[Secure-testing-commits] r12166 - data/CVE
Michael Gilbert
gilbert-guest at alioth.debian.org
Fri Jun 19 17:27:41 UTC 2009
Author: gilbert-guest
Date: 2009-06-19 17:27:40 +0000 (Fri, 19 Jun 2009)
New Revision: 12166
Modified:
data/CVE/list
Log:
tracking added for "slowloris" dos
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-06-19 16:54:42 UTC (rev 12165)
+++ data/CVE/list 2009-06-19 17:27:40 UTC (rev 12166)
@@ -1,3 +1,12 @@
+CVE-2009-XXXX ["slowloris" denial-of-service vulnerabilty in webservers]
+ - apache2 <unfixed> (low; bug #533661)
+ - apache <unfixed> (low; bug #533662)
+ - squid <unfixed> (low; bug #533663)
+ - squid3 <unfixed> (low; bug #533664)
+ - dhttpd <unfixed> (low; bug #533665)
+ - lighttpd <not-affected>
+ TODO: follow-up with maintainers (exploit site says these servers vulnerable, but i have not checked, asked maintainers to do so)
+ TODO: determine if any of the other webservers are affected
CVE-2009-2107 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
NOT-FOR-US: Webmedia Explorer
CVE-2009-2106 (SQL injection vulnerability in the Virtual Civil Services (civserv) ...)
More information about the Secure-testing-commits
mailing list