> -----Original Message----- > From: Jeff Trawick [mailto:] > Sent: Dienstag, 21. August 2012 17:37 > To: [email protected] > Subject: Re: Updating 2.4 security page > > On Tue, Aug 21, 2012 at 11:30 AM, Rainer Jung > wrote: > > Now that 2.4.3 is released and annouced I'm in the process of updating > the > > security page (the xml file with the known vulnerabilities) to include > the > > two issues that are in CHANGES. > > > > The XSS mod_negotitation issues I think is clearly of severity level 4 > > (low), but I'm a bit uncertain about the mod_proxy_ajp problem. > > > > It can be triggered by remote and leads to response mixups, so a > privacy > > issue (all disclosed via Bugzilla before the release, so no need to > discuss > > privately). > > > > I'd go for a "Important" but would like to get more opinions. The > > definitions are at: > > +1 for "Important"
+1 Regards Rüdiger
