stef-guest at alioth.debian.org
2008-Sep-22 21:14 UTC
[Secure-testing-commits] r9866 - data/CVE
Author: stef-guest Date: 2008-09-22 21:14:23 +0000 (Mon, 22 Sep 2008) New Revision: 9866 Modified: data/CVE/list Log: mark two apache issues as unimportant Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-09-22 11:13:28 UTC (rev 9865) +++ data/CVE/list 2008-09-22 21:14:23 UTC (rev 9866) @@ -8560,21 +8560,13 @@ CVE-2008-0457 (Unrestricted file upload vulnerability in the FileUpload class running ...) NOT-FOR-US: Symantec LiveState Apache Tomcat server CVE-2008-0456 (CRLF injection vulnerability in the mod_negotiation module in the ...) - - apache <unfixed> (low) - - apache2 <unfixed> (low) - [etch] - apache <no-dsa> (minor issue) - [etch] - apache2 <no-dsa> (minor issue) - [sarge] - apache <no-dsa> (minor issue) - [sarge] - apache2 <no-dsa> (minor issue) + - apache <unfixed> (unimportant) + - apache2 <unfixed> (unimportant) NOTE: This is only relevant if an attacker can upload files with arbitrary names NOTE: but not with arbitrary contents. CVE-2008-0455 (Cross-site scripting (XSS) vulnerability in the mod_negotiation module ...) - - apache <unfixed> (low) - - apache2 <unfixed> (low) - [etch] - apache <no-dsa> (minor issue) - [etch] - apache2 <no-dsa> (minor issue) - [sarge] - apache <no-dsa> (minor issue) - [sarge] - apache2 <no-dsa> (minor issue) + - apache <unfixed> (unimportant) + - apache2 <unfixed> (unimportant) NOTE: This is only relevant if an attacker can upload files with arbitrary names NOTE: but not with arbitrary contents. CVE-2008-0454 (Cross-zone scripting vulnerability in the Internet Explorer web ...)