-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
add arbitrary upper bound on ancient Apache http server cves
Signed-off-by: Weston Steimel <[email protected]>
- Loading branch information
1 parent
196db5a
commit f89d7b5
Showing
5 changed files
with
109 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,34 @@ | ||
| { | ||
| "additionalMetadata": { | ||
| "cna": "mitre", | ||
| "cveId": "CVE-1999-0236", | ||
| "description": "ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.", | ||
| "reason": "Define a sufficiently old upper bound for this ancient CVE with few remaining details", | ||
| "references": [ | ||
| "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0236" | ||
| ] | ||
| }, | ||
| "adp": { | ||
| "affected": [ | ||
| { | ||
| "cpes": [ | ||
| "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*" | ||
| ], | ||
| "product": "Apache HTTP Server", | ||
| "vendor": "Apache Software Foundation", | ||
| "versions": [ | ||
| { | ||
| "lessThanOrEqual": "1.3.42", | ||
| "status": "affected", | ||
| "version": "0", | ||
| "versionType": "custom" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "providerMetadata": { | ||
| "orgId": "00000000-0000-4000-8000-000000000000", | ||
| "shortName": "anchoreadp" | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,35 @@ | ||
| { | ||
| "additionalMetadata": { | ||
| "cna": "mitre", | ||
| "cveId": "CVE-1999-1237", | ||
| "description": "Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.", | ||
| "reason": "Define a sufficiently old upper bound for this ancient CVE with few remaining details", | ||
| "references": [ | ||
| "http://www.securityfocus.com/archive/1/14384", | ||
| "https://exchange.xforce.ibmcloud.com/vulnerabilities/2272" | ||
| ] | ||
| }, | ||
| "adp": { | ||
| "affected": [ | ||
| { | ||
| "cpes": [ | ||
| "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*" | ||
| ], | ||
| "product": "Apache HTTP Server", | ||
| "vendor": "Apache Software Foundation", | ||
| "versions": [ | ||
| { | ||
| "lessThanOrEqual": "1.3.42", | ||
| "status": "affected", | ||
| "version": "0", | ||
| "versionType": "custom" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "providerMetadata": { | ||
| "orgId": "00000000-0000-4000-8000-000000000000", | ||
| "shortName": "anchoreadp" | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
| { | ||
| "additionalMetadata": { | ||
| "cna": "mitre", | ||
| "cveId": "CVE-2007-0086", | ||
| "description": "The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal", | ||
| "disputed": true, | ||
| "reason": "Define a sufficiently old upper bound for this ancient CVE with few remaining details", | ||
| "references": [ | ||
| "http://osvdb.org/33456", | ||
| "http://www.securityfocus.com/archive/1/455833/100/0/threaded", | ||
| "http://www.securityfocus.com/archive/1/455879/100/0/threaded", | ||
| "http://www.securityfocus.com/archive/1/455882/100/0/threaded", | ||
| "http://www.securityfocus.com/archive/1/455920/100/0/threaded" | ||
| ] | ||
| }, | ||
| "adp": { | ||
| "affected": [ | ||
| { | ||
| "cpes": [ | ||
| "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*" | ||
| ], | ||
| "product": "Apache HTTP Server", | ||
| "vendor": "Apache Software Foundation", | ||
| "versions": [ | ||
| { | ||
| "lessThanOrEqual": "1.3.42", | ||
| "status": "affected", | ||
| "version": "0", | ||
| "versionType": "custom" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "providerMetadata": { | ||
| "orgId": "00000000-0000-4000-8000-000000000000", | ||
| "shortName": "anchoreadp" | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters