svn commit: r429174 - head/security/vuxml
Bernard Spil
brnrd at FreeBSD.org
Thu Dec 22 18:47:10 UTC 2016
Author: brnrd
Date: Thu Dec 22 18:47:08 2016
New Revision: 429174
URL: https://svnweb.freebsd.org/changeset/ports/429174
Log:
security/vuxml: Add severity to recent Apache vulnerabilities
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Thu Dec 22 18:08:45 2016 (r429173)
+++ head/security/vuxml/vuln.xml Thu Dec 22 18:47:08 2016 (r429174)
@@ -400,7 +400,7 @@ Notes:
<p>Apache Software Foundation reports:</p>
<blockquote cite="http://httpd.apache.org/security/vulnerabilities_24.html">
<ul>
- <li>TBD: Apache HTTP Request Parsing Whitespace Defects CVE-2016-8743<br/>
+ <li>Important: Apache HTTP Request Parsing Whitespace Defects CVE-2016-8743<br/>
Apache HTTP Server, prior to release 2.4.25, accepted a broad
pattern of unusual whitespace patterns from the user-agent,
including bare CR, FF, VTAB in parsing the request line and
@@ -459,7 +459,7 @@ Notes:
padding oracle attack.<br/>
</li>
</ul><ul>
- <li>n/a: HTTP/2 CONTINUATION denial of service CVE-2016-8740<br/>
+ <li>low: HTTP/2 CONTINUATION denial of service CVE-2016-8740<br/>
The HTTP/2 protocol implementation (mod_http2) had an incomplete
handling of the LimitRequestFields directive. This allowed an
attacker to inject unlimited request headers into the server,
@@ -488,6 +488,7 @@ Notes:
<dates>
<discovery>2016-12-20</discovery>
<entry>2016-12-21</entry>
+ <modified>2016-12-22</modified>
</dates>
</vuln>
More information about the svn-ports-head
mailing list