apache2: ignore disputed CVE CVE-2007-0086 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Peter Marko <peter.marko@siemens.com>	2024-12-19 21:48:58 +0100
committer	Armin Kuster <akuster808@gmail.com>	2025-01-16 09:17:32 -0500
commit	3eb5952ed1718b7454474695f3a4e414909fb44a (patch)
tree	c1686e7dca556973bb2e6f2e93b687863f8c56b1 /meta-python/recipes-devtools/python/python-html5lib.inc
parent	2c4308f0d81b596d93de5575aa2e82da73dd7f7a (diff)
download	meta-openembedded-3eb5952ed1718b7454474695f3a4e414909fb44a.tar.gz

apache2: ignore disputed CVE CVE-2007-0086

This CVE is officially disputed by Redhat with official statement in https://nvd.nist.gov/vuln/detail/CVE-2007-0086 Red Hat does not consider this issue to be a security vulnerability. The pottential attacker has to send acknowledgement packets periodically to make server generate traffic. Exactly the same effect could be achieved by simply downloading the file. The statement that setting the TCP window size to arbitrarily high value would permit the attacker to disconnect and stop sending ACKs is false, because Red Hat Enterprise Linux limits the size of the TCP send buffer to 4MB by default. Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit da2b5e8b93c248363581b1bd4ff67ff1d8357c41) Signed-off-by: Armin Kuster <akuster808@gmail.com>

Diffstat (limited to 'meta-python/recipes-devtools/python/python-html5lib.inc')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: