httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From m..@apache.org
Subject svn commit: r167920 [2/2] - in /httpd/site/trunk: build.xml docs/security/ docs/security/vulnerabilities_13.html docs/security/vulnerabilities_20.html xdocs/security/ xdocs/security/vulnerabilities-httpd.xml xdocs/stylesheets/securitydates.xsl xdocs/stylesheets/securitydb.xsl
Date Tue, 03 May 2005 15:07:07 GMT
Added: httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
URL: http://svn.apache.org/viewcvs/httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml?rev=167920&view=auto
==============================================================================
--- httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml (added)
+++ httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml Tue May  3 08:07:06 2005
@@ -0,0 +1,1470 @@
+<security updated="20050503">
+
+<issue fixed="2.0.53" public="20041101" released="20050208" reported="20041028">
+<cve name="CAN-2004-0942"/>
+<severity level="2">important</severity>
+<title>Memory consumption DoS</title>
+<description>
+<p>
+An issue was discovered where the field length limit was not enforced
+for certain malicious requests.  This could allow a remote attacker who
+is able to send large amounts of data to a server the ability to cause
+Apache children to consume proportional amounts of memory, leading to
+a denial of service.
+</p>
+</description>
+<affects prod="httpd" version="2.0.52"/>
+<affects prod="httpd" version="2.0.51"/>
+<affects prod="httpd" version="2.0.50"/>
+<affects prod="httpd" version="2.0.49"/>
+<affects prod="httpd" version="2.0.48"/>
+<affects prod="httpd" version="2.0.47"/>
+<affects prod="httpd" version="2.0.46"/>
+<affects prod="httpd" version="2.0.45"/>
+<affects prod="httpd" version="2.0.44"/>
+<affects prod="httpd" version="2.0.43"/>
+<affects prod="httpd" version="2.0.42"/>
+<affects prod="httpd" version="2.0.40"/>
+<affects prod="httpd" version="2.0.39"/>
+<affects prod="httpd" version="2.0.37"/>
+<affects prod="httpd" version="2.0.36"/>
+<affects prod="httpd" version="2.0.35"/>
+</issue>
+
+<issue fixed="1.3.33" public="20041021" released="20041028" reported="20041021">
+<cve name="CAN-2004-0940"/>
+<title>mod_include overflow</title>
+<severity level="3">moderate</severity>
+<description>
+<p>
+A buffer overflow in mod_include could allow a local user who
+is authorised to create server side include (SSI) files to gain
+the privileges of a httpd child.
+</p>
+</description>
+  <affects prod="httpd" version="1.3.32"/>
+  <affects prod="httpd" version="1.3.31"/>
+  <affects prod="httpd" version="1.3.29"/>
+  <affects prod="httpd" version="1.3.28"/>
+  <affects prod="httpd" version="1.3.27"/>
+  <affects prod="httpd" version="1.3.26"/>
+  <affects prod="httpd" version="1.3.24"/>
+  <affects prod="httpd" version="1.3.22"/>
+  <affects prod="httpd" version="1.3.20"/>
+  <affects prod="httpd" version="1.3.19"/>
+  <affects prod="httpd" version="1.3.17"/>
+  <affects prod="httpd" version="1.3.14"/>
+  <affects prod="httpd" version="1.3.12"/>
+  <affects prod="httpd" version="1.3.11"/>
+  <affects prod="httpd" version="1.3.9"/>
+  <affects prod="httpd" version="1.3.6"/>
+  <affects prod="httpd" version="1.3.4"/>
+  <affects prod="httpd" version="1.3.3"/>
+  <affects prod="httpd" version="1.3.2"/>
+  <affects prod="httpd" version="1.3.1"/>
+  <affects prod="httpd" version="1.3.0"/>
+</issue>
+
+<issue fixed="2.0.53" public="20041001" reported="20041001" released="20050208">
+<cve name="CAN-2004-0885"/>
+<severity level="3">moderate</severity>
+<title>SSLCipherSuite bypass</title>
+<description>
+<p>
+An issue has been discovered in the mod_ssl module when configured to use
+the "SSLCipherSuite" directive in directory or location context. If a
+particular location context has been configured to require a specific set
+of cipher suites, then a client will be able to access that location using
+any cipher suite allowed by the virtual host configuration. 
+</p>
+</description>
+<affects prod="httpd" version="2.0.52"/>
+<affects prod="httpd" version="2.0.51"/>
+<affects prod="httpd" version="2.0.50"/>
+<affects prod="httpd" version="2.0.49"/>
+<affects prod="httpd" version="2.0.48"/>
+<affects prod="httpd" version="2.0.47"/>
+<affects prod="httpd" version="2.0.46"/>
+<affects prod="httpd" version="2.0.45"/>
+<affects prod="httpd" version="2.0.44"/>
+<affects prod="httpd" version="2.0.43"/>
+<affects prod="httpd" version="2.0.42"/>
+<affects prod="httpd" version="2.0.40"/>
+<affects prod="httpd" version="2.0.39"/>
+<affects prod="httpd" version="2.0.37"/>
+<affects prod="httpd" version="2.0.36"/>
+<affects prod="httpd" version="2.0.35"/>
+</issue>
+
+
+<issue fixed="2.0.52" released="20040928" public="20040918" reported="20040918">
+<cve name="CAN-2004-0811"/>
+<title>Basic authentication bypass</title>
+<severity level="2">important</severity>
+<description>
+<p>
+A flaw in Apache 2.0.51 (only) broke the merging of the Satisfy
+directive which could result in access being granted to
+resources despite any configured authentication
+</p>
+</description>
+<affects prod="httpd" version="2.0.51"/>
+</issue>
+
+<issue fixed="2.0.51" public="20040915" released="20040915" reported="20040825">
+<cve name="CAN-2004-0786"/>
+<title>IPv6 URI parsing heap overflow</title>
+<severity level="1">critical</severity>
+<description>
+<p>
+Testing using the Codenomicon HTTP Test Tool performed by the Apache
+Software Foundation security group and Red Hat uncovered an input
+validation issue in the IPv6 URI parsing routines in the apr-util library.
+If a remote attacker sent a request including a carefully crafted URI, an
+httpd child process could be made to crash.  One some BSD systems it
+is believed this flaw may be able to lead to remote code execution.
+</p>
+</description>
+<affects prod="httpd" version="2.0.50"/>
+<affects prod="httpd" version="2.0.49"/>
+<affects prod="httpd" version="2.0.48"/>
+<affects prod="httpd" version="2.0.47"/>
+<affects prod="httpd" version="2.0.46"/>
+<affects prod="httpd" version="2.0.45"/>
+<affects prod="httpd" version="2.0.44"/>
+<affects prod="httpd" version="2.0.43"/>
+<affects prod="httpd" version="2.0.42"/>
+<affects prod="httpd" version="2.0.40"/>
+<affects prod="httpd" version="2.0.39"/>
+<affects prod="httpd" version="2.0.37"/>
+<affects prod="httpd" version="2.0.36"/>
+<affects prod="httpd" version="2.0.35"/>
+</issue>
+
+<issue fixed="2.0.51" public="20040915" released="20040915" reported="20040805">
+<cve name="CAN-2004-0747"/>
+<severity level="4">low</severity>
+<title>Environment variable expansion flaw</title>
+<description>
+<p>
+The Swedish IT Incident Centre (SITIC) reported a buffer overflow in the
+expansion of environment variables during configuration file parsing. This
+issue could allow a local user to gain the privileges of a httpd
+child if a server can be forced to parse a carefully crafted .htaccess file 
+written by a local user.
+</p>
+</description>
+<affects prod="httpd" version="2.0.50"/>
+<affects prod="httpd" version="2.0.49"/>
+<affects prod="httpd" version="2.0.48"/>
+<affects prod="httpd" version="2.0.47"/>
+<affects prod="httpd" version="2.0.46"/>
+<affects prod="httpd" version="2.0.45"/>
+<affects prod="httpd" version="2.0.44"/>
+<affects prod="httpd" version="2.0.43"/>
+<affects prod="httpd" version="2.0.42"/>
+<affects prod="httpd" version="2.0.40"/>
+<affects prod="httpd" version="2.0.39"/>
+<affects prod="httpd" version="2.0.37"/>
+<affects prod="httpd" version="2.0.36"/>
+<affects prod="httpd" version="2.0.35"/>
+</issue>
+
+<issue fixed="2.0.51" released="20040915" public="20040707" reported="20040707">
+<cve name="CAN-2004-0751"/>
+<severity level="4">low</severity>
+<title>Malicious SSL proxy can cause crash</title>
+<description>
+<p>
+An issue was discovered in the mod_ssl module in Apache 2.0.44-2.0.50
+which could be triggered if
+the server is configured to allow proxying to a remote SSL server. A
+malicious remote SSL server could force an httpd child process to crash by
+sending a carefully crafted response header. This issue is not believed to
+allow execution of arbitrary code and will only result in a denial
+of service where a threaded process model is in use.
+</p>
+</description>
+<affects prod="httpd" version="2.0.50"/>
+<affects prod="httpd" version="2.0.49"/>
+<affects prod="httpd" version="2.0.48"/>
+<affects prod="httpd" version="2.0.47"/>
+<affects prod="httpd" version="2.0.46"/>
+<affects prod="httpd" version="2.0.45"/>
+<affects prod="httpd" version="2.0.44"/>
+</issue>
+
+<issue fixed="2.0.51" released="20040915" public="20040707" reported="20040707">
+<cve name="CAN-2004-0748"/>
+<severity level="2">important</severity>
+<title>SSL connection infinite loop</title>
+<description>
+<p>
+An issue was discovered in the mod_ssl module in Apache 2.0.  
+A remote attacker who forces an SSL connection to
+be aborted in a particular state may cause an Apache child process to
+enter an infinite loop, consuming CPU resources.
+</p>
+</description>
+<affects prod="httpd" version="2.0.50"/>
+<maybeaffects prod="httpd" version="2.0.49"/>
+<maybeaffects prod="httpd" version="2.0.48"/>
+<maybeaffects prod="httpd" version="2.0.47"/>
+<maybeaffects prod="httpd" version="2.0.46"/>
+<maybeaffects prod="httpd" version="2.0.45"/>
+<maybeaffects prod="httpd" version="2.0.44"/>
+<maybeaffects prod="httpd" version="2.0.43"/>
+<maybeaffects prod="httpd" version="2.0.42"/>
+<maybeaffects prod="httpd" version="2.0.40"/>
+<maybeaffects prod="httpd" version="2.0.39"/>
+<maybeaffects prod="httpd" version="2.0.37"/>
+<maybeaffects prod="httpd" version="2.0.36"/>
+<maybeaffects prod="httpd" version="2.0.35"/>
+</issue>
+
+<issue fixed="2.0.51" public="20040912" reported="20040912" released="20040915">
+<cve name="CAN-2004-0809"/>
+<title>WebDAV remote crash</title>
+<severity level="4">low</severity>
+<description>
+<p>
+An issue was discovered in the mod_dav module which could be triggered
+for a location where WebDAV authoring access has been configured. A
+malicious remote client which is authorized to use the LOCK method
+could force an httpd child process to crash by sending a particular
+sequence of LOCK requests. This issue does not allow execution of
+arbitrary code.  and will only result in a denial of service where a
+threaded process model is in use.
+</p>
+</description>
+<affects prod="httpd" version="2.0.50"/>
+<affects prod="httpd" version="2.0.49"/>
+<affects prod="httpd" version="2.0.48"/>
+<affects prod="httpd" version="2.0.47"/>
+<affects prod="httpd" version="2.0.46"/>
+<affects prod="httpd" version="2.0.45"/>
+<affects prod="httpd" version="2.0.44"/>
+<affects prod="httpd" version="2.0.43"/>
+<affects prod="httpd" version="2.0.42"/>
+<affects prod="httpd" version="2.0.40"/>
+<affects prod="httpd" version="2.0.39"/>
+<affects prod="httpd" version="2.0.37"/>
+<affects prod="httpd" version="2.0.36"/>
+<affects prod="httpd" version="2.0.35"/>
+</issue>
+
+<issue fixed="2.0.50" released="20040701" reported="20040613" public="20040701">
+<cve name="CAN-2004-0493"/>
+<title>Header parsing memory leak</title>
+<severity level="2">important</severity>
+<description>
+<p>
+A memory leak in parsing of HTTP headers which can be triggered
+remotely may allow a denial of service attack due to excessive memory
+consumption.
+</p>
+</description>
+<affects prod="httpd" version="2.0.49"/>
+<maybeaffects prod="httpd" version="2.0.48"/>
+<maybeaffects prod="httpd" version="2.0.47"/>
+<maybeaffects prod="httpd" version="2.0.46"/>
+<maybeaffects prod="httpd" version="2.0.45"/>
+<maybeaffects prod="httpd" version="2.0.44"/>
+<maybeaffects prod="httpd" version="2.0.43"/>
+<maybeaffects prod="httpd" version="2.0.42"/>
+<maybeaffects prod="httpd" version="2.0.40"/>
+<maybeaffects prod="httpd" version="2.0.39"/>
+<maybeaffects prod="httpd" version="2.0.37"/>
+<maybeaffects prod="httpd" version="2.0.36"/>
+<maybeaffects prod="httpd" version="2.0.35"/>
+</issue>
+
+<issue fixed="2.0.50" released="20040701" public="20040517">
+<cve name="CAN-2004-0488"/>
+<severity level="4">low</severity>
+<title>FakeBasicAuth overflow</title>
+<description>
+<p>
+A buffer overflow in the mod_ssl FakeBasicAuth code could be exploited
+by an attacker using a (trusted) client certificate with a subject DN
+field which exceeds 6K in length.
+</p>
+</description>
+<affects prod="httpd" version="2.0.49"/>
+<affects prod="httpd" version="2.0.48"/>
+<affects prod="httpd" version="2.0.47"/>
+<affects prod="httpd" version="2.0.46"/>
+<affects prod="httpd" version="2.0.45"/>
+<affects prod="httpd" version="2.0.44"/>
+<affects prod="httpd" version="2.0.43"/>
+<affects prod="httpd" version="2.0.42"/>
+<affects prod="httpd" version="2.0.40"/>
+<affects prod="httpd" version="2.0.39"/>
+<affects prod="httpd" version="2.0.37"/>
+<affects prod="httpd" version="2.0.36"/>
+<affects prod="httpd" version="2.0.35"/>
+</issue>
+
+<issue fixed="1.3.32" public="20030610" released="20041020" reported="20030608">
+<cve name="CAN-2004-0492"/>
+<severity level="3">moderate</severity>
+<title>mod_proxy buffer overflow</title>
+<description>
+<p>
+A buffer overflow was found in the Apache proxy module, mod_proxy, which
+can be triggered by receiving an invalid Content-Length header. In order
+to exploit this issue an attacker would need to get an Apache installation
+that was configured as a proxy to connect to a malicious site. This would
+cause the Apache child processing the request to crash, although this does
+not represent a significant Denial of Service attack as requests will
+continue to be handled by other Apache child processes.  This issue may
+lead to remote arbitrary code execution on some BSD platforms.
+</p>
+</description>
+  <affects prod="httpd" version="1.3.31"/>
+  <affects prod="httpd" version="1.3.29"/>
+  <affects prod="httpd" version="1.3.28"/>
+  <affects prod="httpd" version="1.3.27"/>
+  <affects prod="httpd" version="1.3.26"/>
+</issue>
+
+<issue fixed="1.3.31" public="20030224" released="20040512" reported="20030224">
+<cve name="CVE-2003-0020"/>
+<title>Error log escape filtering</title>
+<severity level="4">low</severity>
+<description>
+<p>
+Apache does not filter terminal escape sequences from error logs,
+which could make it easier for attackers to insert those sequences
+into terminal emulators containing vulnerabilities related to escape
+sequences.
+</p>
+</description>
+  <affects prod="httpd" version="1.3.29"/>
+  <affects prod="httpd" version="1.3.28"/>
+  <affects prod="httpd" version="1.3.27"/>
+  <affects prod="httpd" version="1.3.26"/>
+  <affects prod="httpd" version="1.3.24"/>
+  <affects prod="httpd" version="1.3.22"/>
+  <affects prod="httpd" version="1.3.20"/>
+  <affects prod="httpd" version="1.3.19"/>
+  <affects prod="httpd" version="1.3.17"/>
+  <affects prod="httpd" version="1.3.14"/>
+  <affects prod="httpd" version="1.3.12"/>
+  <affects prod="httpd" version="1.3.11"/>
+  <affects prod="httpd" version="1.3.9"/>
+  <affects prod="httpd" version="1.3.6"/>
+  <affects prod="httpd" version="1.3.4"/>
+  <affects prod="httpd" version="1.3.3"/>
+  <affects prod="httpd" version="1.3.2"/>
+  <affects prod="httpd" version="1.3.1"/>
+  <affects prod="httpd" version="1.3.0"/>
+</issue>
+
+<issue fixed="1.3.31" public="20031218" released="20040512" reported="20031218">
+<cve name="CAN-2003-0987"/>
+<severity level="4">low</severity>
+<title>mod_digest nonce checking</title>
+<description>
+<p>
+
+mod_digest does not properly verify the nonce of a client response by
+using a AuthNonce secret.  This could allow a malicious user who is
+able to sniff network traffic to conduct a replay attack against a
+website using Digest protection.  Note that mod_digest implements an
+older version of the MD5 Digest Authentication specification which
+is known not to work with modern browsers.  This issue does not affect
+mod_auth_digest.
+
+</p>
+</description>
+  <affects prod="httpd" version="1.3.29"/>
+  <affects prod="httpd" version="1.3.28"/>
+  <affects prod="httpd" version="1.3.27"/>
+  <affects prod="httpd" version="1.3.26"/>
+  <affects prod="httpd" version="1.3.24"/>
+  <affects prod="httpd" version="1.3.22"/>
+  <affects prod="httpd" version="1.3.20"/>
+  <affects prod="httpd" version="1.3.19"/>
+  <affects prod="httpd" version="1.3.17"/>
+  <affects prod="httpd" version="1.3.14"/>
+  <affects prod="httpd" version="1.3.12"/>
+  <affects prod="httpd" version="1.3.11"/>
+  <affects prod="httpd" version="1.3.9"/>
+  <affects prod="httpd" version="1.3.6"/>
+  <affects prod="httpd" version="1.3.4"/>
+  <affects prod="httpd" version="1.3.3"/>
+  <affects prod="httpd" version="1.3.2"/>
+  <affects prod="httpd" version="1.3.1"/>
+  <affects prod="httpd" version="1.3.0"/>
+</issue>
+
+<issue fixed="1.3.31" public="20040318" released="20040512" reported="20040225">
+<cve name="CAN-2004-0174"/>
+<severity level="2">important</severity>
+<title>listening socket starvation</title>
+<description>
+<p>
+A starvation issue on listening sockets occurs when a short-lived
+connection on a rarely-accessed listening socket will cause a child to
+hold the accept mutex and block out new connections until another
+connection arrives on that rarely-accessed listening socket.  This
+issue is known to affect some versions of AIX, Solaris, and Tru64; it
+is known to not affect FreeBSD or Linux.
+
+</p>
+</description>
+  <affects prod="httpd" version="1.3.29"/>
+  <maybeaffects prod="httpd" version="1.3.28"/>
+  <maybeaffects prod="httpd" version="1.3.27"/>
+  <maybeaffects prod="httpd" version="1.3.26"/>
+  <maybeaffects prod="httpd" version="1.3.24"/>
+  <maybeaffects prod="httpd" version="1.3.22"/>
+  <maybeaffects prod="httpd" version="1.3.20"/>
+  <maybeaffects prod="httpd" version="1.3.19"/>
+  <maybeaffects prod="httpd" version="1.3.17"/>
+  <maybeaffects prod="httpd" version="1.3.14"/>
+  <maybeaffects prod="httpd" version="1.3.12"/>
+  <maybeaffects prod="httpd" version="1.3.11"/>
+  <maybeaffects prod="httpd" version="1.3.9"/>
+  <maybeaffects prod="httpd" version="1.3.6"/>
+  <maybeaffects prod="httpd" version="1.3.4"/>
+  <maybeaffects prod="httpd" version="1.3.3"/>
+  <maybeaffects prod="httpd" version="1.3.2"/>
+  <maybeaffects prod="httpd" version="1.3.1"/>
+  <maybeaffects prod="httpd" version="1.3.0"/>
+</issue>
+
+<issue fixed="2.0.49" public="20040318" released="20040319" reported="20040225">
+<cve name="CAN-2004-0174"/>
+<severity level="2">important</severity>
+<title>listening socket starvation</title>
+<description>
+<p>
+A starvation issue on listening sockets occurs when a short-lived
+connection on a rarely-accessed listening socket will cause a child to
+hold the accept mutex and block out new connections until another
+connection arrives on that rarely-accessed listening socket.  This
+issue is known to affect some versions of AIX, Solaris, and Tru64; it
+is known to not affect FreeBSD or Linux.
+
+</p>
+</description>
+<affects prod="httpd" version="2.0.48"/>
+<affects prod="httpd" version="2.0.47"/>
+<affects prod="httpd" version="2.0.46"/>
+<affects prod="httpd" version="2.0.45"/>
+<affects prod="httpd" version="2.0.44"/>
+<affects prod="httpd" version="2.0.43"/>
+<affects prod="httpd" version="2.0.42"/>
+<affects prod="httpd" version="2.0.40"/>
+<affects prod="httpd" version="2.0.39"/>
+<affects prod="httpd" version="2.0.37"/>
+<affects prod="httpd" version="2.0.36"/>
+<affects prod="httpd" version="2.0.35"/>
+</issue>
+
+<issue fixed="1.3.31" public="20031015" released="20040512" reported="20031015">
+<cve name="CVE-2003-0993"/>
+<title>Allow/Deny parsing on big-endian 64-bit platforms</title>
+<severity level="2">important</severity>
+<description>
+<p>
+A bug in the parsing of Allow/Deny rules using IP addresses
+without a netmask on big-endian 64-bit platforms causes the rules
+to fail to match.
+</p>
+</description>
+  <affects prod="httpd" version="1.3.29"/>
+  <affects prod="httpd" version="1.3.28"/>
+  <affects prod="httpd" version="1.3.27"/>
+  <affects prod="httpd" version="1.3.26"/>
+  <affects prod="httpd" version="1.3.24"/>
+  <affects prod="httpd" version="1.3.22"/>
+  <affects prod="httpd" version="1.3.20"/>
+  <affects prod="httpd" version="1.3.19"/>
+  <affects prod="httpd" version="1.3.17"/>
+  <affects prod="httpd" version="1.3.14"/>
+  <affects prod="httpd" version="1.3.12"/>
+  <affects prod="httpd" version="1.3.11"/>
+  <affects prod="httpd" version="1.3.9"/>
+  <affects prod="httpd" version="1.3.6"/>
+  <affects prod="httpd" version="1.3.4"/>
+  <affects prod="httpd" version="1.3.3"/>
+  <affects prod="httpd" version="1.3.2"/>
+  <affects prod="httpd" version="1.3.1"/>
+  <affects prod="httpd" version="1.3.0"/>
+</issue>
+
+<issue fixed="2.0.49" public="20040220" released="20040319" reported="20040220">
+<cve name="CVE-2004-0113"/>
+<severity level="2">important</severity>
+<title>mod_ssl memory leak</title>
+<description>
+<p>
+A memory leak in mod_ssl allows a remote denial of service attack 
+against an SSL-enabled server by sending plain HTTP requests to the
+SSL port. 
+</p>
+</description>
+<affects prod="httpd" version="2.0.48"/>
+<affects prod="httpd" version="2.0.47"/>
+<affects prod="httpd" version="2.0.46"/>
+<affects prod="httpd" version="2.0.45"/>
+<affects prod="httpd" version="2.0.44"/>
+<affects prod="httpd" version="2.0.43"/>
+<affects prod="httpd" version="2.0.42"/>
+<affects prod="httpd" version="2.0.40"/>
+<affects prod="httpd" version="2.0.39"/>
+<affects prod="httpd" version="2.0.37"/>
+<affects prod="httpd" version="2.0.36"/>
+<affects prod="httpd" version="2.0.35"/>
+</issue>
+
+<issue fixed="2.0.49" public="20030224" released="20040319" reported="20030224">
+<cve name="CVE-2003-0020"/>
+<severity level="4">low</severity>
+<title>Error log escape filtering</title>
+<description>
+<p>
+Apache does not filter terminal escape sequences from error logs,
+which could make it easier for attackers to insert those sequences
+into terminal emulators containing vulnerabilities related to escape
+sequences.
+</p>
+</description>
+<affects prod="httpd" version="2.0.48"/>
+<affects prod="httpd" version="2.0.47"/>
+<affects prod="httpd" version="2.0.46"/>
+<affects prod="httpd" version="2.0.45"/>
+<affects prod="httpd" version="2.0.44"/>
+<affects prod="httpd" version="2.0.43"/>
+<affects prod="httpd" version="2.0.42"/>
+<affects prod="httpd" version="2.0.40"/>
+<affects prod="httpd" version="2.0.39"/>
+<affects prod="httpd" version="2.0.37"/>
+<affects prod="httpd" version="2.0.36"/>
+<affects prod="httpd" version="2.0.35"/>
+</issue>
+
+<issue fixed="2.0.48" public="20031027" released="20031027" reported="20031003">
+<cve name="CAN-2003-0789"/>
+<title>CGI output information leak</title>
+<severity level="3">moderate</severity>
+<description>
+<p>
+A bug in mod_cgid mishandling of CGI redirect paths can result in
+CGI output going to the wrong client when a threaded MPM
+is used.
+</p>
+</description>
+<affects prod="httpd" version="2.0.47"/>
+<affects prod="httpd" version="2.0.46"/>
+<affects prod="httpd" version="2.0.45"/>
+<affects prod="httpd" version="2.0.44"/>
+<affects prod="httpd" version="2.0.43"/>
+<affects prod="httpd" version="2.0.42"/>
+<affects prod="httpd" version="2.0.40"/>
+<affects prod="httpd" version="2.0.39"/>
+<affects prod="httpd" version="2.0.37"/>
+<affects prod="httpd" version="2.0.36"/>
+<affects prod="httpd" version="2.0.35"/>
+</issue>
+
+<issue fixed="1.3.29" public="20031027" released="20031027" reported="20030804">
+<cve name="CAN-2003-0542"/>
+<severity level="4">low</severity>
+<title>Local configuration regular expression overflow</title>
+<description>
+<p>
+By using a regular expression with more than 9 captures a buffer
+overflow can occur in mod_alias or mod_rewrite.  To exploit this an
+attacker would need to be able to create a carefully crafted configuration
+file (.htaccess or httpd.conf)
+</p>
+</description>
+  <affects prod="httpd" version="1.3.28"/>
+  <affects prod="httpd" version="1.3.27"/>
+  <affects prod="httpd" version="1.3.26"/>
+  <affects prod="httpd" version="1.3.24"/>
+  <affects prod="httpd" version="1.3.22"/>
+  <affects prod="httpd" version="1.3.20"/>
+  <affects prod="httpd" version="1.3.19"/>
+  <affects prod="httpd" version="1.3.17"/>
+  <affects prod="httpd" version="1.3.14"/>
+  <affects prod="httpd" version="1.3.12"/>
+  <affects prod="httpd" version="1.3.11"/>
+  <affects prod="httpd" version="1.3.9"/>
+  <affects prod="httpd" version="1.3.6"/>
+  <affects prod="httpd" version="1.3.4"/>
+  <affects prod="httpd" version="1.3.3"/>
+  <affects prod="httpd" version="1.3.2"/>
+  <affects prod="httpd" version="1.3.1"/>
+  <affects prod="httpd" version="1.3.0"/>
+</issue>
+
+<issue fixed="2.0.48" public="20031027" released="20031027" reported="20030804">
+<cve name="CAN-2003-0542"/>
+<severity level="4">low</severity>
+<title>Local configuration regular expression overflow</title>
+<description>
+<p>
+By using a regular expression with more than 9 captures a buffer
+overflow can occur in mod_alias or mod_rewrite.  To exploit this an
+attacker would need to be able to create a carefully crafted configuration
+file (.htaccess or httpd.conf)
+</p>
+</description>
+<affects prod="httpd" version="2.0.47"/>
+<affects prod="httpd" version="2.0.46"/>
+<affects prod="httpd" version="2.0.45"/>
+<affects prod="httpd" version="2.0.44"/>
+<affects prod="httpd" version="2.0.43"/>
+<affects prod="httpd" version="2.0.42"/>
+<affects prod="httpd" version="2.0.40"/>
+<affects prod="httpd" version="2.0.39"/>
+<affects prod="httpd" version="2.0.37"/>
+<affects prod="httpd" version="2.0.36"/>
+<affects prod="httpd" version="2.0.35"/>
+</issue>
+
+<issue fixed="1.3.28" public="20030718" released="20030718" reported="20030704">
+<cve name="CAN-2003-0460"/>
+<severity level="2">important</severity>
+<title>RotateLogs DoS</title>
+<description>
+<p>The rotatelogs support program on Win32 and OS/2 would quit logging
+and exit if it received special control characters such as 0x1A.
+</p>
+</description>
+  <affects prod="httpd" version="1.3.27"/>
+  <maybeaffects prod="httpd" version="1.3.26"/>
+  <maybeaffects prod="httpd" version="1.3.24"/>
+  <maybeaffects prod="httpd" version="1.3.22"/>
+  <maybeaffects prod="httpd" version="1.3.20"/>
+  <maybeaffects prod="httpd" version="1.3.19"/>
+  <maybeaffects prod="httpd" version="1.3.17"/>
+  <maybeaffects prod="httpd" version="1.3.14"/>
+  <maybeaffects prod="httpd" version="1.3.12"/>
+  <maybeaffects prod="httpd" version="1.3.11"/>
+  <maybeaffects prod="httpd" version="1.3.9"/>
+  <maybeaffects prod="httpd" version="1.3.6"/>
+  <maybeaffects prod="httpd" version="1.3.4"/>
+  <maybeaffects prod="httpd" version="1.3.3"/>
+  <maybeaffects prod="httpd" version="1.3.2"/>
+  <maybeaffects prod="httpd" version="1.3.1"/>
+  <maybeaffects prod="httpd" version="1.3.0"/>
+</issue>
+
+<issue fixed="2.0.47" public="20030709" released="20030709" reported="20030625">
+<cve name="CAN-2003-0254"/>
+<severity level="3">moderate</severity>
+<title>Remote DoS via IPv6 ftp proxy</title>
+<description>
+<p>
+When a client requests that proxy ftp connect to a ftp server with
+IPv6 address, and the proxy is unable to create an IPv6 socket,
+an infinite loop occurs causing a remote Denial of Service.
+</p>
+</description>
+<affects prod="httpd" version="2.0.46"/>
+<affects prod="httpd" version="2.0.45"/>
+<affects prod="httpd" version="2.0.44"/>
+<affects prod="httpd" version="2.0.43"/>
+<affects prod="httpd" version="2.0.42"/>
+<affects prod="httpd" version="2.0.40"/>
+<affects prod="httpd" version="2.0.39"/>
+<affects prod="httpd" version="2.0.37"/>
+<affects prod="httpd" version="2.0.36"/>
+<affects prod="httpd" version="2.0.35"/>
+</issue>
+
+<issue fixed="2.0.47" public="20030709" released="20030709" reported="20030625">
+<cve name="CAN-2003-0253"/>
+<severity level="2">important</severity>
+<title>Remote DoS with multiple Listen directives</title>
+<description>
+<p>
+In a server with multiple listening sockets a certain error returned
+by accept() on a rarely access port can cause a temporary denial of
+service, due to a bug in the prefork MPM.
+</p>
+</description>
+<affects prod="httpd" version="2.0.46"/>
+<affects prod="httpd" version="2.0.45"/>
+<affects prod="httpd" version="2.0.44"/>
+<affects prod="httpd" version="2.0.43"/>
+<affects prod="httpd" version="2.0.42"/>
+<affects prod="httpd" version="2.0.40"/>
+<affects prod="httpd" version="2.0.39"/>
+<affects prod="httpd" version="2.0.37"/>
+<affects prod="httpd" version="2.0.36"/>
+<affects prod="httpd" version="2.0.35"/>
+</issue>
+
+<issue fixed="2.0.47" public="20030709" released="20030709" reported="20030430">
+<cve name="CAN-2003-0192"/>
+<title>mod_ssl renegotiation issue</title>
+<severity level="4">low</severity>
+<description>
+<p>
+A bug in the optional renegotiation code in mod_ssl included with 
+Apache httpd can cause cipher suite restrictions to be ignored.
+This is triggered if optional renegotiation is used (SSLOptions
++OptRenegotiate) along with verification of client certificates
+and a change to the cipher suite over the renegotiation.
+</p>
+</description>
+<affects prod="httpd" version="2.0.46"/>
+<affects prod="httpd" version="2.0.45"/>
+<affects prod="httpd" version="2.0.44"/>
+<affects prod="httpd" version="2.0.43"/>
+<affects prod="httpd" version="2.0.42"/>
+<affects prod="httpd" version="2.0.40"/>
+<affects prod="httpd" version="2.0.39"/>
+<affects prod="httpd" version="2.0.37"/>
+<affects prod="httpd" version="2.0.36"/>
+<affects prod="httpd" version="2.0.35"/>
+</issue>
+
+<issue fixed="2.0.46" public="20030528" released="20030528" reported="20030409">
+<cve name="CAN-2003-0245"/>
+<severity level="1">critical</severity>
+<title>APR remote crash</title>
+<description>
+<p>
+A vulnerability in the apr_psprintf function in the Apache Portable
+Runtime (APR) library allows remote 
+attackers to cause a denial of service (crash) and possibly execute
+arbitrary code via long strings, as demonstrated using XML objects to
+mod_dav, and possibly other vectors.
+</p>
+</description>
+<affects prod="httpd" version="2.0.45"/>
+<affects prod="httpd" version="2.0.44"/>
+<affects prod="httpd" version="2.0.43"/>
+<affects prod="httpd" version="2.0.42"/>
+<affects prod="httpd" version="2.0.40"/>
+<affects prod="httpd" version="2.0.39"/>
+<affects prod="httpd" version="2.0.37"/>
+</issue>
+
+<issue fixed="2.0.46" public="20030528" released="20030528" reported="20030425">
+<cve name="CAN-2003-0189"/>
+<severity level="2">important</severity>
+<title>Basic Authentication DoS</title>
+<description>
+<p>
+A build system problem in Apache 2.0.40 through 2.0.45 allows remote attackers
+to cause a denial of access to authenticated content when a threaded
+server is used. 
+</p>
+</description>
+<affects prod="httpd" version="2.0.45"/>
+<affects prod="httpd" version="2.0.44"/>
+<affects prod="httpd" version="2.0.43"/>
+<affects prod="httpd" version="2.0.42"/>
+<affects prod="httpd" version="2.0.40"/>
+</issue>
+
+<issue fixed="2.0.46" public="20040402" released="20040402">
+<cve name="CAN-2003-0134"/>
+<severity level="2">important</severity>
+<title>OS2 device name DoS</title>
+<description>
+<p>
+Apache on OS2 up to and including Apache 2.0.45
+have a Denial of Service vulnerability caused by 
+device names.
+</p>
+</description>
+<affects prod="httpd" version="2.0.45"/>
+<maybeaffects prod="httpd" version="2.0.44"/>
+<maybeaffects prod="httpd" version="2.0.43"/>
+<maybeaffects prod="httpd" version="2.0.42"/>
+<maybeaffects prod="httpd" version="2.0.40"/>
+<maybeaffects prod="httpd" version="2.0.39"/>
+<maybeaffects prod="httpd" version="2.0.37"/>
+<maybeaffects prod="httpd" version="2.0.36"/>
+<maybeaffects prod="httpd" version="2.0.35"/>
+</issue>
+
+<issue fixed="2.0.46" released="20040402" public="20030224" reported="20030224">
+<cve name="CAN-2003-0083"/>
+<severity level="4">low</severity>
+<title>Filtered escape sequences</title>
+<description>
+<p>
+Apache did not filter terminal escape sequences from its
+access logs, which could make it easier for attackers to insert those
+sequences into terminal emulators containing vulnerabilities related
+to escape sequences.
+</p>
+</description>
+<affects prod="httpd" version="2.0.45"/>
+<affects prod="httpd" version="2.0.44"/>
+<affects prod="httpd" version="2.0.43"/>
+<affects prod="httpd" version="2.0.42"/>
+<affects prod="httpd" version="2.0.40"/>
+<affects prod="httpd" version="2.0.39"/>
+<affects prod="httpd" version="2.0.37"/>
+<affects prod="httpd" version="2.0.36"/>
+<affects prod="httpd" version="2.0.35"/>
+</issue>
+
+<issue fixed="2.0.45" public="20040402" released="20040402">
+<cve name="CAN-2003-0132"/>
+<severity level="2">important</severity>
+<title>Line feed memory leak DoS</title>
+<description>
+<p>
+Apache 2.0 versions before Apache 2.0.45 had a significant Denial of
+Service vulnerability.  Remote attackers could cause a denial of service
+(memory consumption) via large chunks of linefeed characters, which
+causes Apache to allocate 80 bytes for each linefeed.
+</p>
+</description>
+<affects prod="httpd" version="2.0.44"/>
+<affects prod="httpd" version="2.0.43"/>
+<affects prod="httpd" version="2.0.42"/>
+<affects prod="httpd" version="2.0.40"/>
+<affects prod="httpd" version="2.0.39"/>
+<affects prod="httpd" version="2.0.37"/>
+<affects prod="httpd" version="2.0.36"/>
+<affects prod="httpd" version="2.0.35"/>
+</issue>
+
+<issue fixed="2.0.44" public="20030120" released="20030120" reported="20021204">
+<cve name="CVE-2003-0016"/>
+<severity level="1">critical</severity>
+<flaw type="msdos-device"/>
+<title>MS-DOS device name filtering</title>
+<description>
+<p>On Windows platforms Apache did not 
+correctly filter MS-DOS device names which 
+could lead to denial of service attacks or remote code execution.
+</p>
+</description>
+<affects prod="httpd" version="2.0.43"/>
+<maybeaffects prod="httpd" version="2.0.42"/>
+<maybeaffects prod="httpd" version="2.0.40"/>
+<maybeaffects prod="httpd" version="2.0.39"/>
+<maybeaffects prod="httpd" version="2.0.37"/>
+<maybeaffects prod="httpd" version="2.0.36"/>
+<maybeaffects prod="httpd" version="2.0.35"/>
+</issue>
+
+<issue fixed="2.0.44" public="20030120" released="20030120" reported="20021115">
+<cve name="CVE-2003-0017"/>
+<flaw type="unk"/>
+<severity level="2">important</severity>
+<title>Apache can serve unexpected files</title>
+<description>
+<p>
+On Windows platforms Apache could be forced to serve unexpected files
+by appending illegal characters such as '&lt;' to the request URL
+</p>
+</description>
+<affects prod="httpd" version="2.0.43"/>
+<maybeaffects prod="httpd" version="2.0.42"/>
+<maybeaffects prod="httpd" version="2.0.40"/>
+<maybeaffects prod="httpd" version="2.0.39"/>
+<maybeaffects prod="httpd" version="2.0.37"/>
+<maybeaffects prod="httpd" version="2.0.36"/>
+<maybeaffects prod="httpd" version="2.0.35"/>
+</issue>
+
+<issue fixed="1.3.27" public="20021003" released="20021003" reported="20020923">
+<cve name="CAN-2002-0843"/>
+<severity level="2">important</severity>
+<flaw type="buf"/>
+<title>Buffer overflows in ab utility</title>
+<description>
+<p>Buffer overflows in the benchmarking utility ab could be exploited if
+ab is run against a malicious server
+</p>
+</description>
+  <affects prod="httpd" version="1.3.26"/>
+  <affects prod="httpd" version="1.3.24"/>
+  <affects prod="httpd" version="1.3.22"/>
+  <affects prod="httpd" version="1.3.20"/>
+  <affects prod="httpd" version="1.3.19"/>
+  <affects prod="httpd" version="1.3.17"/>
+  <affects prod="httpd" version="1.3.14"/>
+  <affects prod="httpd" version="1.3.12"/>
+  <affects prod="httpd" version="1.3.11"/>
+  <affects prod="httpd" version="1.3.9"/>
+  <affects prod="httpd" version="1.3.6"/>
+  <affects prod="httpd" version="1.3.4"/>
+  <affects prod="httpd" version="1.3.3"/>
+  <affects prod="httpd" version="1.3.2"/>
+  <affects prod="httpd" version="1.3.1"/>
+  <affects prod="httpd" version="1.3.0"/>
+</issue>
+
+<issue fixed="1.3.27" public="20021003" released="20021003" reported="20011111">
+<cve name="CAN-2002-0839"/>
+<severity level="2">important</severity>
+<flaw type="perm"/>
+<title>Shared memory permissions lead to local privilege escalation</title>
+<description>
+<p>The permissions of the shared memory used for the scoreboard
+allows an attacker who can execute under
+the Apache UID to send a signal to any process as root or cause a local 
+denial of service attack.
+</p>
+</description>
+  <affects prod="httpd" version="1.3.26"/>
+  <affects prod="httpd" version="1.3.24"/>
+  <affects prod="httpd" version="1.3.22"/>
+  <affects prod="httpd" version="1.3.20"/>
+  <affects prod="httpd" version="1.3.19"/>
+  <affects prod="httpd" version="1.3.17"/>
+  <affects prod="httpd" version="1.3.14"/>
+  <affects prod="httpd" version="1.3.12"/>
+  <affects prod="httpd" version="1.3.11"/>
+  <affects prod="httpd" version="1.3.9"/>
+  <affects prod="httpd" version="1.3.6"/>
+  <affects prod="httpd" version="1.3.4"/>
+  <affects prod="httpd" version="1.3.3"/>
+  <affects prod="httpd" version="1.3.2"/>
+  <affects prod="httpd" version="1.3.1"/>
+  <affects prod="httpd" version="1.3.0"/>
+</issue>
+
+<issue fixed="2.0.43" public="20021002" released="20021003" reported="20020920">
+<cve name="CVE-2002-0840"/>
+<flaw type="css"/>
+<severity level="4">low</severity>
+<title>Error page XSS using wildcard DNS</title>
+<description>
+<p>Cross-site scripting (XSS) vulnerability in the default error page of
+Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when
+UseCanonicalName is "Off" and support for wildcard DNS is present,
+allows remote attackers to execute script as other web page visitors
+via the Host: header.</p>
+</description>
+<affects prod="httpd" version="2.0.42"/>
+<affects prod="httpd" version="2.0.40"/>
+<affects prod="httpd" version="2.0.39"/>
+<affects prod="httpd" version="2.0.37"/>
+<affects prod="httpd" version="2.0.36"/>
+<affects prod="httpd" version="2.0.35"/>
+</issue>
+
+<issue fixed="2.0.43" released="20021003">
+<cve name="CVE-2002-1156"/>
+<flaw type="unk"/>
+<severity level="3">moderate</severity>
+<title>CGI scripts source revealed using WebDAV</title>
+<description>
+<p>In Apache 2.0.42 only, for a location where both WebDAV and CGI were
+enabled, a POST request to a CGI script would reveal the CGI source to
+a remote user. </p>
+</description>
+<affects prod="httpd" version="2.0.42"/>
+</issue>
+
+<issue fixed="1.3.27" public="20021002" released="20021003" reported="20020920">
+<cve name="CVE-2002-0840"/>
+<severity level="4">low</severity>
+<title>Error page XSS using wildcard DNS</title>
+<flaw type="css"/>
+<description>
+<p>Cross-site scripting (XSS) vulnerability in the default error page of
+Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when
+UseCanonicalName is "Off" and support for wildcard DNS is present,
+allows remote attackers to execute script as other web page visitors
+via the Host: header.</p>
+</description>
+  <affects prod="httpd" version="1.3.26"/>
+  <affects prod="httpd" version="1.3.24"/>
+  <affects prod="httpd" version="1.3.22"/>
+  <affects prod="httpd" version="1.3.20"/>
+  <affects prod="httpd" version="1.3.19"/>
+  <affects prod="httpd" version="1.3.17"/>
+  <affects prod="httpd" version="1.3.14"/>
+  <affects prod="httpd" version="1.3.12"/>
+  <affects prod="httpd" version="1.3.11"/>
+  <affects prod="httpd" version="1.3.9"/>
+  <affects prod="httpd" version="1.3.6"/>
+  <affects prod="httpd" version="1.3.4"/>
+  <affects prod="httpd" version="1.3.3"/>
+  <affects prod="httpd" version="1.3.2"/>
+  <affects prod="httpd" version="1.3.1"/>
+  <affects prod="httpd" version="1.3.0"/>
+</issue>
+
+<issue fixed="2.0.40" public="20020809" released="20020809" reported="20020807">
+<title>Path vulnerability</title>
+<severity level="2">important</severity>
+<flaw type="priv"/>
+<description>
+<p>Certain URIs would bypass security
+and allow users to invoke or access any file depending on the system 
+configuration.  Affects Windows, OS2, Netware and Cygwin platforms
+only.</p>
+</description>
+<os>win32</os><os>netware</os><os>os2</os><os>cygwin</os>
+<cve name="CAN-2002-0661"/>
+<affects prod="httpd" version="2.0.39"/>
+<affects prod="httpd" version="2.0.37"/>
+<affects prod="httpd" version="2.0.36"/>
+<affects prod="httpd" version="2.0.35"/>
+</issue>
+
+<issue fixed="2.0.40" public="20020809" released="20020809" reported="20020705">
+<title>Path revealing exposures</title>
+<severity level="4">low</severity>
+<flaw type="unk"/>
+<description>
+<p>A path-revealing exposure was present in multiview type
+map negotiation (such as the default error documents) where a
+module would report the full path of the typemapped .var file when
+multiple documents or no documents could be served.  
+Additionally a path-revealing exposure in cgi/cgid when Apache
+fails to invoke a script.  The modules would report "couldn't create 
+child process /path-to-script/script.pl" revealing the full path
+of the script.</p>
+</description>
+<cve name="CAN-2002-0654"/>
+<affects prod="httpd" version="2.0.39"/>
+<maybeaffects prod="httpd" version="2.0.37"/>
+<maybeaffects prod="httpd" version="2.0.36"/>
+<maybeaffects prod="httpd" version="2.0.35"/>
+</issue>
+
+<issue fixed="2.0.37" public="20020617" released="20020618" reported="20020527">
+<title>Apache Chunked encoding vulnerability</title>
+<severity level="1">critical</severity>
+<flaw type="buf"/>
+<description>
+<p>Malicious requests can cause various effects
+ranging from a relatively harmless increase in
+system resources through to denial of service attacks and in some
+cases the ability to execute arbitrary remote code.</p>
+</description>
+<cve name="CVE-2002-0392"/>
+<affects prod="httpd" version="2.0.36"/>
+<affects prod="httpd" version="2.0.35"/>
+</issue>
+
+<issue fixed="1.3.26" public="20020617" released="20020618" reported="20020527">
+<title>Apache Chunked encoding vulnerability</title>
+<severity level="1">critical</severity>
+<flaw type="buf"/>
+<description>
+<p>Requests to all versions of Apache 1.3 can cause various effects
+ranging from a relatively harmless increase in
+system resources through to denial of service attacks and in some
+cases the ability to be remotely exploited.</p>
+</description>
+<cve name="CVE-2002-0392"/>
+  <affects prod="httpd" version="1.3.24"/>
+  <affects prod="httpd" version="1.3.22"/>
+  <affects prod="httpd" version="1.3.20"/>
+  <affects prod="httpd" version="1.3.19"/>
+  <affects prod="httpd" version="1.3.17"/>
+  <affects prod="httpd" version="1.3.14"/>
+  <affects prod="httpd" version="1.3.12"/>
+  <affects prod="httpd" version="1.3.11"/>
+  <affects prod="httpd" version="1.3.9"/>
+  <affects prod="httpd" version="1.3.6"/>
+  <affects prod="httpd" version="1.3.4"/>
+  <affects prod="httpd" version="1.3.3"/>
+  <affects prod="httpd" version="1.3.2"/>
+  <affects prod="httpd" version="1.3.1"/>
+  <affects prod="httpd" version="1.3.0"/>
+</issue>
+
+<issue fixed="1.3.26" released="20020618" reported="20030224" public="20030224">
+<cve name="CAN-2003-0083"/>
+<severity level="4">low</severity>
+<title>Filtered escape sequences</title>
+<description>
+<p>
+Apache does not filter terminal escape sequences from its
+access logs, which could make it easier for attackers to insert those
+sequences into terminal emulators containing vulnerabilities related
+to escape sequences,
+</p>
+</description>
+  <affects prod="httpd" version="1.3.24"/>
+  <affects prod="httpd" version="1.3.22"/>
+  <affects prod="httpd" version="1.3.20"/>
+  <affects prod="httpd" version="1.3.19"/>
+  <affects prod="httpd" version="1.3.17"/>
+  <affects prod="httpd" version="1.3.14"/>
+  <affects prod="httpd" version="1.3.12"/>
+  <affects prod="httpd" version="1.3.11"/>
+  <affects prod="httpd" version="1.3.9"/>
+  <affects prod="httpd" version="1.3.6"/>
+  <affects prod="httpd" version="1.3.4"/>
+  <affects prod="httpd" version="1.3.3"/>
+  <affects prod="httpd" version="1.3.2"/>
+  <affects prod="httpd" version="1.3.1"/>
+  <affects prod="httpd" version="1.3.0"/>
+</issue>
+
+<issue fixed="1.3.24" released="20020322" reported="20020213">
+<severity level="1">critical</severity>
+<title>Win32 Apache Remote command execution</title>
+<os>win32</os>
+<cve name="CVE-2002-0061"/>
+<flaw type="metachar"/>
+<description>
+<p>Apache for Win32 before 1.3.24 and 2.0.34-beta allows remote 
+attackers to execute arbitrary commands via parameters passed
+to batch file CGI scripts.</p>
+</description>
+  <affects prod="httpd" version="1.3.22"/>
+  <maybeaffects prod="httpd" version="1.3.20"/>
+  <maybeaffects prod="httpd" version="1.3.19"/>
+  <maybeaffects prod="httpd" version="1.3.17"/>
+  <maybeaffects prod="httpd" version="1.3.14"/>
+  <maybeaffects prod="httpd" version="1.3.12"/>
+  <maybeaffects prod="httpd" version="1.3.11"/>
+  <maybeaffects prod="httpd" version="1.3.9"/>
+  <maybeaffects prod="httpd" version="1.3.6"/>
+  <maybeaffects prod="httpd" version="1.3.4"/>
+  <maybeaffects prod="httpd" version="1.3.3"/>
+  <maybeaffects prod="httpd" version="1.3.2"/>
+  <maybeaffects prod="httpd" version="1.3.1"/>
+  <maybeaffects prod="httpd" version="1.3.0"/>
+</issue>
+
+<issue fixed="1.3.22" released="20011012" public="20010928" reported="20010918">
+<title>Requests can cause directory listing to be displayed</title>
+<severity level="2">important</severity>
+<flaw type="unk"/>
+<description>
+<p>A vulnerability was found in the Win32 port of
+Apache 1.3.20.  A client submitting a very long URI
+could cause a directory listing to be returned rather than
+the default index page. </p>
+</description>
+<os>win32</os>
+<cve name="CAN-2001-0729"/>
+<affects prod="httpd" version="1.3.20"/>
+</issue>
+
+<issue fixed="1.3.22" released="20011012" public="20010928">
+<severity level="3">moderate</severity>
+  <title>split-logfile can cause arbitrary log files to be written to</title>
+  <description>
+    <p>A vulnerability was found in the <samp>split-logfile</samp> support
+    program.  A request with a specially crafted <samp>Host:</samp>
+    header could allow any file with a <samp>.log</samp> extension on 
+    the system to be written to. </p>
+  </description>
+  <os>all</os>
+  <cve name="CVE-2001-0730"/>
+  <flaw type="dot"/>
+  <bug pr="7848"/>
+  <affects prod="httpd" version="1.3.20"/>
+  <affects prod="httpd" version="1.3.19"/>
+  <affects prod="httpd" version="1.3.17"/>
+  <affects prod="httpd" version="1.3.14"/>
+  <affects prod="httpd" version="1.3.12"/>
+  <affects prod="httpd" version="1.3.11"/>
+  <affects prod="httpd" version="1.3.9"/>
+  <affects prod="httpd" version="1.3.6"/>
+  <affects prod="httpd" version="1.3.4"/>
+  <affects prod="httpd" version="1.3.3"/>
+  <affects prod="httpd" version="1.3.2"/>
+  <affects prod="httpd" version="1.3.1"/>
+  <affects prod="httpd" version="1.3.0"/>
+</issue>
+
+<issue fixed="1.3.22" released="20011012" public="20010709">
+  <!--
+    * BUGTRAQ:20010709 How Google indexed a file with no external link
+       * URL:http://www.securityfocus.com/archive/1/20010709214744.A28765@brasscannon.net
+       * CONFIRM:http://www.apacheweek.com/issues/01-10-05#security
+    * BID:3009
+       * URL:http://www.securityfocus.com/bid/3009
+-->
+<severity level="2">important</severity>
+  <title>Multiviews can cause a directory listing to be displayed</title>
+  <description>
+    <p>A vulnerability was found when <directive>Multiviews</directive> 
+    are used to negotiate the directory index.  In some
+    configurations, requesting a URI with a <samp>QUERY_STRING</samp> of 
+    <samp>M=D</samp> could
+    return a directory listing rather than the expected index page.</p>
+  </description>
+  <cve name="CVE-2001-0731"/>
+  <flaw type="other"/>
+  <affects prod="httpd" version="1.3.20"/>
+  <maybeaffects prod="httpd" version="1.3.19"/>
+  <maybeaffects prod="httpd" version="1.3.17"/>
+  <maybeaffects prod="httpd" version="1.3.14"/>
+  <maybeaffects prod="httpd" version="1.3.12"/>
+  <maybeaffects prod="httpd" version="1.3.11"/>
+  <maybeaffects prod="httpd" version="1.3.9"/>
+  <maybeaffects prod="httpd" version="1.3.6"/>
+  <maybeaffects prod="httpd" version="1.3.4"/>
+  <maybeaffects prod="httpd" version="1.3.3"/>
+  <maybeaffects prod="httpd" version="1.3.2"/>
+  <maybeaffects prod="httpd" version="1.3.1"/>
+  <maybeaffects prod="httpd" version="1.3.0"/>
+</issue>
+
+<issue fixed="1.3.20" released="20010522">
+  <title>Denial of service attack on Win32 and OS2</title>
+  <cve name="CVE-2001-1342"/>
+<severity level="2">important</severity>
+  <flaw type="dos-malform"/>
+  <description>
+  <p>A vulnerability was found in the Win32 and OS2 ports of Apache 1.3. A
+  client submitting a carefully constructed URI could cause a General
+  Protection Fault in a child process, bringing up a message box which
+  would have to be cleared by the operator to resume operation. This
+  vulnerability introduced no identified means to compromise the server
+  other than introducing a possible denial of service. </p>
+  </description>
+<!--      http://www.securiteam.com/windowsntfocus/5IP0Q0K4AU.html -->
+  <os>win32</os>
+  <os>os2</os>
+  <affects prod="httpd" version="1.3.20"/>
+  <maybeaffects prod="httpd" version="1.3.19"/>
+  <maybeaffects prod="httpd" version="1.3.17"/>
+  <maybeaffects prod="httpd" version="1.3.14"/>
+  <maybeaffects prod="httpd" version="1.3.12"/>
+  <maybeaffects prod="httpd" version="1.3.11"/>
+  <maybeaffects prod="httpd" version="1.3.9"/>
+  <maybeaffects prod="httpd" version="1.3.6"/>
+  <maybeaffects prod="httpd" version="1.3.4"/>
+  <maybeaffects prod="httpd" version="1.3.3"/>
+  <maybeaffects prod="httpd" version="1.3.2"/>
+  <maybeaffects prod="httpd" version="1.3.1"/>
+  <maybeaffects prod="httpd" version="1.3.0"/>
+</issue>
+
+<issue fixed="1.3.19" released="20010228">
+  <!-- apcore 200102 -->
+  <title>Requests can cause directory listing to be displayed</title>
+<severity level="2">important</severity>
+  <description>
+    <p>The default installation can lead <samp>mod_negotiation</samp> and 
+    <samp>mod_dir</samp> or <samp>mod_autoindex</samp> to display a 
+    directory listing instead of the multiview index.html file if a 
+    very long path was created artificially by using many slashes.  </p>
+  </description>
+  <resolution>
+    <p>From Apache 1.3.19 a 403 (Forbidden) response is given.</p>
+  </resolution>
+  <exploit>
+    <p>In order to exploit this bug the server has to have
+    "Options +MultiViews" enabled and be using multiviews to
+    determine which document to send as a directory index.  By
+    contstructing a GET request with the right number of
+    trailing slashes the directory
+    index will be displayed instead of the default document index.
+    The number of trailing slashes required depends on the directory requested,
+    where the full path is around the OS file limit, usually 1024 characters.
+    With too few trailing slashes the index.html file will be displayed, with
+    too many a 403 (forbidden) response will be given.</p>
+  </exploit> 
+  <cve name="CAN-2001-0925"/>
+  <flaw type="unk"/>
+  <affects prod="httpd" version="1.3.17"/>
+  <affects prod="httpd" version="1.3.14"/>
+  <affects prod="httpd" version="1.3.12"/>
+  <affects prod="httpd" version="1.3.11"/>
+</issue>
+
+<!-- 1.3.19
+*  NetWare is a case insensitive file system so all directory and file names are now compared in a case insensitive manner to avoid security holes. -->
+
+<issue fixed="1.3.14" released="20001013" public="20000929">
+  <!--RHSA-2000:088-04 -->
+  <cve name="CVE-2000-0913" public="20000929"/>
+<severity level="2">important</severity>
+  <title>Rewrite rules that include references allow access to any file</title>
+  <description>
+    <p>The Rewrite module, <samp>mod_rewrite</samp>, can allow access to
+    any file on the web server.  The vulnerability occurs only with
+    certain specific cases of using regular expression references in
+    <samp>RewriteRule</samp> directives:  If the destination
+    of a <samp>RewriteRule</samp> contains regular expression references
+    then an attacker will be able to access any file on the server.</p>
+  </description>
+  <exploit>
+      RewriteRule    /test/(.*)        /usr/local/data/test-stuff/\$1
+      RewriteRule    /more-icons/(.*)  /icons/\$1
+  </exploit>
+  <os>all</os>
+  <affects prod="httpd" version="1.3.12"/>
+  <maybeaffects prod="httpd" version="1.3.11"/>
+  <maybeaffects prod="httpd" version="1.3.9"/>
+  <maybeaffects prod="httpd" version="1.3.6"/>
+  <maybeaffects prod="httpd" version="1.3.4"/>
+  <maybeaffects prod="httpd" version="1.3.3"/>
+  <maybeaffects prod="httpd" version="1.3.2"/>
+  <maybeaffects prod="httpd" version="1.3.1"/>
+  <maybeaffects prod="httpd" version="1.3.0"/>
+</issue>
+
+<!-- i don't think this one actually exists, I looked
+     through the cvsweb and think it's a duplicate -->
+
+<issue fixed="1.3.14" released="20001013">
+<severity level="2">important</severity>
+  <title>Mass virtual hosting can display CGI source</title>
+  <description>
+    <p>A security problem for users of the mass virtual hosting module, 
+    <samp>mod_vhost_alias</samp>, causes
+    the source to a CGI to be sent if the <samp>cgi-bin</samp> directory is 
+    under the document root.  However, it is not normal to have your 
+    cgi-bin directory under a document root.</p>
+  </description>
+  <os>all</os>
+  <cve name="CAN-2000-1204"/>
+  <flaw type="unk"/>
+  <affects prod="httpd" version="1.3.12"/>
+  <affects prod="httpd" version="1.3.11"/>
+  <affects prod="httpd" version="1.3.9"/>
+</issue>
+
+<issue fixed="1.3.14" released="20001013">
+  <cve name="CVE-2000-0505"/>
+<severity level="3">moderate</severity>
+  <title>Requests can cause directory listing to be displayed on NT</title>
+  <description>
+    <p>A security hole on Apache for Windows allows a user to 
+    view the listing of a 
+    directory instead of the default HTML page by sending a carefully 
+    constructed request.</p>
+  </description>
+  <os>win32</os>
+  <flaw type="unk"/>
+  <affects prod="httpd" os="win32" version="1.3.12"/>
+  <maybeaffects prod="httpd" version="1.3.11"/>
+  <maybeaffects prod="httpd" version="1.3.9"/>
+  <maybeaffects prod="httpd" version="1.3.6"/>
+  <maybeaffects prod="httpd" version="1.3.4"/>
+  <maybeaffects prod="httpd" version="1.3.3"/>
+  <maybeaffects prod="httpd" version="1.3.2"/>
+  <maybeaffects prod="httpd" version="1.3.1"/>
+  <maybeaffects prod="httpd" version="1.3.0"/>
+</issue>
+
+<issue fixed="1.3.12" released="20000225">
+<severity level="2">important</severity>
+  <title>Cross-site scripting can reveal private session information</title>
+  <description>
+    <p>Apache was vulnerable to cross site scripting issues.
+    It was shown that malicious HTML tags can be embedded in client web 
+    requests if the server or script handling the request does not 
+    carefully encode all information displayed to 
+    the user.  Using these vulnerabilities attackers could, for 
+    example, obtain copies of your private 
+    cookies used to authenticate
+    you to other sites.</p>
+  </description>
+  <cve name="CAN-2000-1205"/>
+  <flaw type="css"/>
+  <os>all</os>
+  <affects prod="httpd" version="1.3.11"/>
+  <affects prod="httpd" version="1.3.9"/>
+  <affects prod="httpd" version="1.3.6"/>
+  <affects prod="httpd" version="1.3.4"/>
+  <affects prod="httpd" version="1.3.3"/>
+  <affects prod="httpd" version="1.3.2"/>
+  <affects prod="httpd" version="1.3.1"/>
+  <affects prod="httpd" version="1.3.0"/>
+</issue>
+
+<issue fixed="1.3.11" released="20000121">
+<severity level="3">moderate</severity>
+<title>Mass virtual hosting security issue</title>
+<description>
+<p>A security problem can occur for sites using mass name-based virtual 
+hosting (using
+the new <samp>mod_vhost_alias</samp> module) or with special 
+<samp>mod_rewrite</samp> rules.
+
+<!-- Makes sure vhost alias can only be alnum, - or . -->
+
+</p>
+</description>
+<os>all</os>
+<cve name="CAN-2000-1206"/>
+<flaw type="unk"/>
+<affects prod="httpd" version="1.3.9"/>
+<!-- mod_rewrite stuff only below -->
+<maybeaffects prod="httpd" version="1.3.6"/>
+<maybeaffects prod="httpd" version="1.3.4"/>
+<maybeaffects prod="httpd" version="1.3.3"/>
+<maybeaffects prod="httpd" version="1.3.2"/>
+<maybeaffects prod="httpd" version="1.3.1"/>
+<maybeaffects prod="httpd" version="1.3.0"/>
+</issue>
+
+<issue fixed="1.3.4" released="19990111">
+<severity level="2">important</severity>
+<title>Denial of service attack on Win32</title>
+<description>
+<p>There have been a number of important security fixes to Apache on
+Windows. The most important is that there is much better protection
+against people trying to access special DOS device names (such as
+"nul"). </p>
+</description>
+  <os>win32</os>
+  <affects prod="httpd" version="1.3.3"/>
+  <affects prod="httpd" version="1.3.2"/>
+  <affects prod="httpd" version="1.3.1"/>
+  <affects prod="httpd" version="1.3.0"/>
+</issue>
+
+<issue fixed="1.3.2" released="19980923">
+<cve name="CVE-1999-1199"/>
+<severity level="2">important</severity>
+<flaw type="memleak"/>
+<title>Multiple header Denial of Service vulnerability</title>
+<description>
+<p>A serious problem exists when a client
+sends a large number of headers with the same header name. Apache uses
+up memory faster than the amount of memory required to simply store
+the received data itself. That is, memory use increases faster and
+faster as more headers are received, rather than increasing at a
+constant rate. This makes a denial of service attack based on this
+method more effective than methods which cause Apache to use memory at
+a constant rate, since the attacker has to send less data.</p>
+</description>  
+<os>all</os>
+ <affects prod="httpd" version="1.3.1"/>
+ <affects prod="httpd" version="1.3.0"/>
+</issue>
+
+<issue fixed="1.3.2" released="19980923">
+<title>Denial of service attacks</title>
+<severity level="2">important</severity>
+<description>
+<p>Apache 1.3.2 has
+better protection against denial of service attacks. These are when
+people make excessive requests to the server to try and prevent other
+people using it. In 1.3.2 there are several new directives which can
+limit the size of requests (these directives all start with the word
+<SAMP>Limit</SAMP>).
+</p>
+</description>
+<flaw type="msdos-device"/>
+  <os>all</os>
+  <affects prod="httpd" version="1.3.1"/>
+  <affects prod="httpd" version="1.3.0"/>
+</issue>
+
+<!-- 
+    * Avoid denial of service attacks if a configuration file (such as a 
+* .htaccess file) is a device file, by refusing to open device files apart from /dev/null which is still valid (1.3.0)
+* Correctly handle over-long lines in configuration files (1.3.0)
+    *  Fix denial of service attack by sending requests with lots of slashes in them (1.3.0)
+    * Deny access to directories if a .htaccess file in that directory cannot be read (1.3.0)
+-->
+
+</security>
+
+
+

Added: httpd/site/trunk/xdocs/stylesheets/securitydates.xsl
URL: http://svn.apache.org/viewcvs/httpd/site/trunk/xdocs/stylesheets/securitydates.xsl?rev=167920&view=auto
==============================================================================
--- httpd/site/trunk/xdocs/stylesheets/securitydates.xsl (added)
+++ httpd/site/trunk/xdocs/stylesheets/securitydates.xsl Tue May  3 08:07:06 2005
@@ -0,0 +1,54 @@
+<?xml version="1.0"?>
+<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0">
+
+<xsl:template name="dateformat">
+
+  <xsl:param name="date" select="."/>
+
+  <xsl:variable name="day" select="number(substring($date,7,2))"/>
+  <xsl:variable name="month" select="number(substring($date,5,2))"/>
+  <xsl:variable name="year" select="number(substring($date,1,4))"/>
+  
+  <xsl:if test="$day &gt; 0"> 
+  <xsl:value-of select="$day" />
+  
+    <xsl:choose>
+      <xsl:when test="$day=1 or $day=21 or $day=31">st</xsl:when>
+      <xsl:when test="$day=2 or $day=22">nd</xsl:when>
+      <xsl:when test="$day=3 or $day=23">rd</xsl:when>
+      <xsl:otherwise>th</xsl:otherwise>
+    </xsl:choose>
+    
+    <xsl:text>&#160;</xsl:text>
+  </xsl:if>
+
+  <xsl:call-template name="whatmonth">
+  <xsl:with-param name="month" select="$month"/>
+  </xsl:call-template>
+  
+  <xsl:if test="$year&gt;0">
+    <xsl:text>&#160;</xsl:text>
+    <xsl:value-of select="$year"/>
+    </xsl:if>
+    
+</xsl:template>
+
+<xsl:template name="whatmonth">
+<xsl:param name="month" select="."/>
+  <xsl:choose>
+    <xsl:when test="$month=01">January</xsl:when>
+    <xsl:when test="$month=02">February</xsl:when>
+    <xsl:when test="$month=03">March</xsl:when>
+    <xsl:when test="$month=04">April</xsl:when>
+    <xsl:when test="$month=05">May</xsl:when>
+    <xsl:when test="$month=06">June</xsl:when>
+    <xsl:when test="$month=07">July</xsl:when>
+    <xsl:when test="$month=08">August</xsl:when>
+    <xsl:when test="$month=09">September</xsl:when>
+    <xsl:when test="$month=10">October</xsl:when>
+    <xsl:when test="$month=11">November</xsl:when>
+    <xsl:when test="$month=12">December</xsl:when>
+  </xsl:choose>
+</xsl:template>
+
+</xsl:stylesheet>

Added: httpd/site/trunk/xdocs/stylesheets/securitydb.xsl
URL: http://svn.apache.org/viewcvs/httpd/site/trunk/xdocs/stylesheets/securitydb.xsl?rev=167920&view=auto
==============================================================================
--- httpd/site/trunk/xdocs/stylesheets/securitydb.xsl (added)
+++ httpd/site/trunk/xdocs/stylesheets/securitydb.xsl Tue May  3 08:07:06 2005
@@ -0,0 +1,104 @@
+<?xml version="1.0"?>
+<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0">
+
+<xsl:output indent="yes" encoding="ISO-8859-1" method="xml"/>
+
+<xsl:include href="./securitydates.xsl"/>
+<xsl:param name="majorversion" select="0"/>
+
+<xsl:key name="unique-version" match="@fixed" use="."/>
+
+<xsl:template match="security">
+    <document>
+      <properties>
+        <author email="security@apache.org">Security Group</author>
+        <title>Apache httpd <xsl:value-of select="$majorversion"/> vulnerabilities</title>
+      </properties>
+<body>
+<section id="top">
+        <title>Apache httpd <xsl:value-of select="$majorversion"/> vulnerabilities</title>
+
+<p>This page lists all security vulnerabilities fixed in released
+versions of Apache httpd <xsl:value-of select="$majorversion"/>.  Each
+vulnerability is given a security <a
+href="/security/impact_ratings.html">impact rating</a> by the Apache
+security team - please note that this rating may well vary from
+platform to platform.  We also list the versions of Apache httpd the
+flaw is known to affect, and where a flaw has not been verified list
+the version with a question mark.  </p>
+
+<p> This page is created from a database of vulnerabilities originally
+populated by Apache Week.  Please send comments or corrections for
+these vulnerabilities to the <a href="/security_report.html">Security
+Team</a>.  </p>
+
+</section>
+
+<xsl:for-each select="issue/@fixed[generate-id()=generate-id(key('unique-version',.))]">
+<xsl:variable name="ver" select="."/>
+<xsl:if test="substring($ver,1,3)=$majorversion">
+  <section id="{$ver}"><title>Fixed in Apache httpd <xsl:value-of select="$ver"/></title>
+             <dl>
+                <xsl:apply-templates select="../../issue[@fixed=$ver]">
+		  <xsl:sort select="./severity[@level]" order="ascending"/>
+	        </xsl:apply-templates>
+             </dl>
+             </section>
+          </xsl:if>
+        </xsl:for-each>
+      </body>
+    </document>
+</xsl:template>
+
+<xsl:template match="issue">
+  <dd>
+  <b><xsl:value-of select="severity"/>: </b>
+  <b><name name="{cve/@name}"><xsl:value-of select="title"/></name></b>
+  <xsl:apply-templates select="cve"/>
+  <xsl:copy-of select="description/*"/>
+  </dd>
+
+  <dd>
+  <xsl:if test="@released != ''">
+  Update Released: <xsl:call-template name="dateformat">
+    <xsl:with-param name="date" select="@released"/>
+  </xsl:call-template><br/>
+  </xsl:if>
+  <!--  <xsl:if test="@public != ''">
+  Issue Public: <xsl:call-template name="dateformat">
+    <xsl:with-param name="date" select="@public"/>
+  </xsl:call-template><br/>
+  </xsl:if>-->
+  </dd>
+
+  <dd>
+  <xsl:for-each select="affects|maybeaffects">
+    <xsl:if test="position() = 1">
+      Affects: 
+    </xsl:if>
+    <xsl:value-of select="@version"/>
+    <xsl:if test="name() = 'maybeaffects'">
+      <xsl:text>?</xsl:text>
+    </xsl:if>
+    <xsl:if test="position() != last()">
+      <xsl:text>, </xsl:text>
+    </xsl:if>
+  </xsl:for-each>
+  <p/>
+</dd>
+</xsl:template>
+
+<xsl:template match="cve">
+<xsl:if test="@description = 'full'">
+The Common Vulnerabilities and Exposures project
+has assigned the name 
+</xsl:if>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name={@name}"><xsl:value-of select="@name"/></a>
+<xsl:if test="@description = 'full'">
+ to this issue.
+</xsl:if>
+</xsl:template>
+
+</xsl:stylesheet>
+
+



Mime
View raw message