Update my latest Apache entry to make clear that this only affects certain

installations (when Apache is used as a HTTP proxy in combination with some
web servers). I didn't make that clear in the first commit.

Requested by:		nectar
Discussed with:		clement

1 files changed, 12 insertions, 1 deletions

diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 0aa78a4179d0..49af2e876165 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -82,7 +82,18 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 	  ability to bypass web application firewall protection.
 	  Exploiting this vulnerability requires multiple carefully
 	  crafted HTTP requests, taking advantage of an caching server,
-	  proxy server, web application firewall etc.</p>
+	  proxy server, web application firewall etc. This only affects
+	  installations where Apache is used as HTTP proxy in
+	  combination with the following web servers:</p>
+	<ul>
+	  <il>IIS/6.0 and 5.0</il>
+	  <il>Apache 2.0.45 (as web server)</il>
+	  <il>apache 1.3.29</il>
+	  <il>WebSphere 5.1 and 5.0</il>
+	  <il>WebLogic 8.1 SP1</il>
+	  <il>Oracle9iAS web server 9.0.2</il>
+	  <il>SunONE web server 6.1 SP4</il>
+	</ul>
       </body>
     </description>
     <references>