From: Mark J. Cox <mjc@apache.org>
Date: Fri, 4 Oct 2002 09:08:46 +0000 (+0000)
Subject: This is worthy of a CVE name, thanks to Joe for the headsup and text
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=62f9304b0253fec959b9064a4fbbde29a86ec184;p=apache

This is worthy of a CVE name, thanks to Joe for the headsup and text
PR:
Obtained from: Joe Orton
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97095 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index a447169537..a6a7109db2 100644
--- a/CHANGES
+++ b/CHANGES
@@ -34,8 +34,9 @@ Changes with Apache 2.0.43
      could lead to an infinite loop.  PR 12705  
      [amund.elstad@ergo.no (Amund Elstad), Jeff Trawick]
 
-  *) SECURITY: Allow POST requests and CGI scripts to work when DAV 
-     is enabled on the location.  [Ryan Bloom]
+  *) SECURITY: CAN-2002-1156 (cve.mitre.org)
+      Fix the exposure of CGI source when a POST request is sent to 
+      a location where both DAV and CGI are enabled. [Ryan Bloom]
 
   *) Allow the UserDir directive to accept a list of directories.
      This matches what Apache 1.3 does.  Also add documentation for