On Fri, Aug 14, 2020 at 11:49 AM Nic P <webninja458@xxxxxxxxx> wrote: > > Hi > > I am struggling through an audit with explaining CVE's listed on NIST that do not appear on the Apache site with any fixes. > > CVE-1999-0070 is an example showing in nist site as impacting Apache, but no reference to this on the Apache security pages > > https://nvd.nist.gov/vuln/detail/CVE-1999-0070 > > Can anyone help with this sufficiently to explain to audit? It's a 20+ year old bug misclassified as affecting all Apache releases on the NIST site but it seems to be a match for a bug fixed fixed before 1.3.0 was released (1.2b2 in 1998). It predates the CVE system and the CVE doesn't contain anything actionable/identifiable other than resembling this old bug about the test-cgi sample script. -- Eric Covener covener@xxxxxxxxx --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|