diff options
| author | dbaio <dbaio@FreeBSD.org> | 2017-08-11 08:03:38 +0800 |
|---|---|---|
| committer | dbaio <dbaio@FreeBSD.org> | 2017-08-11 08:03:38 +0800 |
| commit | d8422f9f2c4c359ef6d74b930b4f08afab9efb78 (patch) | |
| tree | a2854a08f3de9ab9b2670529dad910a17bb518b9 /security | |
| parent | 0eac19bb9594c7601f6a31d6753a9c0e380218c5 (diff) | |
| download | freebsd-ports-gnome-d8422f9f2c4c359ef6d74b930b4f08afab9efb78.tar.gz freebsd-ports-gnome-d8422f9f2c4c359ef6d74b930b4f08afab9efb78.tar.zst freebsd-ports-gnome-d8422f9f2c4c359ef6d74b930b4f08afab9efb78.zip | |
security/vuxml: Consolidate duplicate Apache Commons FileUpload entries
This also remove a wrong entry that marks tomcat 6 as vulnerable
Approved by: ports-secteam (zi)
Differential Revision: https://reviews.freebsd.org/D11941
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 48 |
1 files changed, 8 insertions, 40 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index ebc7b98cc20c..9612182f28d4 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -18000,45 +18000,7 @@ and CVE-2013-0155.</p> </vuln> <vuln vid="61b8c359-4aab-11e6-a7bd-14dae9d210b8"> - <topic>Apache Commons FileUpload -- denial of service</topic> - <affects> - <package> - <name>tomcat</name> - <range><ge>0</ge></range> - </package> - <package> - <name>tomcat7</name> - <range><lt>7.0.70</lt></range> - </package> - <package> - <name>tomcat8</name> - <range><lt>8.0.36</lt></range> - </package> - <package> - <name>apache-struts</name> - <range><le>2.5.2</le></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml"> - <p>Jochen Wiedmann reports:</p> - <blockquote cite="http://jvn.jp/en/jp/JVN89379547/index.html"> - <p>A malicious client can send file upload requests that cause - the HTTP server using the Apache Commons Fileupload library to become - unresponsive, preventing the server from servicing other requests.</p> - </blockquote> - </body> - </description> - <references> - <url>http://jvn.jp/en/jp/JVN89379547/index.html</url> - <url>http://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3CCAF8HOZ%2BPq2QH8RnxBuJyoK1dOz6jrTiQypAC%2BH8g6oZkBg%2BCxg%40mail.gmail.com%3E</url> - <cvename>CVE-2016-3092</cvename> - </references> - <dates> - <discovery>2016-06-21</discovery> - <entry>2016-07-15</entry> - <modified>2017-03-18</modified> - </dates> + <cancelled superseded="cbceeb49-3bc7-11e6-8e82-002590263bf5"/> </vuln> <vuln vid="3159cd70-4aaa-11e6-a7bd-14dae9d210b8"> @@ -19209,7 +19171,7 @@ and CVE-2013-0155.</p> </vuln> <vuln vid="cbceeb49-3bc7-11e6-8e82-002590263bf5"> - <topic>tomcat -- remote DoS in the Apache Commons FileUpload component</topic> + <topic>Apache Commons FileUpload -- denial of service (DoS) vulnerability</topic> <affects> <package> <name>tomcat7</name> @@ -19219,6 +19181,10 @@ and CVE-2013-0155.</p> <name>tomcat8</name> <range><lt>8.0.36</lt></range> </package> + <package> + <name>apache-struts</name> + <range><lt>2.5.2</lt></range> + </package> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml"> @@ -19239,10 +19205,12 @@ and CVE-2013-0155.</p> <url>http://tomcat.apache.org/security-7.html</url> <url>http://tomcat.apache.org/security-8.html</url> <url>http://mail-archives.apache.org/mod_mbox/tomcat-announce/201606.mbox/%3C6223ece6-2b41-ef4f-22f9-d3481e492832%40apache.org%3E</url> + <url>http://jvn.jp/en/jp/JVN89379547/index.html</url> </references> <dates> <discovery>2016-06-20</discovery> <entry>2016-06-26</entry> + <modified>2017-08-10</modified> </dates> </vuln> |