You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by bu...@apache.org on 2015/07/17 17:01:59 UTC
svn commit: r958699 - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_24.html

Author: buildbot
Date: Fri Jul 17 15:01:58 2015
New Revision: 958699

Log:
Staging update by buildbot for httpd

Modified:
    websites/staging/httpd/trunk/content/   (props changed)
    websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.xml
    websites/staging/httpd/trunk/content/security/vulnerabilities_24.html

Propchange: websites/staging/httpd/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Fri Jul 17 15:01:58 2015
@@ -1 +1 @@
-1691587
+1691588

Modified: websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.xml
==============================================================================
--- websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.xml (original)
+++ websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.xml Fri Jul 17 15:01:58 2015
@@ -80,9 +80,9 @@ This issue was reported by RÃ©gis Lero
   2.4.x Require lines are used for authorization as well and can
   appear in configurations even when no authentication is required and
   the request is entirely unrestricted.  This could lead to modules
-  using this API to allow access when they should otherwise not do so
-  (e.g. mod_authz_svn in CVE-2015-3184).  API users should use the new
-  ap_some_authn_required API added in 2.4.16 instead.
+  using this API to allow access when they should otherwise not do so.
+  API users should use the new ap_some_authn_required API added in
+  2.4.16 instead.
   
   </p></description>
 <affects prod="httpd" version="2.4.12"/>
@@ -97,6 +97,9 @@ This issue was reported by RÃ©gis Lero
 <affects prod="httpd" version="2.4.2"/>
 <affects prod="httpd" version="2.4.1"/>
 <affects prod="httpd" version="2.4.0"/>
+<acknowledgements>
+This issue was reported by Ben Reser.
+</acknowledgements>
 </issue>
 
 <issue fixed="2.4.12" reported="20141109" public="20141109" released="20150130">

Modified: websites/staging/httpd/trunk/content/security/vulnerabilities_24.html
==============================================================================
--- websites/staging/httpd/trunk/content/security/vulnerabilities_24.html (original)
+++ websites/staging/httpd/trunk/content/security/vulnerabilities_24.html Fri Jul 17 15:01:58 2015
@@ -191,13 +191,18 @@ This issue was reported by RÃ©gis Lero
   2.4.x Require lines are used for authorization as well and can
   appear in configurations even when no authentication is required and
   the request is entirely unrestricted.  This could lead to modules
-  using this API to allow access when they should otherwise not do so
-  (e.g. mod_authz_svn in CVE-2015-3184).  API users should use the new
-  ap_some_authn_required API added in 2.4.16 instead.
+  using this API to allow access when they should otherwise not do so.
+  API users should use the new ap_some_authn_required API added in
+  2.4.16 instead.
   
   </p>
   </dd>
   <dd>
+    <p>Acknowledgements: 
+This issue was reported by Ben Reser.
+</p>
+  </dd>
+  <dd>
   Reported to security team: 5thÂ AugustÂ 2013<br/>
   Issue public: 9thÂ JuneÂ 2015<br/></dd>
   <dd>