You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by mj...@apache.org on 2014/03/18 20:00:37 UTC
svn commit: r1579013 -
/httpd/site/trunk/content/security/vulnerabilities-httpd.xml
Author: mjc
Date: Tue Mar 18 19:00:37 2014
New Revision: 1579013
URL: http://svn.apache.org/r1579013
Log:
Write up 2 fixed vulns
Modified:
httpd/site/trunk/content/security/vulnerabilities-httpd.xml
Modified: httpd/site/trunk/content/security/vulnerabilities-httpd.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/security/vulnerabilities-httpd.xml?rev=1579013&r1=1579012&r2=1579013&view=diff
==============================================================================
--- httpd/site/trunk/content/security/vulnerabilities-httpd.xml (original)
+++ httpd/site/trunk/content/security/vulnerabilities-httpd.xml Tue Mar 18 19:00:37 2014
@@ -1,4 +1,45 @@
-<security updated="20130728">
+<security updated="20140318">
+
+<issue fixed="2.4.9" reported="20140225" public="20140317" released="20140317">
+<cve name="CVE-2014-0098"/>
+<severity level="4">low</severity>
+<title>mod_log_config crash</title>
+<description><p>
+A flaw was found in mod_log_config. A remote attacker could send a
+specific truncated cookie causing a crash. This crash would only be a
+denial of service if using a threaded MPM.
+</p></description>
+<affects prod="httpd" version="2.4.7"/>
+<affects prod="httpd" version="2.4.6"/>
+<affects prod="httpd" version="2.4.4"/>
+<affects prod="httpd" version="2.4.3"/>
+<affects prod="httpd" version="2.4.2"/>
+<affects prod="httpd" version="2.4.1"/>
+<acknowledgements>
+This issue was reported by Rainer M Canavan
+</acknowledgements>
+</issue>
+
+<issue fixed="2.4.9" reported="20131210" public="20140317" released="20140317">
+<cve name="CVE-2013-6438"/>
+<severity level="3">moderate</severity>
+<title>mod_dav crash</title>
+<description><p>
+XML parsing code in mod_dav incorrectly calculates the end of the string when
+removing leading spaces and places a NUL character outside the buffer, causing
+random crashes. This XML parsing code is only used with DAV provider modules
+that support DeltaV, of which the only publicly released provider is mod_dav_svn.
+</p></description>
+<affects prod="httpd" version="2.4.7"/>
+<affects prod="httpd" version="2.4.6"/>
+<affects prod="httpd" version="2.4.4"/>
+<affects prod="httpd" version="2.4.3"/>
+<affects prod="httpd" version="2.4.2"/>
+<affects prod="httpd" version="2.4.1"/>
+<acknowledgements>
+This issue was reported by Ning Zhang & Amin Tora of Neustar
+</acknowledgements>
+</issue>
<issue fixed="2.4.6" reported="20130307" public="20130523" released="20130722">
<cve name="CVE-2013-1896"/>
Re: svn commit: r1579013 - /httpd/site/trunk/content/security/vulnerabilities-httpd.xml
Posted by Ruediger Pluem <rp...@apache.org>.
mjc@apache.org wrote:
> Author: mjc
> Date: Tue Mar 18 19:00:37 2014
> New Revision: 1579013
>
> URL: http://svn.apache.org/r1579013
> Log:
> Write up 2 fixed vulns
>
> Modified:
> httpd/site/trunk/content/security/vulnerabilities-httpd.xml
Both are also affecting 2.2.x.
Regards
RĂ¼diger