This is an automated email from the ASF dual-hosted git repository.
covener pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/httpd-site.git
The following commit(s) were added to refs/heads/main by this push:
new 1b1e22b add missing fields and reexport
1b1e22b is described below
commit 1b1e22b4521d4f8b62b108ba7a1eb8795d43fe2c
Author: Eric Covener <ecovener@us.ibm.com>
AuthorDate: Thu Apr 4 11:44:44 2024 -0400
add missing fields and reexport
---
content/security/json/CVE-2023-38709.json | 187 ++++++++++++++----------------
1 file changed, 90 insertions(+), 97 deletions(-)
diff --git a/content/security/json/CVE-2023-38709.json b/content/security/json/CVE-2023-38709.json
index 81141c3..5315daf 100644
--- a/content/security/json/CVE-2023-38709.json
+++ b/content/security/json/CVE-2023-38709.json
@@ -1,101 +1,94 @@
{
- "containers": {
- "cna": {
- "affected": [.
- {
- "defaultStatus": "unaffected",
- "product": "Apache HTTP Server",
- "vendor": "Apache Software Foundation",
- "versions": [.
- {
- "lessThanOrEqual": "2.4.58",
- "status": "affected",
- "version": "0",
- "versionType": "semver"
+ "containers": {
+ "cna": {
+ "affected": [.
+ {
+ "defaultStatus": "unaffected",
+ "product": "Apache HTTP Server",
+ "vendor": "Apache Software Foundation",
+ "versions": [.
+ {
+ "lessThanOrEqual": "2.4.58",
+ "status": "affected",
+ "version": "0",
+ "versionType": "semver"
+ }
+ ]
+ }
+ ],
+ "credits": [.
+ {
+ "lang": "en",
+ "type": "finder",
+ "value": "Orange Tsai (@orange_8361) from DEVCORE"
+ }
+ ],
+ "descriptions": [.
+ {
+ "lang": "en",
+ "supportingMedia": [.
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses.<br><br>This issue affects Apache HTTP Server: through 2.4.58.<br>"
+ }
+ ],
+ "value": "Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses.\n\nThis issue affects Apache HTTP Server: through 2.4.58.\n"
+ }
+ ],
+ "metrics": [.
+ {
+ "other": {
+ "content": {
+ "text": "moderate"
+ },
+ "type": "Textual description of severity"
+ }
+ }
+ ],
+ "problemTypes": [.
+ {
+ "descriptions": [.
+ {
+ "description": "HTTP response splitting",
+ "lang": "en"
+ }
+ ]
+ }
+ ],
+ "providerMetadata": {
+ "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09"
+ },
+ "references": [
+ {
+ "tags": [
+ "vendor-advisory"
+ ],
+ "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
+ }
+ ],
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "timeline": [.
+ {
+ "lang": "en",
+ "time": "2023-06-26T00:00:00.000Z",
+ "value": "reported"
+ }
+ ],
+ "title": "Apache HTTP Server: HTTP response splitting",
+ "x_generator": {
+ "engine": "Vulnogram 0.1.0-dev"
}
- ]
}
- ],
- "credits": [.
- {
- "lang": "en",
- "type": "finder",
- "value": "Orange Tsai (@orange_8361) from DEVCORE"
- }
- ],
- "descriptions": [.
- {
- "lang": "en",
- "supportingMedia": [.
- {
- "base64": false,
- "type": "text/html",
- "value": "Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses.<br><br>This issue affects Apache HTTP Server: through 2.4.58.<br>"
- }
- ],
- "value": "Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses.\n\nThis issue affects Apache HTTP Server: through 2.4.58.\n"
- }
- ],
- "metrics": [.
- {
- "cvssV3_1": {
- "attackComplexity": "HIGH",
- "attackVector": "NETWORK",
- "availabilityImpact": "NONE",
- "baseScore": 6.8,
- "baseSeverity": "MEDIUM",
- "confidentialityImpact": "HIGH",
- "integrityImpact": "NONE",
- "privilegesRequired": "NONE",
- "scope": "CHANGED",
- "userInteraction": "NONE",
- "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
- "version": "3.1"
- },
- "format": "CVSS",
- "scenarios": [.
- {
- "lang": "en",
- "value": "GENERAL"
- }
- ]
- }
- ],
- "problemTypes": [.
- {
- "descriptions": [.
- {
- "description": "HTTP response splitting",
- "lang": "en"
- }
- ]
- }
- ],
- "providerMetadata": {
- "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09"
- },
- "source": {
- "discovery": "EXTERNAL"
- },
- "title": "Apache HTTP Server: HTTP response splitting",
- "x_generator": {
- "engine": "Vulnogram 0.1.0-dev"
- },
- "timeline": [.
- {
- "lang": "eng",
- "time": "2024-04-04",
- "value": "2.4.59 released"
- }
- ]
- }
- },
- "cveMetadata": {
- "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
- "cveId": "CVE-2023-38709",
- "serial": 1,
- "state": "PUBLISHED"
- },
- "dataType": "CVE_RECORD",
- "dataVersion": "5.0"
+ },
+ "cveMetadata": {
+ "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
+ "cveId": "CVE-2023-38709",
+ "serial": 1,
+ "state": "PUBLISHED"
+ },
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.0"
}
covener pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/httpd-site.git
The following commit(s) were added to refs/heads/main by this push:
new 1b1e22b add missing fields and reexport
1b1e22b is described below
commit 1b1e22b4521d4f8b62b108ba7a1eb8795d43fe2c
Author: Eric Covener <ecovener@us.ibm.com>
AuthorDate: Thu Apr 4 11:44:44 2024 -0400
add missing fields and reexport
---
content/security/json/CVE-2023-38709.json | 187 ++++++++++++++----------------
1 file changed, 90 insertions(+), 97 deletions(-)
diff --git a/content/security/json/CVE-2023-38709.json b/content/security/json/CVE-2023-38709.json
index 81141c3..5315daf 100644
--- a/content/security/json/CVE-2023-38709.json
+++ b/content/security/json/CVE-2023-38709.json
@@ -1,101 +1,94 @@
{
- "containers": {
- "cna": {
- "affected": [.
- {
- "defaultStatus": "unaffected",
- "product": "Apache HTTP Server",
- "vendor": "Apache Software Foundation",
- "versions": [.
- {
- "lessThanOrEqual": "2.4.58",
- "status": "affected",
- "version": "0",
- "versionType": "semver"
+ "containers": {
+ "cna": {
+ "affected": [.
+ {
+ "defaultStatus": "unaffected",
+ "product": "Apache HTTP Server",
+ "vendor": "Apache Software Foundation",
+ "versions": [.
+ {
+ "lessThanOrEqual": "2.4.58",
+ "status": "affected",
+ "version": "0",
+ "versionType": "semver"
+ }
+ ]
+ }
+ ],
+ "credits": [.
+ {
+ "lang": "en",
+ "type": "finder",
+ "value": "Orange Tsai (@orange_8361) from DEVCORE"
+ }
+ ],
+ "descriptions": [.
+ {
+ "lang": "en",
+ "supportingMedia": [.
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses.<br><br>This issue affects Apache HTTP Server: through 2.4.58.<br>"
+ }
+ ],
+ "value": "Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses.\n\nThis issue affects Apache HTTP Server: through 2.4.58.\n"
+ }
+ ],
+ "metrics": [.
+ {
+ "other": {
+ "content": {
+ "text": "moderate"
+ },
+ "type": "Textual description of severity"
+ }
+ }
+ ],
+ "problemTypes": [.
+ {
+ "descriptions": [.
+ {
+ "description": "HTTP response splitting",
+ "lang": "en"
+ }
+ ]
+ }
+ ],
+ "providerMetadata": {
+ "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09"
+ },
+ "references": [
+ {
+ "tags": [
+ "vendor-advisory"
+ ],
+ "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
+ }
+ ],
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "timeline": [.
+ {
+ "lang": "en",
+ "time": "2023-06-26T00:00:00.000Z",
+ "value": "reported"
+ }
+ ],
+ "title": "Apache HTTP Server: HTTP response splitting",
+ "x_generator": {
+ "engine": "Vulnogram 0.1.0-dev"
}
- ]
}
- ],
- "credits": [.
- {
- "lang": "en",
- "type": "finder",
- "value": "Orange Tsai (@orange_8361) from DEVCORE"
- }
- ],
- "descriptions": [.
- {
- "lang": "en",
- "supportingMedia": [.
- {
- "base64": false,
- "type": "text/html",
- "value": "Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses.<br><br>This issue affects Apache HTTP Server: through 2.4.58.<br>"
- }
- ],
- "value": "Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses.\n\nThis issue affects Apache HTTP Server: through 2.4.58.\n"
- }
- ],
- "metrics": [.
- {
- "cvssV3_1": {
- "attackComplexity": "HIGH",
- "attackVector": "NETWORK",
- "availabilityImpact": "NONE",
- "baseScore": 6.8,
- "baseSeverity": "MEDIUM",
- "confidentialityImpact": "HIGH",
- "integrityImpact": "NONE",
- "privilegesRequired": "NONE",
- "scope": "CHANGED",
- "userInteraction": "NONE",
- "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
- "version": "3.1"
- },
- "format": "CVSS",
- "scenarios": [.
- {
- "lang": "en",
- "value": "GENERAL"
- }
- ]
- }
- ],
- "problemTypes": [.
- {
- "descriptions": [.
- {
- "description": "HTTP response splitting",
- "lang": "en"
- }
- ]
- }
- ],
- "providerMetadata": {
- "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09"
- },
- "source": {
- "discovery": "EXTERNAL"
- },
- "title": "Apache HTTP Server: HTTP response splitting",
- "x_generator": {
- "engine": "Vulnogram 0.1.0-dev"
- },
- "timeline": [.
- {
- "lang": "eng",
- "time": "2024-04-04",
- "value": "2.4.59 released"
- }
- ]
- }
- },
- "cveMetadata": {
- "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
- "cveId": "CVE-2023-38709",
- "serial": 1,
- "state": "PUBLISHED"
- },
- "dataType": "CVE_RECORD",
- "dataVersion": "5.0"
+ },
+ "cveMetadata": {
+ "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
+ "cveId": "CVE-2023-38709",
+ "serial": 1,
+ "state": "PUBLISHED"
+ },
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.0"
}