Author: geissert Date: 2010-01-10 23:25:56 +0000 (Sun, 10 Jan 2010) New Revision: 13782 Modified: data/CVE/list Log: httpds escape sequence issues Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-01-10 22:57:49 UTC (rev 13781) +++ data/CVE/list 2010-01-10 23:25:56 UTC (rev 13782) @@ -434,26 +434,63 @@ RESERVED - lxr-cvs <unfixed> NOTE: http://sourceforge.net/mailarchive/forum.php?thread_name=E1NS2s4-0001PE-F2 at 3bkjzd1.ch3.sourceforge.com&forum_name=lxr-developer -CVE-2009-4496 +CVE-2009-4496 [boa escape sequence injection] RESERVED -CVE-2009-4495 + - boa <unfixed> (low) + [etch] - boa <no-dsa> (issue not really specific to the httpd) + [lenny] - boa <no-dsa> (issue not really specific to the httpd) + NOTE: same as CVE-2009-4487 +CVE-2009-4495 [yaws escape sequence injection] RESERVED -CVE-2009-4494 + - yaws <unfixed> (low) + [etch] - yaws <no-dsa> (issue not really specific to the httpd) + [lenny] - yaws <no-dsa> (issue not really specific to the httpd) + NOTE: same as CVE-2009-4487 +CVE-2009-4494 [aolserver escape sequence injection] RESERVED -CVE-2009-4493 + - aolserver4 <unfixed> (low) + [etch] - aolserver4 <no-dsa> (issue not really specific to the httpd) + [lenny] - aolserver4 <no-dsa> (issue not really specific to the httpd) + NOTE: same as CVE-2009-4487 +CVE-2009-4493 [orion escape sequence injection] RESERVED -CVE-2009-4492 + NOT-FOR-US: Orion httpd +CVE-2009-4492 [webrick escape sequence injection] RESERVED -CVE-2009-4491 + - ruby1.8 <unfixed> (low; bug #564598) + [etch] - ruby1.8 <no-dsa> (issue not really specific to the httpd) + [lenny] - ruby1.8 <no-dsa> (issue not really specific to the httpd) + NOTE: same as CVE-2009-4487 +CVE-2009-4491 [thttpd escape sequence injection] RESERVED -CVE-2009-4490 + - thttpd <unfixed> (low) + [etch] - thttpd <no-dsa> (issue not really specific to the httpd) + [lenny] - thttpd <no-dsa> (issue not really specific to the httpd) + NOTE: same as CVE-2009-4487 +CVE-2009-4490 [mini-httpd escape sequence injection] RESERVED -CVE-2009-4489 + - mini-httpd <unfixed> (low) + [etch] - mini-httpd <no-dsa> (issue not really specific to the httpd) + [lenny] - mini-httpd <no-dsa> (issue not really specific to the httpd) + NOTE: same as CVE-2009-4487 +CVE-2009-4489 [cherokee escape sequence injection] RESERVED -CVE-2009-4488 + - cherokee 0.99.37-1 (low) + [etch] - cherokee <no-dsa> (issue not really specific to the httpd) + [lenny] - cherokee <no-dsa> (issue not really specific to the httpd) + NOTE: same as CVE-2009-4487 +CVE-2009-4488 [varnish escape sequence injection] RESERVED -CVE-2009-4487 + - varnish <unfixed> (low) + [etch] - varnish <no-dsa> (issue not really specific to the httpd) + [lenny] - varnish <no-dsa> (issue not really specific to the httpd) + NOTE: same as CVE-2009-4487 +CVE-2009-4487 [nginx escape sequence injection] RESERVED + - nginx <unfixed> (low) + [etch] - nginx <no-dsa> (issue not really specific to the httpd) + [lenny] - nginx <no-dsa> (issue not really specific to the httpd) + NOTE: http://www.ush.it/team/ush/hack_httpd_escape/adv.txt CVE-2009-4486 RESERVED CVE-2009-4485