You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by bu...@apache.org on 2015/07/17 17:01:59 UTC
svn commit: r958699 - in /websites/staging/httpd/trunk/content: ./
security/vulnerabilities-httpd.xml security/vulnerabilities_24.html
Author: buildbot
Date: Fri Jul 17 15:01:58 2015
New Revision: 958699
Log:
Staging update by buildbot for httpd
Modified:
websites/staging/httpd/trunk/content/ (props changed)
websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.xml
websites/staging/httpd/trunk/content/security/vulnerabilities_24.html
Propchange: websites/staging/httpd/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Fri Jul 17 15:01:58 2015
@@ -1 +1 @@
-1691587
+1691588
Modified: websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.xml
==============================================================================
--- websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.xml (original)
+++ websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.xml Fri Jul 17 15:01:58 2015
@@ -80,9 +80,9 @@ This issue was reported by Régis Lero
2.4.x Require lines are used for authorization as well and can
appear in configurations even when no authentication is required and
the request is entirely unrestricted. This could lead to modules
- using this API to allow access when they should otherwise not do so
- (e.g. mod_authz_svn in CVE-2015-3184). API users should use the new
- ap_some_authn_required API added in 2.4.16 instead.
+ using this API to allow access when they should otherwise not do so.
+ API users should use the new ap_some_authn_required API added in
+ 2.4.16 instead.
</p></description>
<affects prod="httpd" version="2.4.12"/>
@@ -97,6 +97,9 @@ This issue was reported by Régis Lero
<affects prod="httpd" version="2.4.2"/>
<affects prod="httpd" version="2.4.1"/>
<affects prod="httpd" version="2.4.0"/>
+<acknowledgements>
+This issue was reported by Ben Reser.
+</acknowledgements>
</issue>
<issue fixed="2.4.12" reported="20141109" public="20141109" released="20150130">
Modified: websites/staging/httpd/trunk/content/security/vulnerabilities_24.html
==============================================================================
--- websites/staging/httpd/trunk/content/security/vulnerabilities_24.html (original)
+++ websites/staging/httpd/trunk/content/security/vulnerabilities_24.html Fri Jul 17 15:01:58 2015
@@ -191,13 +191,18 @@ This issue was reported by Régis Lero
2.4.x Require lines are used for authorization as well and can
appear in configurations even when no authentication is required and
the request is entirely unrestricted. This could lead to modules
- using this API to allow access when they should otherwise not do so
- (e.g. mod_authz_svn in CVE-2015-3184). API users should use the new
- ap_some_authn_required API added in 2.4.16 instead.
+ using this API to allow access when they should otherwise not do so.
+ API users should use the new ap_some_authn_required API added in
+ 2.4.16 instead.
</p>
</dd>
<dd>
+ <p>Acknowledgements:
+This issue was reported by Ben Reser.
+</p>
+ </dd>
+ <dd>
Reported to security team: 5th August 2013<br/>
Issue public: 9th June 2015<br/></dd>
<dd>