You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by bu...@apache.org on 2021/03/30 10:14:14 UTC
svn commit: r1073139 [11/13] - in /websites/staging/httpd/trunk/content: ./
security/json/
Added: websites/staging/httpd/trunk/content/security/json/CVE-2017-7659.json
==============================================================================
--- websites/staging/httpd/trunk/content/security/json/CVE-2017-7659.json (added)
+++ websites/staging/httpd/trunk/content/security/json/CVE-2017-7659.json Tue Mar 30 10:14:12 2021
@@ -0,0 +1,98 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "generator": {
+ "engine": "xmltojsonmjc 1.0"
+ },
+ "references": {},
+ "timeline": [
+ {
+ "time": "2016-11-18",
+ "lang": "eng",
+ "value": "reported"
+ },
+ {
+ "time": "2017-06-19",
+ "lang": "eng",
+ "value": "public"
+ },
+ {
+ "time": "2017-06-19",
+ "lang": "eng",
+ "value": "2.4.26 released"
+ }
+ ],
+ "CNA_private": {
+ "owner": "httpd"
+ },
+ "CVE_data_meta": {
+ "ASSIGNER": "security@apache.org",
+ "AKA": "",
+ "STATE": "PUBLIC",
+ "DATE_PUBLIC": "2017-06-19",
+ "ID": "CVE-2017-7659",
+ "TITLE": "mod_http2 Null Pointer Dereference"
+ },
+ "source": {
+ "defect": [],
+ "advisory": "",
+ "discovery": "UNKNOWN"
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "mod_http2 Null Pointer Dereference"
+ }
+ ]
+ }
+ ]
+ },
+ "credit": [
+ {
+ "lang": "eng",
+ "value": "We would like to thank Robert ÅwiÄcki for reporting this issue."
+ }
+ ],
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "A maliciously constructed HTTP/2 request could cause mod_http2 to dereference a NULL pointer and crash the server process."
+ }
+ ]
+ },
+ "impact": [
+ {
+ "other": "important"
+ }
+ ],
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Apache Software Foundation",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Apache HTTP Server",
+ "version": {
+ "version_data": [
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.25"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+}
\ No newline at end of file
Added: websites/staging/httpd/trunk/content/security/json/CVE-2017-7668.json
==============================================================================
--- websites/staging/httpd/trunk/content/security/json/CVE-2017-7668.json (added)
+++ websites/staging/httpd/trunk/content/security/json/CVE-2017-7668.json Tue Mar 30 10:14:12 2021
@@ -0,0 +1,108 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "generator": {
+ "engine": "xmltojsonmjc 1.0"
+ },
+ "references": {},
+ "timeline": [
+ {
+ "time": "2017-05-06",
+ "lang": "eng",
+ "value": "reported"
+ },
+ {
+ "time": "2017-06-19",
+ "lang": "eng",
+ "value": "public"
+ },
+ {
+ "time": "2017-06-19",
+ "lang": "eng",
+ "value": "2.4.26 released"
+ },
+ {
+ "time": "2017-07-11",
+ "lang": "eng",
+ "value": "2.2.34 released"
+ }
+ ],
+ "CNA_private": {
+ "owner": "httpd"
+ },
+ "CVE_data_meta": {
+ "ASSIGNER": "security@apache.org",
+ "AKA": "",
+ "STATE": "PUBLIC",
+ "DATE_PUBLIC": "2017-06-19",
+ "ID": "CVE-2017-7668",
+ "TITLE": "ap_find_token() Buffer Overread"
+ },
+ "source": {
+ "defect": [],
+ "advisory": "",
+ "discovery": "UNKNOWN"
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "ap_find_token() Buffer Overread"
+ }
+ ]
+ }
+ ]
+ },
+ "credit": [
+ {
+ "lang": "eng",
+ "value": "We would like to thank Javier Jiménez (javijmor@gmail.com) for reporting this issue."
+ }
+ ],
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "The HTTP strict parsing changes added in 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value."
+ }
+ ]
+ },
+ "impact": [
+ {
+ "other": "important"
+ }
+ ],
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Apache Software Foundation",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Apache HTTP Server",
+ "version": {
+ "version_data": [
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.25"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.32"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+}
\ No newline at end of file
Added: websites/staging/httpd/trunk/content/security/json/CVE-2017-7679.json
==============================================================================
--- websites/staging/httpd/trunk/content/security/json/CVE-2017-7679.json (added)
+++ websites/staging/httpd/trunk/content/security/json/CVE-2017-7679.json Tue Mar 30 10:14:12 2021
@@ -0,0 +1,318 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "generator": {
+ "engine": "xmltojsonmjc 1.0"
+ },
+ "references": {},
+ "timeline": [
+ {
+ "time": "2015-11-15",
+ "lang": "eng",
+ "value": "reported"
+ },
+ {
+ "time": "2017-06-19",
+ "lang": "eng",
+ "value": "public"
+ },
+ {
+ "time": "2017-06-19",
+ "lang": "eng",
+ "value": "2.4.26 released"
+ },
+ {
+ "time": "2017-07-11",
+ "lang": "eng",
+ "value": "2.2.34 released"
+ }
+ ],
+ "CNA_private": {
+ "owner": "httpd"
+ },
+ "CVE_data_meta": {
+ "ASSIGNER": "security@apache.org",
+ "AKA": "",
+ "STATE": "PUBLIC",
+ "DATE_PUBLIC": "2017-06-19",
+ "ID": "CVE-2017-7679",
+ "TITLE": "mod_mime Buffer Overread"
+ },
+ "source": {
+ "defect": [],
+ "advisory": "",
+ "discovery": "UNKNOWN"
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "mod_mime Buffer Overread"
+ }
+ ]
+ }
+ ]
+ },
+ "credit": [
+ {
+ "lang": "eng",
+ "value": "We would like to thank ChenQin and Hanno Böck for reporting this issue."
+ }
+ ],
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header."
+ }
+ ]
+ },
+ "impact": [
+ {
+ "other": "important"
+ }
+ ],
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Apache Software Foundation",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Apache HTTP Server",
+ "version": {
+ "version_data": [
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.25"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.23"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.20"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.18"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.17"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.16"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.12"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.10"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.9"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.7"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.6"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.4"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.3"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.2"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.1"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.32"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.31"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.29"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.27"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.26"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.25"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.24"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.23"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.22"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.21"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.20"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.19"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.18"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.17"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.16"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.15"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.14"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.13"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.12"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.11"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.10"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.9"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.8"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.6"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.5"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.4"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.3"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.2"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+}
\ No newline at end of file
Added: websites/staging/httpd/trunk/content/security/json/CVE-2017-9788.json
==============================================================================
--- websites/staging/httpd/trunk/content/security/json/CVE-2017-9788.json (added)
+++ websites/staging/httpd/trunk/content/security/json/CVE-2017-9788.json Tue Mar 30 10:14:12 2021
@@ -0,0 +1,323 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "generator": {
+ "engine": "xmltojsonmjc 1.0"
+ },
+ "references": {},
+ "timeline": [
+ {
+ "time": "2017-06-28",
+ "lang": "eng",
+ "value": "reported"
+ },
+ {
+ "time": "2017-07-11",
+ "lang": "eng",
+ "value": "public"
+ },
+ {
+ "time": "2017-07-11",
+ "lang": "eng",
+ "value": "2.4.27 released"
+ },
+ {
+ "time": "2017-07-11",
+ "lang": "eng",
+ "value": "2.2.34 released"
+ }
+ ],
+ "CNA_private": {
+ "owner": "httpd"
+ },
+ "CVE_data_meta": {
+ "ASSIGNER": "security@apache.org",
+ "AKA": "",
+ "STATE": "PUBLIC",
+ "DATE_PUBLIC": "2017-07-11",
+ "ID": "CVE-2017-9788",
+ "TITLE": "Uninitialized memory reflection in mod_auth_digest"
+ },
+ "source": {
+ "defect": [],
+ "advisory": "",
+ "discovery": "UNKNOWN"
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Uninitialized memory reflection in mod_auth_digest"
+ }
+ ]
+ }
+ ]
+ },
+ "credit": [
+ {
+ "lang": "eng",
+ "value": "We would like to thank Robert ÅwiÄcki for reporting this issue."
+ }
+ ],
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "The value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments. by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault."
+ }
+ ]
+ },
+ "impact": [
+ {
+ "other": "important"
+ }
+ ],
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Apache Software Foundation",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Apache HTTP Server",
+ "version": {
+ "version_data": [
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.26"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.25"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.23"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.20"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.18"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.17"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.16"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.12"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.10"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.9"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.7"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.6"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.4"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.3"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.2"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.1"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.32"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.31"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.29"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.27"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.26"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.25"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.24"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.23"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.22"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.21"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.20"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.19"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.18"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.17"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.16"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.15"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.14"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.13"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.12"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.11"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.10"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.9"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.8"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.6"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.5"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.4"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.3"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.2"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+}
\ No newline at end of file
Added: websites/staging/httpd/trunk/content/security/json/CVE-2017-9789.json
==============================================================================
--- websites/staging/httpd/trunk/content/security/json/CVE-2017-9789.json (added)
+++ websites/staging/httpd/trunk/content/security/json/CVE-2017-9789.json Tue Mar 30 10:14:12 2021
@@ -0,0 +1,98 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "generator": {
+ "engine": "xmltojsonmjc 1.0"
+ },
+ "references": {},
+ "timeline": [
+ {
+ "time": "2017-06-30",
+ "lang": "eng",
+ "value": "reported"
+ },
+ {
+ "time": "2017-07-11",
+ "lang": "eng",
+ "value": "public"
+ },
+ {
+ "time": "2017-07-11",
+ "lang": "eng",
+ "value": "2.4.27 released"
+ }
+ ],
+ "CNA_private": {
+ "owner": "httpd"
+ },
+ "CVE_data_meta": {
+ "ASSIGNER": "security@apache.org",
+ "AKA": "",
+ "STATE": "PUBLIC",
+ "DATE_PUBLIC": "2017-07-11",
+ "ID": "CVE-2017-9789",
+ "TITLE": "Read after free in mod_http2"
+ },
+ "source": {
+ "defect": [],
+ "advisory": "",
+ "discovery": "UNKNOWN"
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Read after free in mod_http2"
+ }
+ ]
+ }
+ ]
+ },
+ "credit": [
+ {
+ "lang": "eng",
+ "value": "We would like to thank Robert ÅwiÄcki for reporting this issue."
+ }
+ ],
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "When under stress, closing many connections, the HTTP/2 handling code would sometimes access memory after it has been freed, resulting in potentially erratic behaviour."
+ }
+ ]
+ },
+ "impact": [
+ {
+ "other": "important"
+ }
+ ],
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Apache Software Foundation",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Apache HTTP Server",
+ "version": {
+ "version_data": [
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.26"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+}
\ No newline at end of file
Added: websites/staging/httpd/trunk/content/security/json/CVE-2017-9798.json
==============================================================================
--- websites/staging/httpd/trunk/content/security/json/CVE-2017-9798.json (added)
+++ websites/staging/httpd/trunk/content/security/json/CVE-2017-9798.json Tue Mar 30 10:14:12 2021
@@ -0,0 +1,333 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "generator": {
+ "engine": "xmltojsonmjc 1.0"
+ },
+ "references": {},
+ "timeline": [
+ {
+ "time": "2017-07-12",
+ "lang": "eng",
+ "value": "reported"
+ },
+ {
+ "time": "2017-09-18",
+ "lang": "eng",
+ "value": "public"
+ },
+ {
+ "time": "2017-10-05",
+ "lang": "eng",
+ "value": "2.4.28 released"
+ },
+ {
+ "time": "--",
+ "lang": "eng",
+ "value": "2.2.35-never released"
+ }
+ ],
+ "CNA_private": {
+ "owner": "httpd"
+ },
+ "CVE_data_meta": {
+ "ASSIGNER": "security@apache.org",
+ "AKA": "",
+ "STATE": "PUBLIC",
+ "DATE_PUBLIC": "2017-09-18",
+ "ID": "CVE-2017-9798",
+ "TITLE": "Use-after-free when using <Limit > with an unrecognized method in .htaccess (\"OptionsBleed\")"
+ },
+ "source": {
+ "defect": [],
+ "advisory": "",
+ "discovery": "UNKNOWN"
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Use-after-free when using <Limit > with an unrecognized method in .htaccess (\"OptionsBleed\")"
+ }
+ ]
+ }
+ ]
+ },
+ "credit": [
+ {
+ "lang": "eng",
+ "value": "We would like to thank Hanno Böck for reporting this issue."
+ }
+ ],
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "When an unrecognized HTTP Method is given in an <Limit {method}> directive in an .htaccess file, and that .htaccess file is processed by the corresponding request, the global methods table is corrupted in the current worker process, resulting in erratic behaviour. This behavior may be avoided by listing all unusual HTTP Methods in a global httpd.conf RegisterHttpMethod directive in httpd release 2.4.25 and later. To permit other .htaccess directives while denying the <Limit > directive, see the AllowOverrideList directive. Source code patch (2.4) is at; CVE-2017-9798-patch-2.4.patch Source code patch (2.2) is at; CVE-2017-9798-patch-2.2.patch Note 2.2 is end-of-life, no further release with this fix is planned. Users are encouraged to migrate to 2.4.28 or later for this and other fixes."
+ }
+ ]
+ },
+ "impact": [
+ {
+ "other": "low"
+ }
+ ],
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Apache Software Foundation",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Apache HTTP Server",
+ "version": {
+ "version_data": [
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.27"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.26"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.25"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.23"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.20"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.18"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.17"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.16"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.12"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.10"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.9"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.7"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.6"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.4"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.3"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.2"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.1"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.34"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.32"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.31"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.29"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.27"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.26"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.25"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.24"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.23"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.22"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.21"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.20"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.19"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.18"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.17"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.16"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.15"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.14"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.13"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.12"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.11"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.10"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.9"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.8"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.6"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.5"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.4"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.3"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.2"
+ },
+ {
+ "version_name": "2.2",
+ "version_affected": "=",
+ "version_value": "2.2.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+}
\ No newline at end of file
Added: websites/staging/httpd/trunk/content/security/json/CVE-2018-11763.json
==============================================================================
--- websites/staging/httpd/trunk/content/security/json/CVE-2018-11763.json (added)
+++ websites/staging/httpd/trunk/content/security/json/CVE-2018-11763.json Tue Mar 30 10:14:12 2021
@@ -0,0 +1,148 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "generator": {
+ "engine": "xmltojsonmjc 1.0"
+ },
+ "references": {},
+ "timeline": [
+ {
+ "time": "2018-07-18",
+ "lang": "eng",
+ "value": "reported"
+ },
+ {
+ "time": "2018-09-25",
+ "lang": "eng",
+ "value": "public"
+ },
+ {
+ "time": "2018-09-29",
+ "lang": "eng",
+ "value": "2.4.35 released"
+ }
+ ],
+ "CNA_private": {
+ "owner": "httpd"
+ },
+ "CVE_data_meta": {
+ "ASSIGNER": "security@apache.org",
+ "AKA": "",
+ "STATE": "PUBLIC",
+ "DATE_PUBLIC": "2018-09-25",
+ "ID": "CVE-2018-11763",
+ "TITLE": "DoS for HTTP/2 connections by continuous SETTINGS"
+ },
+ "source": {
+ "defect": [],
+ "advisory": "",
+ "discovery": "UNKNOWN"
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "DoS for HTTP/2 connections by continuous SETTINGS"
+ }
+ ]
+ }
+ ]
+ },
+ "credit": [
+ {
+ "lang": "eng",
+ "value": "The issue was discovered by Gal Goldshtein of F5 Networks."
+ }
+ ],
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "By sending continous SETTINGS frames of maximum size an ongoing HTTP/2 connection could be kept busy and would never time out. This can be abused for a DoS on the server. This only affect a server that has enabled the h2 protocol."
+ }
+ ]
+ },
+ "impact": [
+ {
+ "other": "low"
+ }
+ ],
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Apache Software Foundation",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Apache HTTP Server",
+ "version": {
+ "version_data": [
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.34"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.33"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.30"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.29"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.28"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.27"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.26"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.25"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.23"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.20"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.18"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+}
\ No newline at end of file
Added: websites/staging/httpd/trunk/content/security/json/CVE-2018-1283.json
==============================================================================
--- websites/staging/httpd/trunk/content/security/json/CVE-2018-1283.json (added)
+++ websites/staging/httpd/trunk/content/security/json/CVE-2018-1283.json Tue Mar 30 10:14:12 2021
@@ -0,0 +1,188 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "generator": {
+ "engine": "xmltojsonmjc 1.0"
+ },
+ "references": {},
+ "timeline": [
+ {
+ "time": "2017-11-14",
+ "lang": "eng",
+ "value": "reported"
+ },
+ {
+ "time": "2018-03-21",
+ "lang": "eng",
+ "value": "public"
+ },
+ {
+ "time": "2018-03-21",
+ "lang": "eng",
+ "value": "2.4.33 released"
+ }
+ ],
+ "CNA_private": {
+ "owner": "httpd"
+ },
+ "CVE_data_meta": {
+ "ASSIGNER": "security@apache.org",
+ "AKA": "",
+ "STATE": "PUBLIC",
+ "DATE_PUBLIC": "2018-03-21",
+ "ID": "CVE-2018-1283",
+ "TITLE": "Tampering of mod_session data for CGI applications"
+ },
+ "source": {
+ "defect": [],
+ "advisory": "",
+ "discovery": "UNKNOWN"
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Tampering of mod_session data for CGI applications"
+ }
+ ]
+ }
+ ]
+ },
+ "credit": [
+ {
+ "lang": "eng",
+ "value": "The issue was discovered internally by the Apache HTTP Server team."
+ }
+ ],
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "When mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a \"Session\" header. This comes from the \"HTTP_SESSION\" variable name used by mod_session to forward its data to CGIs, since the prefix \"HTTP_\" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications. The severity is set to Moderate because \"SessionEnv on\" is not a default nor common configuration, it should be considered more severe when this is the case though, because of the possible remote exploitation."
+ }
+ ]
+ },
+ "impact": [
+ {
+ "other": "moderate"
+ }
+ ],
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Apache Software Foundation",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Apache HTTP Server",
+ "version": {
+ "version_data": [
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.29"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.28"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.27"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.26"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.25"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.23"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.20"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.18"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.17"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.16"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.12"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.10"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.9"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.7"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.6"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.4"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.3"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.2"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.1"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+}
\ No newline at end of file
Added: websites/staging/httpd/trunk/content/security/json/CVE-2018-1301.json
==============================================================================
--- websites/staging/httpd/trunk/content/security/json/CVE-2018-1301.json (added)
+++ websites/staging/httpd/trunk/content/security/json/CVE-2018-1301.json Tue Mar 30 10:14:12 2021
@@ -0,0 +1,188 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "generator": {
+ "engine": "xmltojsonmjc 1.0"
+ },
+ "references": {},
+ "timeline": [
+ {
+ "time": "2018-01-23",
+ "lang": "eng",
+ "value": "reported"
+ },
+ {
+ "time": "2018-03-21",
+ "lang": "eng",
+ "value": "public"
+ },
+ {
+ "time": "2018-03-21",
+ "lang": "eng",
+ "value": "2.4.33 released"
+ }
+ ],
+ "CNA_private": {
+ "owner": "httpd"
+ },
+ "CVE_data_meta": {
+ "ASSIGNER": "security@apache.org",
+ "AKA": "",
+ "STATE": "PUBLIC",
+ "DATE_PUBLIC": "2018-03-21",
+ "ID": "CVE-2018-1301",
+ "TITLE": "Possible out of bound access after failure in reading the HTTP request"
+ },
+ "source": {
+ "defect": [],
+ "advisory": "",
+ "discovery": "UNKNOWN"
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Possible out of bound access after failure in reading the HTTP request"
+ }
+ ]
+ }
+ ]
+ },
+ "credit": [
+ {
+ "lang": "eng",
+ "value": "The issue was discovered by Robert Swiecki, bug found by honggfuzz."
+ }
+ ],
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.33, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage."
+ }
+ ]
+ },
+ "impact": [
+ {
+ "other": "low"
+ }
+ ],
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Apache Software Foundation",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Apache HTTP Server",
+ "version": {
+ "version_data": [
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.29"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.28"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.27"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.26"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.25"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.23"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.20"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.18"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.17"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.16"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.12"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.10"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.9"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.7"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.6"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.4"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.3"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.2"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.1"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+}
\ No newline at end of file
Added: websites/staging/httpd/trunk/content/security/json/CVE-2018-1302.json
==============================================================================
--- websites/staging/httpd/trunk/content/security/json/CVE-2018-1302.json (added)
+++ websites/staging/httpd/trunk/content/security/json/CVE-2018-1302.json Tue Mar 30 10:14:12 2021
@@ -0,0 +1,138 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "generator": {
+ "engine": "xmltojsonmjc 1.0"
+ },
+ "references": {},
+ "timeline": [
+ {
+ "time": "2018-01-23",
+ "lang": "eng",
+ "value": "reported"
+ },
+ {
+ "time": "2018-03-21",
+ "lang": "eng",
+ "value": "public"
+ },
+ {
+ "time": "2018-03-21",
+ "lang": "eng",
+ "value": "2.4.33 released"
+ }
+ ],
+ "CNA_private": {
+ "owner": "httpd"
+ },
+ "CVE_data_meta": {
+ "ASSIGNER": "security@apache.org",
+ "AKA": "",
+ "STATE": "PUBLIC",
+ "DATE_PUBLIC": "2018-03-21",
+ "ID": "CVE-2018-1302",
+ "TITLE": "Possible write of after free on HTTP/2 stream shutdown"
+ },
+ "source": {
+ "defect": [],
+ "advisory": "",
+ "discovery": "UNKNOWN"
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Possible write of after free on HTTP/2 stream shutdown"
+ }
+ ]
+ }
+ ]
+ },
+ "credit": [
+ {
+ "lang": "eng",
+ "value": "The issue was discovered by Robert Swiecki, bug found by honggfuzz."
+ }
+ ],
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.33 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerabilty hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk."
+ }
+ ]
+ },
+ "impact": [
+ {
+ "other": "low"
+ }
+ ],
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Apache Software Foundation",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Apache HTTP Server",
+ "version": {
+ "version_data": [
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.29"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.28"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.27"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.26"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.25"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.23"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.20"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.18"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.17"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+}
\ No newline at end of file
Added: websites/staging/httpd/trunk/content/security/json/CVE-2018-1303.json
==============================================================================
--- websites/staging/httpd/trunk/content/security/json/CVE-2018-1303.json (added)
+++ websites/staging/httpd/trunk/content/security/json/CVE-2018-1303.json Tue Mar 30 10:14:12 2021
@@ -0,0 +1,168 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "generator": {
+ "engine": "xmltojsonmjc 1.0"
+ },
+ "references": {},
+ "timeline": [
+ {
+ "time": "2018-01-23",
+ "lang": "eng",
+ "value": "reported"
+ },
+ {
+ "time": "2018-03-21",
+ "lang": "eng",
+ "value": "public"
+ },
+ {
+ "time": "2018-03-21",
+ "lang": "eng",
+ "value": "2.4.33 released"
+ }
+ ],
+ "CNA_private": {
+ "owner": "httpd"
+ },
+ "CVE_data_meta": {
+ "ASSIGNER": "security@apache.org",
+ "AKA": "",
+ "STATE": "PUBLIC",
+ "DATE_PUBLIC": "2018-03-21",
+ "ID": "CVE-2018-1303",
+ "TITLE": "Possible out of bound read in mod_cache_socache"
+ },
+ "source": {
+ "defect": [],
+ "advisory": "",
+ "discovery": "UNKNOWN"
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Possible out of bound read in mod_cache_socache"
+ }
+ ]
+ }
+ ]
+ },
+ "credit": [
+ {
+ "lang": "eng",
+ "value": "The issue was discovered by Robert Swiecki, bug found by honggfuzz."
+ }
+ ],
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.33 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache."
+ }
+ ]
+ },
+ "impact": [
+ {
+ "other": "low"
+ }
+ ],
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Apache Software Foundation",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Apache HTTP Server",
+ "version": {
+ "version_data": [
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.29"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.28"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.27"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.26"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.25"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.23"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.20"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.18"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.17"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.16"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.12"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.10"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.9"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.7"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.6"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+}
\ No newline at end of file
Added: websites/staging/httpd/trunk/content/security/json/CVE-2018-1312.json
==============================================================================
--- websites/staging/httpd/trunk/content/security/json/CVE-2018-1312.json (added)
+++ websites/staging/httpd/trunk/content/security/json/CVE-2018-1312.json Tue Mar 30 10:14:12 2021
@@ -0,0 +1,188 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "generator": {
+ "engine": "xmltojsonmjc 1.0"
+ },
+ "references": {},
+ "timeline": [
+ {
+ "time": "2013-03-05",
+ "lang": "eng",
+ "value": "reported"
+ },
+ {
+ "time": "2018-03-21",
+ "lang": "eng",
+ "value": "public"
+ },
+ {
+ "time": "2018-03-21",
+ "lang": "eng",
+ "value": "2.4.33 released"
+ }
+ ],
+ "CNA_private": {
+ "owner": "httpd"
+ },
+ "CVE_data_meta": {
+ "ASSIGNER": "security@apache.org",
+ "AKA": "",
+ "STATE": "PUBLIC",
+ "DATE_PUBLIC": "2018-03-21",
+ "ID": "CVE-2018-1312",
+ "TITLE": "Weak Digest auth nonce generation in mod_auth_digest"
+ },
+ "source": {
+ "defect": [],
+ "advisory": "",
+ "discovery": "UNKNOWN"
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Weak Digest auth nonce generation in mod_auth_digest"
+ }
+ ]
+ }
+ ]
+ },
+ "credit": [
+ {
+ "lang": "eng",
+ "value": "The issue was discovered by Nicolas Daniels."
+ }
+ ],
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "When generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection."
+ }
+ ]
+ },
+ "impact": [
+ {
+ "other": "low"
+ }
+ ],
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Apache Software Foundation",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Apache HTTP Server",
+ "version": {
+ "version_data": [
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.29"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.28"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.27"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.26"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.25"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.23"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.20"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.18"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.17"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.16"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.12"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.10"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.9"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.7"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.6"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.4"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.3"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.2"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.1"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+}
\ No newline at end of file
Added: websites/staging/httpd/trunk/content/security/json/CVE-2018-1333.json
==============================================================================
--- websites/staging/httpd/trunk/content/security/json/CVE-2018-1333.json (added)
+++ websites/staging/httpd/trunk/content/security/json/CVE-2018-1333.json Tue Mar 30 10:14:12 2021
@@ -0,0 +1,138 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "generator": {
+ "engine": "xmltojsonmjc 1.0"
+ },
+ "references": {},
+ "timeline": [
+ {
+ "time": "2018-05-08",
+ "lang": "eng",
+ "value": "reported"
+ },
+ {
+ "time": "2018-07-18",
+ "lang": "eng",
+ "value": "public"
+ },
+ {
+ "time": "2018-07-15",
+ "lang": "eng",
+ "value": "2.4.34 released"
+ }
+ ],
+ "CNA_private": {
+ "owner": "httpd"
+ },
+ "CVE_data_meta": {
+ "ASSIGNER": "security@apache.org",
+ "AKA": "",
+ "STATE": "PUBLIC",
+ "DATE_PUBLIC": "2018-07-18",
+ "ID": "CVE-2018-1333",
+ "TITLE": "DoS for HTTP/2 connections by crafted requests"
+ },
+ "source": {
+ "defect": [],
+ "advisory": "",
+ "discovery": "UNKNOWN"
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "DoS for HTTP/2 connections by crafted requests"
+ }
+ ]
+ }
+ ]
+ },
+ "credit": [
+ {
+ "lang": "eng",
+ "value": "The issue was discovered by Craig Young of Tripwire VERT."
+ }
+ ],
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. This issue only affects servers that have configured and enabled HTTP/2 support, which is not the default"
+ }
+ ]
+ },
+ "impact": [
+ {
+ "other": "low"
+ }
+ ],
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Apache Software Foundation",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Apache HTTP Server",
+ "version": {
+ "version_data": [
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.33"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.29"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.28"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.27"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.26"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.25"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.23"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.20"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.18"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+}
\ No newline at end of file
Added: websites/staging/httpd/trunk/content/security/json/CVE-2018-17189.json
==============================================================================
--- websites/staging/httpd/trunk/content/security/json/CVE-2018-17189.json (added)
+++ websites/staging/httpd/trunk/content/security/json/CVE-2018-17189.json Tue Mar 30 10:14:12 2021
@@ -0,0 +1,163 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "generator": {
+ "engine": "xmltojsonmjc 1.0"
+ },
+ "references": {},
+ "timeline": [
+ {
+ "time": "2018-10-16",
+ "lang": "eng",
+ "value": "reported"
+ },
+ {
+ "time": "2019-01-22",
+ "lang": "eng",
+ "value": "public"
+ },
+ {
+ "time": "2019-02-28",
+ "lang": "eng",
+ "value": "2.4.38 released"
+ }
+ ],
+ "CNA_private": {
+ "owner": "httpd"
+ },
+ "CVE_data_meta": {
+ "ASSIGNER": "security@apache.org",
+ "AKA": "",
+ "STATE": "PUBLIC",
+ "DATE_PUBLIC": "2019-01-22",
+ "ID": "CVE-2018-17189",
+ "TITLE": "DoS for HTTP/2 connections via slow request bodies"
+ },
+ "source": {
+ "defect": [],
+ "advisory": "",
+ "discovery": "UNKNOWN"
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "DoS for HTTP/2 connections via slow request bodies"
+ }
+ ]
+ }
+ ]
+ },
+ "credit": [
+ {
+ "lang": "eng",
+ "value": "The issue was discovered by Gal Goldshtein of F5 Networks."
+ }
+ ],
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "By sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol."
+ }
+ ]
+ },
+ "impact": [
+ {
+ "other": "low"
+ }
+ ],
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Apache Software Foundation",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Apache HTTP Server",
+ "version": {
+ "version_data": [
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.37"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.35"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.34"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.33"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.30"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.29"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.28"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.27"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.26"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.25"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.23"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.20"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.18"
+ },
+ {
+ "version_name": "2.4",
+ "version_affected": "=",
+ "version_value": "2.4.17"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+}
\ No newline at end of file