Issue metadata
Sign in to add a comment
|
Chromium: Vulnerability reported in apache-win32 |
||||||||||||||||||||||
Issue descriptionAutomated analysis has detected that the following third party packages have had vulnerabilities publicly reported. NOTE: There may be several bugs listed below - in almost all cases, all bugs can be quickly addressed by upgrading to the latest version of the package. Package Name: apache-win32 Package Version: [cpe:/a:apache:http_server:2.2.25] Advisory: CVE-1999-1237 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-1999-1237 CVSS severity score: 10/10.0 Confidence: high Description: Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods. Advisory: CVE-2001-0131 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2001-0131 CVSS severity score: 1.2/10.0 Confidence: high Description: htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
,
Dec 20 2017
The change history for these issues shows that the change to the reports on 12/18/2017 was to replace one advisory URL with another. I don't think there's any action required for Chrome. https://nvd.nist.gov/vuln/detail/CVE-2001-0131#VulnChangeHistoryDiv https://nvd.nist.gov/vuln/detail/CVE-1999-1237#VulnChangeHistoryDiv
,
Dec 22 2017
,
Mar 31 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by elawrence@chromium.org
, Dec 20 2017Components: Blink>Infra