[Secure-testing-commits] r13844 - data/CVE
Stefan Fritsch
sf at alioth.debian.org
Sun Jan 17 10:14:54 UTC 2010
Author: sf
Date: 2010-01-17 10:14:53 +0000 (Sun, 17 Jan 2010)
New Revision: 13844
Modified:
data/CVE/list
Log:
new apache 1.3 issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-01-17 09:37:10 UTC (rev 13843)
+++ data/CVE/list 2010-01-17 10:14:53 UTC (rev 13844)
@@ -1413,8 +1413,12 @@
- uzbl 0.0.0~git.20100105-1 (medium)
NOTE: http://www.uzbl.org/news.php?id=22
NOTE: maintainer is aware of it
-CVE-2010-0010
+CVE-2010-0010 [Apache httpd 1.3 mod_proxy integer overflow on 64bit archs]
RESERVED
+ - apache <unfixed> (low)
+ NOTE: Exploitability is fairly limited: Can only be exploited by a malicious server,
+ NOTE: not by a client. No sane person uses apache 1.3 as forward proxy and in reverse
+ NOTE: proxy situations, the backend server is usually trusted, anyway.
CVE-2010-0009
RESERVED
CVE-2010-0008
More information about the Secure-testing-commits
mailing list