[Secure-testing-commits] r9866 - data/CVE
stef-guest at alioth.debian.org
stef-guest at alioth.debian.org
Mon Sep 22 21:14:24 UTC 2008
Author: stef-guest
Date: 2008-09-22 21:14:23 +0000 (Mon, 22 Sep 2008)
New Revision: 9866
Modified:
data/CVE/list
Log:
mark two apache issues as unimportant
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-09-22 11:13:28 UTC (rev 9865)
+++ data/CVE/list 2008-09-22 21:14:23 UTC (rev 9866)
@@ -8560,21 +8560,13 @@
CVE-2008-0457 (Unrestricted file upload vulnerability in the FileUpload class running ...)
NOT-FOR-US: Symantec LiveState Apache Tomcat server
CVE-2008-0456 (CRLF injection vulnerability in the mod_negotiation module in the ...)
- - apache <unfixed> (low)
- - apache2 <unfixed> (low)
- [etch] - apache <no-dsa> (minor issue)
- [etch] - apache2 <no-dsa> (minor issue)
- [sarge] - apache <no-dsa> (minor issue)
- [sarge] - apache2 <no-dsa> (minor issue)
+ - apache <unfixed> (unimportant)
+ - apache2 <unfixed> (unimportant)
NOTE: This is only relevant if an attacker can upload files with arbitrary names
NOTE: but not with arbitrary contents.
CVE-2008-0455 (Cross-site scripting (XSS) vulnerability in the mod_negotiation module ...)
- - apache <unfixed> (low)
- - apache2 <unfixed> (low)
- [etch] - apache <no-dsa> (minor issue)
- [etch] - apache2 <no-dsa> (minor issue)
- [sarge] - apache <no-dsa> (minor issue)
- [sarge] - apache2 <no-dsa> (minor issue)
+ - apache <unfixed> (unimportant)
+ - apache2 <unfixed> (unimportant)
NOTE: This is only relevant if an attacker can upload files with arbitrary names
NOTE: but not with arbitrary contents.
CVE-2008-0454 (Cross-zone scripting vulnerability in the Internet Explorer web ...)
More information about the Secure-testing-commits
mailing list