[Git][security-tracker-team/security-tracker][master] Update information for old CVE-2008-0455/apache2

Salvatore Bonaccorso carnil at debian.org
Thu Jul 23 10:19:41 BST 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2c8a2248 by Salvatore Bonaccorso at 2020-07-23T11:18:10+02:00
Update information for old CVE-2008-0455/apache2

It appears from [1] that CVE-2012-2687 was as well known under
(duplicate) CVE-2008-0455. CVE-2012-2687 was fixed witn the 2.2.22-8
upload, so sync the two entries with the fixed version.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -378206,9 +378206,10 @@ CVE-2008-0456 (CRLF injection vulnerability in the mod_negotiation module in the
 	NOTE: but not with arbitrary contents.
 CVE-2008-0455 (Cross-site scripting (XSS) vulnerability in the mod_negotiation module ...)
 	- apache <removed> (unimportant)
-	- apache2 <unfixed> (unimportant)
+	- apache2 2.2.22-8 (unimportant)
 	NOTE: This is only relevant if an attacker can upload files with arbitrary names
 	NOTE: but not with arbitrary contents.
+	NOTE: https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2012-2687
 CVE-2008-0454 (Cross-zone scripting vulnerability in the Internet Explorer web contro ...)
 	NOT-FOR-US: Skype
 CVE-2008-0453 (SQL injection vulnerability in list.php in Easysitenetwork Recipe allo ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c8a2248de68743aa9dd09c99f7726f26174bf58

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c8a2248de68743aa9dd09c99f7726f26174bf58
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200723/c1dd2534/attachment.html>


More information about the debian-security-tracker-commits mailing list