- Update Released: 27th October 2003<br/></dd>
+ Update Released: 27th October 2003<br/></dd>
<dd>
Affects:
2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
@@ -1171,10 +1171,10 @@ service, due to a bug in the prefork MPM
</p>
</dd>
<dd>
- Reported to security team: 25th June 2003<br/>
- Issue public: 9th July 2003<br/></dd>
+ Reported to security team: 25th June 2003<br/>
+ Issue public: 9th July 2003<br/></dd>
<dd>
- Update Released: 9th July 2003<br/></dd>
+ Update Released: 9th July 2003<br/></dd>
<dd>
Affects:
2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
@@ -1193,10 +1193,10 @@ and a change to the cipher suite over th
</p>
</dd>
<dd>
- Reported to security team: 30th April 2003<br/>
- Issue public: 9th July 2003<br/></dd>
+ Reported to security team: 30th April 2003<br/>
+ Issue public: 9th July 2003<br/></dd>
<dd>
- Update Released: 9th July 2003<br/></dd>
+ Update Released: 9th July 2003<br/></dd>
<dd>
Affects:
2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
@@ -1213,10 +1213,10 @@ an infinite loop occurs causing a remote
</p>
</dd>
<dd>
- Reported to security team: 25th June 2003<br/>
- Issue public: 9th July 2003<br/></dd>
+ Reported to security team: 25th June 2003<br/>
+ Issue public: 9th July 2003<br/></dd>
<dd>
- Update Released: 9th July 2003<br/></dd>
+ Update Released: 9th July 2003<br/></dd>
<dd>
Affects:
2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
@@ -1237,10 +1237,10 @@ mod_dav, and possibly other vectors.
</p>
</dd>
<dd>
- Reported to security team: 9th April 2003<br/>
- Issue public: 28th May 2003<br/></dd>
+ Reported to security team: 9th April 2003<br/>
+ Issue public: 28th May 2003<br/></dd>
<dd>
- Update Released: 28th May 2003<br/></dd>
+ Update Released: 28th May 2003<br/></dd>
<dd>
Affects:
2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37<p/></dd>
@@ -1257,10 +1257,10 @@ server is used.
</p>
</dd>
<dd>
- Reported to security team: 25th April 2003<br/>
- Issue public: 28th May 2003<br/></dd>
+ Reported to security team: 25th April 2003<br/>
+ Issue public: 28th May 2003<br/></dd>
<dd>
- Update Released: 28th May 2003<br/></dd>
+ Update Released: 28th May 2003<br/></dd>
<dd>
Affects:
2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40<p/></dd>
@@ -1277,9 +1277,9 @@ device names.
</p>
</dd>
<dd>
- Issue public: 31st March 2003<br/></dd>
+ Issue public: 31st March 2003<br/></dd>
<dd>
- Update Released: 28th May 2003<br/></dd>
+ Update Released: 28th May 2003<br/></dd>
<dd>
Affects:
2.0.45, 2.0.44?, 2.0.43?, 2.0.42?, 2.0.40?, 2.0.39?, 2.0.37?, 2.0.36?, 2.0.35?<p/></dd>
@@ -1297,9 +1297,9 @@ to escape sequences.
</p>
</dd>
<dd>
- Issue public: 24th February 2003<br/></dd>
+ Issue public: 24th February 2003<br/></dd>
<dd>
- Update Released: 2nd April 2004<br/></dd>
+ Update Released: 2nd April 2004<br/></dd>
<dd>
Affects:
2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
@@ -1319,9 +1319,9 @@ causes Apache to allocate 80 bytes for e
</p>
</dd>
<dd>
- Issue public: 2nd April 2004<br/></dd>
+ Issue public: 2nd April 2004<br/></dd>
<dd>
- Update Released: 2nd April 2004<br/></dd>
+ Update Released: 2nd April 2004<br/></dd>
<dd>
Affects:
2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
@@ -1339,10 +1339,10 @@ could lead to denial of service attacks
</p>
</dd>
<dd>
- Reported to security team: 4th December 2002<br/>
- Issue public: 20th January 2003<br/></dd>
+ Reported to security team: 4th December 2002<br/>
+ Issue public: 20th January 2003<br/></dd>
<dd>
- Update Released: 20th January 2003<br/></dd>
+ Update Released: 20th January 2003<br/></dd>
<dd>
Affects:
2.0.43, 2.0.42?, 2.0.40?, 2.0.39?, 2.0.37?, 2.0.36?, 2.0.35?<p/></dd>
@@ -1358,10 +1358,10 @@ by appending illegal characters such as
</p>
</dd>
<dd>
- Reported to security team: 15th November 2002<br/>
- Issue public: 20th January 2003<br/></dd>
+ Reported to security team: 15th November 2002<br/>
+ Issue public: 20th January 2003<br/></dd>
<dd>
- Update Released: 20th January 2003<br/></dd>
+ Update Released: 20th January 2003<br/></dd>
<dd>
Affects:
2.0.43, 2.0.42?, 2.0.40?, 2.0.39?, 2.0.37?, 2.0.36?, 2.0.35?<p/></dd>
@@ -1380,10 +1380,10 @@ allows remote attackers to execute scrip
via the Host: header.</p>
</dd>
<dd>
- Reported to security team: 20th September 2002<br/>
- Issue public: 2nd October 2002<br/></dd>
+ Reported to security team: 20th September 2002<br/>
+ Issue public: 2nd October 2002<br/></dd>
<dd>
- Update Released: 3rd October 2002<br/></dd>
+ Update Released: 3rd October 2002<br/></dd>
<dd>
Affects:
2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
@@ -1399,7 +1399,7 @@ a remote user. </p>
</dd>
<dd/>
<dd>
- Update Released: 3rd October 2002<br/></dd>
+ Update Released: 3rd October 2002<br/></dd>
<dd>
Affects:
2.0.42<p/></dd>
@@ -1419,9 +1419,9 @@ in a denial of service where a threaded
</p>
</dd>
<dd>
- Issue public: 19th September 2002<br/></dd>
+ Issue public: 19th September 2002<br/></dd>
<dd>
- Update Released: 24th September 2002<br/></dd>
+ Update Released: 24th September 2002<br/></dd>
<dd>
Affects:
2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
@@ -1439,10 +1439,10 @@ configuration. Affects Windows, OS2, Ne
only.</p>
</dd>
<dd>
- Reported to security team: 7th August 2002<br/>
- Issue public: 9th August 2002<br/></dd>
+ Reported to security team: 7th August 2002<br/>
+ Issue public: 9th August 2002<br/></dd>
<dd>
- Update Released: 9th August 2002<br/></dd>
+ Update Released: 9th August 2002<br/></dd>
<dd>
Affects:
2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
@@ -1462,10 +1462,10 @@ child process /path-to-script/script.pl"
of the script.</p>
</dd>
<dd>
- Reported to security team: 5th July 2002<br/>
- Issue public: 9th August 2002<br/></dd>
+ Reported to security team: 5th July 2002<br/>
+ Issue public: 9th August 2002<br/></dd>
<dd>
- Update Released: 9th August 2002<br/></dd>
+ Update Released: 9th August 2002<br/></dd>
<dd>
Affects:
2.0.39, 2.0.37?, 2.0.36?, 2.0.35?<p/></dd>
@@ -1483,10 +1483,10 @@ system resources through to denial of se
cases the ability to execute arbitrary remote code.</p>
</dd>
<dd>
- Reported to security team: 27th May 2002<br/>
- Issue public: 17th June 2002<br/></dd>
+ Reported to security team: 27th May 2002<br/>
+ Issue public: 17th June 2002<br/></dd>
<dd>
- Update Released: 18th June 2002<br/></dd>
+ Update Released: 18th June 2002<br/></dd>
<dd>
Affects:
2.0.36, 2.0.35<p/></dd>
@@ -1505,9 +1505,9 @@ path to a CGI script for example, a mino
</p>
</dd>
<dd>
- Issue public: 22nd April 2002<br/></dd>
+ Issue public: 22nd April 2002<br/></dd>
<dd>
- Update Released: 8th May 2002<br/></dd>
+ Update Released: 8th May 2002<br/></dd>
<dd>
Affects:
2.0.35<p/></dd>
Modified: websites/staging/httpd/trunk/content/security/vulnerabilities_22.html
==============================================================================
--- websites/staging/httpd/trunk/content/security/vulnerabilities_22.html (original)
+++ websites/staging/httpd/trunk/content/security/vulnerabilities_22.html Sat Jul 21 21:24:36 2012
@@ -103,10 +103,10 @@ This issue was reported by halfdog
</p>
</dd>
<dd>
- Reported to security team: 4th October 2011<br/>
- Issue public: 2nd November 2011<br/></dd>
+ Reported to security team: 4th October 2011<br/>
+ Issue public: 2nd November 2011<br/></dd>
<dd>
- Update Released: 31st January 2012<br/></dd>
+ Update Released: 31st January 2012<br/></dd>
<dd>
Affects:
2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
@@ -123,10 +123,10 @@ This crash would only be a denial of ser
</p>
</dd>
<dd>
- Reported to security team: 30th December 2011<br/>
- Issue public: 28th November 2011<br/></dd>
+ Reported to security team: 30th December 2011<br/>
+ Issue public: 28th November 2011<br/></dd>
<dd>
- Update Released: 31st January 2012<br/></dd>
+ Update Released: 31st January 2012<br/></dd>
<dd>
Affects:
2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17<p/></dd>
@@ -148,10 +148,10 @@ This issue was reported by halfdog
</p>
</dd>
<dd>
- Reported to security team: 30th December 2011<br/>
- Issue public: 11th January 2012<br/></dd>
+ Reported to security team: 30th December 2011<br/>
+ Issue public: 11th January 2012<br/></dd>
<dd>
- Update Released: 31st January 2012<br/></dd>
+ Update Released: 31st January 2012<br/></dd>
<dd>
Affects:
2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
@@ -176,10 +176,10 @@ This issue was reported by Prutha Parikh
</p>
</dd>
<dd>
- Reported to security team: 20th October 2011<br/>
- Issue public: 22nd January 2012<br/></dd>
+ Reported to security team: 20th October 2011<br/>
+ Issue public: 22nd January 2012<br/></dd>
<dd>
- Update Released: 31st January 2012<br/></dd>
+ Update Released: 31st January 2012<br/></dd>
<dd>
Affects:
2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
@@ -201,10 +201,10 @@ This issue was reported by Norman Hipper
</p>
</dd>
<dd>
- Reported to security team: 15th January 2012<br/>
- Issue public: 23rd January 2012<br/></dd>
+ Reported to security team: 15th January 2012<br/>
+ Issue public: 23rd January 2012<br/></dd>
<dd>
- Update Released: 31st January 2012<br/></dd>
+ Update Released: 31st January 2012<br/></dd>
<dd>
Affects:
2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
@@ -228,10 +228,10 @@ This issue was reported by Context Infor
</p>
</dd>
<dd>
- Reported to security team: 16th September 2011<br/>
- Issue public: 5th October 2011<br/></dd>
+ Reported to security team: 16th September 2011<br/>
+ Issue public: 5th October 2011<br/></dd>
<dd>
- Update Released: 31st January 2012<br/></dd>
+ Update Released: 31st January 2012<br/></dd>
<dd>
Affects:
2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
@@ -251,10 +251,10 @@ into an error state until the retry time
This could lead to a temporary denial of service.</p>
</dd>
<dd>
- Reported to security team: 7th September 2011<br/>
- Issue public: 14th September 2011<br/></dd>
+ Reported to security team: 7th September 2011<br/>
+ Issue public: 14th September 2011<br/></dd>
<dd>
- Update Released: 14th September 2011<br/></dd>
+ Update Released: 14th September 2011<br/></dd>
<dd>
Affects:
2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12<p/></dd>
@@ -277,9 +277,9 @@ Advisory: <a href="CVE-2011-3192.txt">CV
</p>
</dd>
<dd>
- Issue public: 20th August 2011<br/></dd>
+ Issue public: 20th August 2011<br/></dd>
<dd>
- Update Released: 30th August 2011<br/></dd>
+ Update Released: 30th August 2011<br/></dd>
<dd>
Affects:
2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
@@ -314,10 +314,10 @@ This issue was reported by Maksymilian A
</p>
</dd>
<dd>
- Reported to security team: 2nd March 2011<br/>
- Issue public: 10th May 2011<br/></dd>
+ Reported to security team: 2nd March 2011<br/>
+ Issue public: 10th May 2011<br/></dd>
<dd>
- Update Released: 21st May 2011<br/></dd>
+ Update Released: 21st May 2011<br/></dd>
<dd>
Affects:
2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
@@ -338,10 +338,10 @@ be a denial of service if using the work
</p>
</dd>
<dd>
- Reported to security team: 21st August 2009<br/>
- Issue public: 17th January 2009<br/></dd>
+ Reported to security team: 21st August 2009<br/>
+ Issue public: 17th January 2009<br/></dd>
<dd>
- Update Released: 19th October 2010<br/></dd>
+ Update Released: 19th October 2010<br/></dd>
<dd>
Affects:
2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
@@ -360,9 +360,9 @@ be a denial of service if using the work
</p>
</dd>
<dd>
- Issue public: 2nd December 2009<br/></dd>
+ Issue public: 2nd December 2009<br/></dd>
<dd>
- Update Released: 19th October 2010<br/></dd>
+ Update Released: 19th October 2010<br/></dd>
<dd>
Affects:
2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
@@ -381,10 +381,10 @@ service.
</p>
</dd>
<dd>
- Reported to security team: 3rd March 2010<br/>
- Issue public: 1st October 2010<br/></dd>
+ Reported to security team: 3rd March 2010<br/>
+ Issue public: 1st October 2010<br/></dd>
<dd>
- Update Released: 19th October 2010<br/></dd>
+ Update Released: 19th October 2010<br/></dd>
<dd>
Affects:
2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
@@ -422,9 +422,9 @@ reporting of this issue.
</p>
</dd>
<dd>
- Issue public: 9th June 2010<br/></dd>
+ Issue public: 9th June 2010<br/></dd>
<dd>
- Update Released: 25th July 2010<br/></dd>
+ Update Released: 25th July 2010<br/></dd>
<dd>
Affects:
2.3.5-alpha, 2.3.4-alpha, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9<p/></dd>
@@ -451,10 +451,10 @@ This issue was reported by Mark Drayton.
</p>
</dd>
<dd>
- Reported to security team: 4th May 2010<br/>
- Issue public: 25th July 2010<br/></dd>
+ Reported to security team: 4th May 2010<br/>
+ Issue public: 25th July 2010<br/></dd>
<dd>
- Update Released: 25th July 2010<br/></dd>
+ Update Released: 25th July 2010<br/></dd>
<dd>
Affects:
2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
@@ -482,10 +482,10 @@ proposing a patch fix for this issue.
</p>
</dd>
<dd>
- Reported to security team: 9th February 2010<br/>
- Issue public: 2nd March 2010<br/></dd>
+ Reported to security team: 9th February 2010<br/>
+ Issue public: 2nd March 2010<br/></dd>
<dd>
- Update Released: 5th March 2010<br/></dd>
+ Update Released: 5th March 2010<br/></dd>
<dd>
Affects:
2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
@@ -515,9 +515,9 @@ fix for this issue.
</p>
</dd>
<dd>
- Issue public: 9th December 2009<br/></dd>
+ Issue public: 9th December 2009<br/></dd>
<dd>
- Update Released: 5th March 2010<br/></dd>
+ Update Released: 5th March 2010<br/></dd>
<dd>
Affects:
2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
@@ -541,10 +541,10 @@ proposing a patch fix for this issue.
</p>
</dd>
<dd>
- Reported to security team: 2nd February 2010<br/>
- Issue public: 2nd March 2010<br/></dd>
+ Reported to security team: 2nd February 2010<br/>
+ Issue public: 2nd March 2010<br/></dd>
<dd>
- Update Released: 5th March 2010<br/></dd>
+ Update Released: 5th March 2010<br/></dd>
<dd>
Affects:
2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
@@ -565,10 +565,10 @@ service.
</p>
</dd>
<dd>
- Reported to security team: 4th September 2009<br/>
- Issue public: 2nd August 2009<br/></dd>
+ Reported to security team: 4th September 2009<br/>
+ Issue public: 2nd August 2009<br/></dd>
<dd>
- Update Released: 5th October 2009<br/></dd>
+ Update Released: 5th October 2009<br/></dd>
<dd>
Affects:
2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
@@ -587,10 +587,10 @@ to the FTP server.
</p>
</dd>
<dd>
- Reported to security team: 3rd September 2009<br/>
- Issue public: 3rd August 2009<br/></dd>
+ Reported to security team: 3rd September 2009<br/>
+ Issue public: 3rd August 2009<br/></dd>
<dd>
- Update Released: 5th October 2009<br/></dd>
+ Update Released: 5th October 2009<br/></dd>
<dd>
Affects:
2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
@@ -607,10 +607,10 @@ event MPMs, resulting in a denial of ser
</p>
</dd>
<dd>
- Reported to security team: 5th August 2009<br/>
- Issue public: 23rd September 2009<br/></dd>
+ Reported to security team: 5th August 2009<br/>
+ Issue public: 23rd September 2009<br/></dd>
<dd>
- Update Released: 5th October 2009<br/></dd>
+ Update Released: 5th October 2009<br/></dd>
<dd>
Affects:
2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
@@ -632,10 +632,10 @@ in a vulnerable way.
</p>
</dd>
<dd>
- Reported to security team: 27th July 2009<br/>
- Issue public: 4th August 2009<br/></dd>
+ Reported to security team: 27th July 2009<br/>
+ Issue public: 4th August 2009<br/></dd>
<dd>
- Update Released: 9th August 2009<br/></dd>
+ Update Released: 9th August 2009<br/></dd>
<dd>
Affects:
2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
@@ -654,10 +654,10 @@ force a proxy process to consume large a
</p>
</dd>
<dd>
- Reported to security team: 30th June 2009<br/>
- Issue public: 2nd July 2009<br/></dd>
+ Reported to security team: 30th June 2009<br/>
+ Issue public: 2nd July 2009<br/></dd>
<dd>
- Update Released: 27th July 2009<br/></dd>
+ Update Released: 27th July 2009<br/></dd>
<dd>
Affects:
2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
@@ -675,10 +675,10 @@ could return a response intended for ano
</p>
</dd>
<dd>
- Reported to security team: 5th March 2009<br/>
- Issue public: 21st April 2009<br/></dd>
+ Reported to security team: 5th March 2009<br/>
+ Issue public: 21st April 2009<br/></dd>
<dd>
- Update Released: 27th July 2009<br/></dd>
+ Update Released: 27th July 2009<br/></dd>
<dd>
Affects:
2.2.11<p/></dd>
@@ -697,9 +697,9 @@ to consume large amounts of CPU if mod_d
file.</p>
</dd>
<dd>
- Issue public: 26th June 2009<br/></dd>
+ Issue public: 26th June 2009<br/></dd>
<dd>
- Update Released: 27th July 2009<br/></dd>
+ Update Released: 27th July 2009<br/></dd>
<dd>
Affects:
2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
@@ -717,10 +717,10 @@ from executing commands from a Server-Si
</p>
</dd>
<dd>
- Reported to security team: 9th March 2009<br/>
- Issue public: 22nd April 2009<br/></dd>
+ Reported to security team: 9th March 2009<br/>
+ Issue public: 22nd April 2009<br/></dd>
<dd>
- Update Released: 27th July 2009<br/></dd>
+ Update Released: 27th July 2009<br/></dd>
<dd>
Affects:
2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
@@ -740,9 +740,9 @@ or a denial of service.
</p>
</dd>
<dd>
- Issue public: 24th April 2009<br/></dd>
+ Issue public: 24th April 2009<br/></dd>
<dd>
- Update Released: 72th 2009<br/></dd>
+ Update Released: 72th  2009<br/></dd>
<dd>
Affects:
2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
@@ -761,9 +761,9 @@ engine.
</p>
</dd>
<dd>
- Issue public: 1st June 2009<br/></dd>
+ Issue public: 1st June 2009<br/></dd>
<dd>
- Update Released: 27th July 2009<br/></dd>
+ Update Released: 27th July 2009<br/></dd>
<dd>
Affects:
2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
@@ -782,9 +782,9 @@ processed by the pattern preparation eng
</p>
</dd>
<dd>
- Issue public: 1st June 2009<br/></dd>
+ Issue public: 1st June 2009<br/></dd>
<dd>
- Update Released: 27th July 2009<br/></dd>
+ Update Released: 27th July 2009<br/></dd>
<dd>
Affects:
2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
@@ -807,9 +807,9 @@ globally configure:</p>
<p>SetEnv proxy-nokeepalive 1</p>
</dd>
<dd>
- Issue public: 23rd July 2010<br/></dd>
+ Issue public: 23rd July 2010<br/></dd>
<dd>
- Update Released: 31st October 2008<br/></dd>
+ Update Released: 31st October 2008<br/></dd>
<dd>
Affects:
2.2.9<p/></dd>
@@ -826,10 +826,10 @@ FTP-over-HTTP, requests containing globb
to cross-site scripting (XSS) attacks.</p>
</dd>
<dd>
- Reported to security team: 28th July 2008<br/>
- Issue public: 5th August 2008<br/></dd>
+ Reported to security team: 28th July 2008<br/>
+ Issue public: 5th August 2008<br/></dd>
<dd>
- Update Released: 31st October 2008<br/></dd>
+ Update Released: 31st October 2008<br/></dd>
<dd>
Affects:
2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
@@ -847,10 +847,10 @@ vulnerable to cross-site request forgery
</p>
</dd>
<dd>
- Reported to security team: 12th October 2007<br/>
- Issue public: 9th January 2008<br/></dd>
+ Reported to security team: 12th October 2007<br/>
+ Issue public: 9th January 2008<br/></dd>
<dd>
- Update Released: 14th June 2008<br/></dd>
+ Update Released: 14th June 2008<br/></dd>
<dd>
Affects:
2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
@@ -866,10 +866,10 @@ from an origin server when using mod_pro
could cause a denial of service or high memory usage.</p>
</dd>
<dd>
- Reported to security team: 29th May 2008<br/>
- Issue public: 10th June 2008<br/></dd>
+ Reported to security team: 29th May 2008<br/>
+ Issue public: 10th June 2008<br/></dd>
<dd>
- Update Released: 14th June 2008<br/></dd>
+ Update Released: 14th June 2008<br/></dd>
<dd>
Affects:
2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
@@ -890,10 +890,10 @@ RFC 2616.
</p>
</dd>
<dd>
- Reported to security team: 15th December 2007<br/>
- Issue public: 8th January 2008<br/></dd>
+ Reported to security team: 15th December 2007<br/>
+ Issue public: 8th January 2008<br/></dd>
<dd>
- Update Released: 19th January 2008<br/></dd>
+ Update Released: 19th January 2008<br/></dd>
<dd>
Affects:
2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
@@ -911,10 +911,10 @@ request to crash. This could lead to a d
threaded Multi-Processing Module. </p>
</dd>
<dd>
- Reported to security team: 12th December 2007<br/>
- Issue public: 2nd January 2008<br/></dd>
+ Reported to security team: 12th December 2007<br/>
+ Issue public: 2nd January 2008<br/></dd>
<dd>
- Update Released: 19th January 2008<br/></dd>
+ Update Released: 19th January 2008<br/></dd>
<dd>
Affects:
2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
@@ -930,10 +930,10 @@ mod_proxy_balancer is enabled, a cross-s
authorized user is possible. </p>
</dd>
<dd>
- Reported to security team: 12th December 2007<br/>
- Issue public: 2nd January 2008<br/></dd>
+ Reported to security team: 12th December 2007<br/>
+ Issue public: 2nd January 2008<br/></dd>
<dd>
- Update Released: 19th January 2008<br/></dd>
+ Update Released: 19th January 2008<br/></dd>
<dd>
Affects:
2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
@@ -950,10 +950,10 @@ scripting attack is possible.
Note that the server-status page is not enabled by default and it is best practice to not make this publicly available.</p>
</dd>
<dd>
- Reported to security team: 15th December 2007<br/>
- Issue public: 2nd January 2008<br/></dd>
+ Reported to security team: 15th December 2007<br/>
+ Issue public: 2nd January 2008<br/></dd>
<dd>
- Update Released: 19th January 2008<br/></dd>
+ Update Released: 19th January 2008<br/></dd>
<dd>
Affects:
2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
@@ -969,10 +969,10 @@ mod_imagemap is enabled and an imagemap
cross-site scripting attack is possible.</p>
</dd>
<dd>
- Reported to security team: 23rd October 2007<br/>
- Issue public: 11th December 2007<br/></dd>
+ Reported to security team: 23rd October 2007<br/>
+ Issue public: 11th December 2007<br/></dd>
<dd>
- Update Released: 19th January 2008<br/></dd>
+ Update Released: 19th January 2008<br/></dd>
<dd>
Affects:
2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
@@ -994,9 +994,9 @@ malicious site using the proxy. This cou
using a threaded Multi-Processing Module.</p>
</dd>
<dd>
- Issue public: 10th December 2006<br/></dd>
+ Issue public: 10th December 2006<br/></dd>
<dd>
- Update Released: 7th September 2007<br/></dd>
+ Update Released: 7th September 2007<br/></dd>
<dd>
Affects:
2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
@@ -1015,10 +1015,10 @@ page is not enabled by default and it is
this publicly available.</p>
</dd>
<dd>
- Reported to security team: 19th October 2006<br/>
- Issue public: 20th June 2007<br/></dd>
+ Reported to security team: 19th October 2006<br/>
+ Issue public: 20th June 2007<br/></dd>
<dd>
- Update Released: 7th September 2007<br/></dd>
+ Update Released: 7th September 2007<br/></dd>
<dd>
Affects:
2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
@@ -1035,10 +1035,10 @@ manipulate the scoreboard and cause arbi
terminated which could lead to a denial of service.</p>
</dd>
<dd>
- Reported to security team: 15th May 2006<br/>
- Issue public: 19th June 2007<br/></dd>
+ Reported to security team: 15th May 2006<br/>
+ Issue public: 19th June 2007<br/></dd>
<dd>
- Update Released: 7th September 2007<br/></dd>
+ Update Released: 7th September 2007<br/></dd>
<dd>
Affects:
2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
@@ -1055,10 +1055,10 @@ used by remote attackers to obtain poten
</p>
</dd>
<dd>
- Reported to security team: 26th April 2007<br/>
- Issue public: 1st June 2007<br/></dd>
+ Reported to security team: 26th April 2007<br/>
+ Issue public: 1st June 2007<br/></dd>
<dd>
- Update Released: 7th September 2007<br/></dd>
+ Update Released: 7th September 2007<br/></dd>
<dd>
Affects:
2.2.4<p/></dd>
@@ -1075,10 +1075,10 @@ crash. This could lead to a denial of se
Multi-Processing Module.</p>
</dd>
<dd>
- Reported to security team: 2nd May 2007<br/>
- Issue public: 18th June 2007<br/></dd>
+ Reported to security team: 2nd May 2007<br/>
+ Issue public: 18th June 2007<br/></dd>
<dd>
- Update Released: 7th September 2007<br/></dd>
+ Update Released: 7th September 2007<br/></dd>
<dd>
Affects:
2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
@@ -1101,10 +1101,10 @@ processes) or potentially allow arbitrar
</p>
</dd>
<dd>
- Reported to security team: 21st July 2006<br/>
- Issue public: 27th July 2006<br/></dd>
+ Reported to security team: 21st July 2006<br/>
+ Issue public: 27th July 2006<br/></dd>
<dd>
- Update Released: 27th July 2006<br/></dd>
+ Update Released: 27th July 2006<br/></dd>
<dd>
Affects:
2.2.2, 2.2.0<p/></dd>
@@ -1125,10 +1125,10 @@ crash would only be a denial of service
</p>
</dd>
<dd>
- Reported to security team: 5th December 2005<br/>
- Issue public: 12th December 2005<br/></dd>
+ Reported to security team: 5th December 2005<br/>
+ Issue public: 12th December 2005<br/></dd>
<dd>
- Update Released: 1st May 2006<br/></dd>
+ Update Released: 1st May 2006<br/></dd>
<dd>
Affects:
2.2.0<p/></dd>
@@ -1146,10 +1146,10 @@ URL using certain web browsers.
</p>
</dd>
<dd>
- Reported to security team: 1st November 2005<br/>
- Issue public: 12th December 2005<br/></dd>
+ Reported to security team: 1st November 2005<br/>
+ Issue public: 12th December 2005<br/></dd>
<dd>
- Update Released: 1st May 2006<br/></dd>
+ Update Released: 1st May 2006<br/></dd>
<dd>
Affects:
2.2.0<p/></dd>
Modified: websites/staging/httpd/trunk/content/security/vulnerabilities_24.html
==============================================================================
--- websites/staging/httpd/trunk/content/security/vulnerabilities_24.html (original)
+++ websites/staging/httpd/trunk/content/security/vulnerabilities_24.html Sat Jul 21 21:24:36 2012
@@ -99,10 +99,10 @@ administrator runs apachectl from an unt
</p>
</dd>
<dd>
- Reported to security team: 14th February 2012<br/>
- Issue public: 2nd March 2012<br/></dd>
+ Reported to security team: 14th February 2012<br/>
+ Issue public: 2nd March 2012<br/></dd>
<dd>
- Update Released: 17th April 2012<br/></dd>
+ Update Released: 17th April 2012<br/></dd>
<dd>
Affects:
2.4.1<p/></dd>