Author: gilbert-guest Date: 2009-06-19 17:27:40 +0000 (Fri, 19 Jun 2009) New Revision: 12166 Modified: data/CVE/list Log: tracking added for "slowloris" dos Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-06-19 16:54:42 UTC (rev 12165) +++ data/CVE/list 2009-06-19 17:27:40 UTC (rev 12166) @@ -1,3 +1,12 @@ +CVE-2009-XXXX ["slowloris" denial-of-service vulnerabilty in webservers] + - apache2 <unfixed> (low; bug #533661) + - apache <unfixed> (low; bug #533662) + - squid <unfixed> (low; bug #533663) + - squid3 <unfixed> (low; bug #533664) + - dhttpd <unfixed> (low; bug #533665) + - lighttpd <not-affected> + TODO: follow-up with maintainers (exploit site says these servers vulnerable, but i have not checked, asked maintainers to do so) + TODO: determine if any of the other webservers are affected CVE-2009-2107 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: Webmedia Explorer CVE-2009-2106 (SQL injection vulnerability in the Virtual Civil Services (civserv) ...)