*) mod_ssl: Send the Close Alert message to the peer before closing
the SSL session. PR 27428. [Madhusudan Mathihalli, Joe Orton]
- *) SECURITY: CAN-2004-0113 (cve.mitre.org)
+ *) SECURITY: CVE-2004-0113 (cve.mitre.org)
mod_ssl: Fix a memory leak in plain-HTTP-on-SSL-port handling.
PR 27106. [Joe Orton]
*) mod_dav: Return a WWW-auth header for MOVE/COPY requests where
the destination resource gives a 401. PR 15571. [Joe Orton]
- *) SECURITY: CAN-2003-0020 (cve.mitre.org)
+ *) SECURITY: CVE-2003-0020 (cve.mitre.org)
Escape arbitrary data before writing into the errorlog. Unescaped
errorlogs are still possible using the compile time switch
"-DAP_UNSAFE_ERROR_LOG_UNESCAPED". [Geoffrey Young, André Malo]
Changes with Apache 2.0.43
- *) SECURITY [CAN-2002-0840]: HTML-escape the address produced by
+ *) SECURITY [CVE-2002-0840]: HTML-escape the address produced by
ap_server_signature() against this cross-site scripting
vulnerability exposed by the directive 'UseCanonicalName Off'.
Also HTML-escape the SERVER_NAME environment variable for CGI
could lead to an infinite loop. PR 12705
[Amund Elstad <amund.elstad ergo.no>, Jeff Trawick]
- *) SECURITY [CAN-2002-1156] (cve.mitre.org):
+ *) SECURITY [CVE-2002-1156] (cve.mitre.org):
Fix the exposure of CGI source when a POST request is sent to
a location where both DAV and CGI are enabled. [Ryan Bloom]
run-time configurable using the ExtendedStatus directive.
[Jim Jagielski]
- *) SECURITY [CAN-1999-1199] (cve.mitre.org):
+ *) SECURITY [CVE-1999-1199] (cve.mitre.org):
Eliminate O(n^2) space DoS attacks (and other O(n^2)
cpu time attacks) in header parsing. Add ap_overlap_tables(),
a function which can be used to perform bulk update operations
projects / apache / commitdiff