[Secure-testing-commits] r20078 - data/CVE

Henri Salo fgeek-guest at alioth.debian.org
Sun Sep 2 15:57:21 UTC 2012


Author: fgeek-guest
Date: 2012-09-02 15:57:21 +0000 (Sun, 02 Sep 2012)
New Revision: 20078

Modified:
   data/CVE/list
Log:
CVE-2012-4386, CVE-2012-4387: apache struts issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-09-02 14:13:45 UTC (rev 20077)
+++ data/CVE/list	2012-09-02 15:57:21 UTC (rev 20078)
@@ -921,10 +921,16 @@
 	RESERVED
 CVE-2012-4388
 	RESERVED
-CVE-2012-4387
+CVE-2012-4387 [Apache Struts DoS]
 	RESERVED
-CVE-2012-4386
+	NOTE: check
+	NOTE: http://www.openwall.com/lists/oss-security/2012/09/01/4
+	NOTE: http://struts.apache.org/2.x/docs/s2-011.html
+CVE-2012-4386 [Apache Struts CSRF protection bypass]
 	RESERVED
+	TODO: check
+	NOTE: http://www.openwall.com/lists/oss-security/2012/09/01/4
+	NOTE: http://struts.apache.org/2.x/docs/s2-010.html
 CVE-2012-4385 [letodms CSRF]
 	RESERVED
 	- letodms 3.3.7+dfsg-1




More information about the Secure-testing-commits mailing list