Return-Path:
Delivered-To: apmail-httpd-cvs-archive@www.apache.org
Received: (qmail 83444 invoked from network); 1 May 2006 01:32:46 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199)
by minotaur.apache.org with SMTP; 1 May 2006 01:32:46 -0000
Received: (qmail 28401 invoked by uid 500); 1 May 2006 01:32:44 -0000
Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org
Received: (qmail 28346 invoked by uid 500); 1 May 2006 01:32:44 -0000
Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help:
list-unsubscribe:
List-Post:
List-Id:
Delivered-To: mailing list cvs@httpd.apache.org
Received: (qmail 28333 invoked by uid 99); 1 May 2006 01:32:44 -0000
Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49)
by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 30 Apr 2006 18:32:44 -0700
X-ASF-Spam-Status: No, hits=-9.4 required=10.0
tests=ALL_TRUSTED,NO_REAL_NAME
X-Spam-Check-By: apache.org
Received: from [209.237.227.194] (HELO minotaur.apache.org) (209.237.227.194)
by apache.org (qpsmtpd/0.29) with SMTP; Sun, 30 Apr 2006 18:32:42 -0700
Received: (qmail 83362 invoked by uid 65534); 1 May 2006 01:32:21 -0000
Message-ID: <20060501013221.83361.qmail@minotaur.apache.org>
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Subject: svn commit: r398494 - in /httpd/site/trunk:
docs/security/vulnerabilities_13.html docs/security/vulnerabilities_20.html
docs/security/vulnerabilities_22.html xdocs/security/vulnerabilities_22.xml
Date: Mon, 01 May 2006 01:32:20 -0000
To: cvs@httpd.apache.org
From: pquerna@apache.org
X-Mailer: svnmailer-1.0.8
X-Virus-Checked: Checked by ClamAV on apache.org
X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N
Author: pquerna
Date: Sun Apr 30 18:32:18 2006
New Revision: 398494
URL: http://svn.apache.org/viewcvs?rev=398494&view=rev
Log:
rebuild all.
Modified:
httpd/site/trunk/docs/security/vulnerabilities_13.html
httpd/site/trunk/docs/security/vulnerabilities_20.html
httpd/site/trunk/docs/security/vulnerabilities_22.html
httpd/site/trunk/xdocs/security/vulnerabilities_22.xml
Modified: httpd/site/trunk/docs/security/vulnerabilities_13.html
URL: http://svn.apache.org/viewcvs/httpd/site/trunk/docs/security/vulnerabilities_13.html?rev=398494&r1=398493&r2=398494&view=diff
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities_13.html (original)
+++ httpd/site/trunk/docs/security/vulnerabilities_13.html Sun Apr 30 18:32:18 2006
@@ -78,775 +78,6 @@
-
-
-
- Fixed in Apache httpd 1.3.35-dev
-
- |
-
-
-
--
-moderate:
-
-mod_imap Referer Cross-Site Scripting
-
-CVE-2005-3352
-
-A flaw in mod_imap when using the Referer directive with image maps.
-In certain site configurations a remote attacker could perform a cross-site
-scripting attack if a victim can be forced to visit a malicious
-URL using certain web browsers.
-
-
-
--
- Affects:
- 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0
-
-
-
- |
-
-
-
-
- Fixed in Apache httpd 1.3.33
-
- |
-
-
-
--
-moderate:
-
-mod_include overflow
-
-CVE-2004-0940
-
-A buffer overflow in mod_include could allow a local user who
-is authorised to create server side include (SSI) files to gain
-the privileges of a httpd child.
-
-
--
- Update Released: 28th October 2004
-
--
- Affects:
- 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0
-
-
-
- |
-
-
-
-
- Fixed in Apache httpd 1.3.32
-
- |
-
-
-
--
-moderate:
-
-mod_proxy buffer overflow
-
-CVE-2004-0492
-
-A buffer overflow was found in the Apache proxy module, mod_proxy, which
-can be triggered by receiving an invalid Content-Length header. In order
-to exploit this issue an attacker would need to get an Apache installation
-that was configured as a proxy to connect to a malicious site. This would
-cause the Apache child processing the request to crash, although this does
-not represent a significant Denial of Service attack as requests will
-continue to be handled by other Apache child processes. This issue may
-lead to remote arbitrary code execution on some BSD platforms.
-
-
--
- Update Released: 20th October 2004
-
--
- Affects:
- 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26
-
-
-
- |
-
-
-
-
- Fixed in Apache httpd 1.3.31
-
- |
-
-
-
--
-important:
-
-listening socket starvation
-
-CVE-2004-0174
-
-A starvation issue on listening sockets occurs when a short-lived
-connection on a rarely-accessed listening socket will cause a child to
-hold the accept mutex and block out new connections until another
-connection arrives on that rarely-accessed listening socket. This
-issue is known to affect some versions of AIX, Solaris, and Tru64; it
-is known to not affect FreeBSD or Linux.
-
-
-
--
- Update Released: 12th May 2004
-
--
- Affects:
- 1.3.29, 1.3.28?, 1.3.27?, 1.3.26?, 1.3.24?, 1.3.22?, 1.3.20?, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?
-
--
-important:
-
-Allow/Deny parsing on big-endian 64-bit platforms
-
-CVE-2003-0993
-
-A bug in the parsing of Allow/Deny rules using IP addresses
-without a netmask on big-endian 64-bit platforms causes the rules
-to fail to match.
-
-
--
- Update Released: 12th May 2004
-
--
- Affects:
- 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0
-
--
-low:
-
-Error log escape filtering
-
-CVE-2003-0020
-
-Apache does not filter terminal escape sequences from error logs,
-which could make it easier for attackers to insert those sequences
-into terminal emulators containing vulnerabilities related to escape
-sequences.
-
-
--
- Update Released: 12th May 2004
-
--
- Affects:
- 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0
-
--
-low:
-
-mod_digest nonce checking
-
-CVE-2003-0987
-
-
-mod_digest does not properly verify the nonce of a client response by
-using a AuthNonce secret. This could allow a malicious user who is
-able to sniff network traffic to conduct a replay attack against a
-website using Digest protection. Note that mod_digest implements an
-older version of the MD5 Digest Authentication specification which
-is known not to work with modern browsers. This issue does not affect
-mod_auth_digest.
-
-
-
--
- Update Released: 12th May 2004
-
--
- Affects:
- 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0
-
-
-
- |
-
-
-
-
- Fixed in Apache httpd 1.3.29
-
- |
-
-
-
--
-low:
-
-Local configuration regular expression overflow
-
-CVE-2003-0542
-
-By using a regular expression with more than 9 captures a buffer
-overflow can occur in mod_alias or mod_rewrite. To exploit this an
-attacker would need to be able to create a carefully crafted configuration
-file (.htaccess or httpd.conf)
-
-
--
- Update Released: 27th October 2003
-
--
- Affects:
- 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0
-
-
-
- |
-
-
-
-
- Fixed in Apache httpd 1.3.28
-
- |
-
-
-
--
-important:
-
-RotateLogs DoS
-
-CVE-2003-0460
-
The rotatelogs support program on Win32 and OS/2 would quit logging
-and exit if it received special control characters such as 0x1A.
-
-
--
- Update Released: 18th July 2003
-
--
- Affects:
- 1.3.27, 1.3.26?, 1.3.24?, 1.3.22?, 1.3.20?, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?
-
-
-
- |
-
-
-
-
- Fixed in Apache httpd 1.3.27
-
- |
-
-
-
--
-important:
-
-Buffer overflows in ab utility
-
-CVE-2002-0843
-
Buffer overflows in the benchmarking utility ab could be exploited if
-ab is run against a malicious server
-
-
--
- Update Released: 3rd October 2002
-
--
- Affects:
- 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0
-
--
-important:
-
-Shared memory permissions lead to local privilege escalation
-
-CVE-2002-0839
-
The permissions of the shared memory used for the scoreboard
-allows an attacker who can execute under
-the Apache UID to send a signal to any process as root or cause a local
-denial of service attack.
-
-
--
- Update Released: 3rd October 2002
-
--
- Affects:
- 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0
-
--
-low:
-
-Error page XSS using wildcard DNS
-
-CVE-2002-0840
-
Cross-site scripting (XSS) vulnerability in the default error page of
-Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when
-UseCanonicalName is "Off" and support for wildcard DNS is present,
-allows remote attackers to execute script as other web page visitors
-via the Host: header.
-
--
- Update Released: 3rd October 2002
-
--
- Affects:
- 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0
-
-
-
- |
-
-
-
-
- Fixed in Apache httpd 1.3.26
-
- |
-
-
-
--
-critical:
-
-Apache Chunked encoding vulnerability
-
-CVE-2002-0392
-
Requests to all versions of Apache 1.3 can cause various effects
-ranging from a relatively harmless increase in
-system resources through to denial of service attacks and in some
-cases the ability to be remotely exploited.
-
--
- Update Released: 18th June 2002
-
--
- Affects:
- 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0
-
--
-low:
-
-Filtered escape sequences
-
-CVE-2003-0083
-
-Apache does not filter terminal escape sequences from its
-access logs, which could make it easier for attackers to insert those
-sequences into terminal emulators containing vulnerabilities related
-to escape sequences,
-
-
--
- Update Released: 18th June 2002
-
--
- Affects:
- 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0
-
-
-
- |
-
-
-
-
- Fixed in Apache httpd 1.3.24
-
- |
-
-
-
--
-critical:
-
-Win32 Apache Remote command execution
-
-CVE-2002-0061
-
Apache for Win32 before 1.3.24 and 2.0.34-beta allows remote
-attackers to execute arbitrary commands via parameters passed
-to batch file CGI scripts.
-
--
- Update Released: 22nd March 2002
-
--
- Affects:
- 1.3.22, 1.3.20?, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?
-
-
-
- |
-
-
-
-
- Fixed in Apache httpd 1.3.22
-
- |
-
-
-
--
-important:
-
-Requests can cause directory listing to be displayed
-
-CVE-2001-0729
-
A vulnerability was found in the Win32 port of
-Apache 1.3.20. A client submitting a very long URI
-could cause a directory listing to be returned rather than
-the default index page.
-
--
- Update Released: 12th October 2001
-
--
- Affects:
- 1.3.20
-
--
-important:
-
-Multiviews can cause a directory listing to be displayed
-
-CVE-2001-0731
-
A vulnerability was found when Multiviews
- are used to negotiate the directory index. In some
- configurations, requesting a URI with a QUERY_STRING of
- M=D could
- return a directory listing rather than the expected index page.
-
--
- Update Released: 12th October 2001
-
--
- Affects:
- 1.3.20, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?
-
--
-moderate:
-
-split-logfile can cause arbitrary log files to be written to
-
-CVE-2001-0730
-
A vulnerability was found in the split-logfile support
- program. A request with a specially crafted Host:
- header could allow any file with a .log extension on
- the system to be written to.
-
--
- Update Released: 12th October 2001
-
--
- Affects:
- 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0
-
-
-
- |
-
-
-
-
- Fixed in Apache httpd 1.3.20
-
- |
-
-
-
--
-important:
-
-Denial of service attack on Win32 and OS2
-
-CVE-2001-1342
-
A vulnerability was found in the Win32 and OS2 ports of Apache 1.3. A
- client submitting a carefully constructed URI could cause a General
- Protection Fault in a child process, bringing up a message box which
- would have to be cleared by the operator to resume operation. This
- vulnerability introduced no identified means to compromise the server
- other than introducing a possible denial of service.
-
--
- Update Released: 22nd May 2001
-
--
- Affects:
- 1.3.20, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?
-
-
-
- |
-
-
-
-
- Fixed in Apache httpd 1.3.19
-
- |
-
-
-
--
-important:
-
-Requests can cause directory listing to be displayed
-
-CVE-2001-0925
-
The default installation can lead mod_negotiation and
- mod_dir or mod_autoindex to display a
- directory listing instead of the multiview index.html file if a
- very long path was created artificially by using many slashes.
-
--
- Update Released: 28th February 2001
-
--
- Affects:
- 1.3.17, 1.3.14, 1.3.12, 1.3.11
-
-
-
- |
-
-
-
-
- Fixed in Apache httpd 1.3.14
-
- |
-
-
-
--
-important:
-
-Rewrite rules that include references allow access to any file
-
-CVE-2000-0913
-
The Rewrite module, mod_rewrite, can allow access to
- any file on the web server. The vulnerability occurs only with
- certain specific cases of using regular expression references in
- RewriteRule directives: If the destination
- of a RewriteRule contains regular expression references
- then an attacker will be able to access any file on the server.
-
--
- Update Released: 13th October 2000
-
--
- Affects:
- 1.3.12, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?
-
--
-important:
-
-Mass virtual hosting can display CGI source
-
-CVE-2000-1204
-
A security problem for users of the mass virtual hosting module,
- mod_vhost_alias, causes
- the source to a CGI to be sent if the cgi-bin directory is
- under the document root. However, it is not normal to have your
- cgi-bin directory under a document root.
-
--
- Update Released: 13th October 2000
-
--
- Affects:
- 1.3.12, 1.3.11, 1.3.9
-
--
-moderate:
-
-Requests can cause directory listing to be displayed on NT
-
-CVE-2000-0505
-
A security hole on Apache for Windows allows a user to
- view the listing of a
- directory instead of the default HTML page by sending a carefully
- constructed request.
-
--
- Update Released: 13th October 2000
-
--
- Affects:
- 1.3.12, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?
-
-
-
- |
-
-
-
-
- Fixed in Apache httpd 1.3.12
-
- |
-
-
-
--
-important:
-
-Cross-site scripting can reveal private session information
-
-CVE-2000-1205
-
Apache was vulnerable to cross site scripting issues.
- It was shown that malicious HTML tags can be embedded in client web
- requests if the server or script handling the request does not
- carefully encode all information displayed to
- the user. Using these vulnerabilities attackers could, for
- example, obtain copies of your private
- cookies used to authenticate
- you to other sites.
-
--
- Update Released: 25th February 2000
-
--
- Affects:
- 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0
-
-
-
- |
-
-
-
-
- Fixed in Apache httpd 1.3.11
-
- |
-
-
-
--
-moderate:
-
-Mass virtual hosting security issue
-
-CVE-2000-1206
-
A security problem can occur for sites using mass name-based virtual
-hosting (using
-the new mod_vhost_alias module) or with special
-mod_rewrite rules.
-
-
-
-
-
--
- Update Released: 21st January 2000
-
--
- Affects:
- 1.3.9, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?
-
-
-
- |
-
-
-
-
- Fixed in Apache httpd 1.3.4
-
- |
-
-
-
--
-important:
-
-Denial of service attack on Win32
-
-
There have been a number of important security fixes to Apache on
-Windows. The most important is that there is much better protection
-against people trying to access special DOS device names (such as
-"nul").
-
--
- Update Released: 11th January 1999
-
--
- Affects:
- 1.3.3, 1.3.2, 1.3.1, 1.3.0
-
-
-
- |
-
-
-
-
- Fixed in Apache httpd 1.3.2
-
- |
-
-
-
--
-important:
-
-Multiple header Denial of Service vulnerability
-
-CVE-1999-1199
-
A serious problem exists when a client
-sends a large number of headers with the same header name. Apache uses
-up memory faster than the amount of memory required to simply store
-the received data itself. That is, memory use increases faster and
-faster as more headers are received, rather than increasing at a
-constant rate. This makes a denial of service attack based on this
-method more effective than methods which cause Apache to use memory at
-a constant rate, since the attacker has to send less data.
-
--
- Update Released: 23rd September 1998
-
--
- Affects:
- 1.3.1, 1.3.0
-
--
-important:
-
-Denial of service attacks
-
-
Apache 1.3.2 has
-better protection against denial of service attacks. These are when
-people make excessive requests to the server to try and prevent other
-people using it. In 1.3.2 there are several new directives which can
-limit the size of requests (these directives all start with the word
-Limit).
-
-
--
- Update Released: 23rd September 1998
-
--
- Affects:
- 1.3.1, 1.3.0
-
-
-
- |
-
Modified: httpd/site/trunk/docs/security/vulnerabilities_20.html
URL: http://svn.apache.org/viewcvs/httpd/site/trunk/docs/security/vulnerabilities_20.html?rev=398494&r1=398493&r2=398494&view=diff
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities_20.html (original)
+++ httpd/site/trunk/docs/security/vulnerabilities_20.html Sun Apr 30 18:32:18 2006
@@ -78,1048 +78,6 @@
-
-
-
- Fixed in Apache httpd 2.0.56-dev
-
- |
-
-
-
--
-low:
-
-mod_ssl access control DoS
-
-CVE-2005-3357
-
-A NULL pointer dereference flaw in mod_ssl was discovered affecting server
-configurations where an SSL virtual host is configured with access control
-and a custom 400 error document. A remote attacker could send a carefully
-crafted request to trigger this issue which would lead to a crash. This
-crash would only be a denial of service if using the worker MPM.
-
-
-
--
- Affects:
- 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
-
--
-moderate:
-
-mod_imap Referer Cross-Site Scripting
-
-CVE-2005-3352
-
-A flaw in mod_imap when using the Referer directive with image maps.
-In certain site configurations a remote attacker could perform a cross-site
-scripting attack if a victim can be forced to visit a malicious
-URL using certain web browsers.
-
-
-
--
- Affects:
- 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
-
-
-
- |
-
-
-
-
- Fixed in Apache httpd 2.0.55
-
- |
-
-
-
--
-important:
-
-SSLVerifyClient bypass
-
-CVE-2005-2700
-
-A flaw in the mod_ssl handling of the "SSLVerifyClient"
-directive. This flaw would occur if a virtual host has been configured
-using "SSLVerifyClient optional" and further a directive "SSLVerifyClient
-required" is set for a specific location. For servers configured in this
-fashion, an attacker may be able to access resources that should otherwise
-be protected, by not supplying a client certificate when connecting.
-
-
--
- Update Released: 14th October 2005
-
--
- Affects:
- 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
-
--
-low:
-
-Worker MPM memory leak
-
-CVE-2005-2970
-
-A memory leak in the worker MPM would allow remote attackers to cause
-a denial of service (memory consumption) via aborted connections,
-which prevents the memory for the transaction pool from being reused
-for other connections. This issue was downgraded in severity to low
-(from moderate) as sucessful exploitation of the race condition would
-be difficult.
-
-
--
- Update Released: 14th October 2005
-
--
- Affects:
- 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36
-
--
-low:
-
-PCRE overflow
-
-CVE-2005-2491
-
-An integer overflow flaw was found in PCRE, a Perl-compatible regular
-expression library included within httpd. A local user who has the
-ability to create .htaccess files could create a maliciously crafted
-regular expression in such as way that they could gain the privileges
-of a httpd child.
-
-
--
- Update Released: 14th October 2005
-
--
- Affects:
- 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
-
--
-low:
-
-Malicious CRL off-by-one
-
-CVE-2005-1268
-
-An off-by-one stack overflow was discovered in the mod_ssl CRL
-verification callback. In order to exploit this issue the Apache
-server would need to be configured to use a malicious certificate
-revocation list (CRL)
-
-
--
- Update Released: 14th October 2005
-
--
- Affects:
- 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
-
--
-moderate:
-
-Byterange filter DoS
-
-CVE-2005-2728
-
-A flaw in the byterange filter would cause some responses to be buffered
-into memory. If a server has a dynamic resource such as a CGI
-script or PHP script which generates a large amount of data, an attacker
-could send carefully crafted requests in order to consume resources,
-potentially leading to a Denial of Service.
-
-
--
- Update Released: 14th October 2005
-
--
- Affects:
- 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
-
--
-moderate:
-
-HTTP Request Spoofing
-
-CVE-2005-2088
-
-A flaw occured when using the Apache server as a HTTP proxy. A remote
-attacker could send a HTTP request with both a "Transfer-Encoding:
-chunked" header and a Content-Length header, causing Apache to
-incorrectly handle and forward the body of the request in a way that
-causes the receiving server to process it as a separate HTTP request.
-This could allow the bypass of web application firewall protection or
-lead to cross-site scripting (XSS) attacks.
-
-
--
- Update Released: 14th October 2005
-
--
- Affects:
- 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
-
-
-
- |
-
-
-
-
- Fixed in Apache httpd 2.0.53
-
- |
-
-
-
--
-important:
-
-Memory consumption DoS
-
-CVE-2004-0942
-
-An issue was discovered where the field length limit was not enforced
-for certain malicious requests. This could allow a remote attacker who
-is able to send large amounts of data to a server the ability to cause
-Apache children to consume proportional amounts of memory, leading to
-a denial of service.
-
-
--
- Update Released: 8th February 2005
-
--
- Affects:
- 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
-
--
-low:
-
-mod_disk_cache stores sensitive headers
-
-CVE-2004-1834
-
-The experimental mod_disk_cache module stored client authentication
-credentials for cached objects such as proxy authentication credentials
-and Basic Authentication passwords on disk.
-
-
--
- Update Released: 8th February 2005
-
--
- Affects:
- 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
-
--
-moderate:
-
-SSLCipherSuite bypass
-
-CVE-2004-0885
-
-An issue has been discovered in the mod_ssl module when configured to use
-the "SSLCipherSuite" directive in directory or location context. If a
-particular location context has been configured to require a specific set
-of cipher suites, then a client will be able to access that location using
-any cipher suite allowed by the virtual host configuration.
-
-
--
- Update Released: 8th February 2005
-
--
- Affects:
- 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
-
-
-
- |
-
-
-
-
- Fixed in Apache httpd 2.0.52
-
- |
-
-
-
--
-important:
-
-Basic authentication bypass
-
-CVE-2004-0811
-
-A flaw in Apache 2.0.51 (only) broke the merging of the Satisfy
-directive which could result in access being granted to
-resources despite any configured authentication
-
-
--
- Update Released: 28th September 2004
-
--
- Affects:
- 2.0.51
-
-
-
- |
-
-
-
-
- Fixed in Apache httpd 2.0.51
-
- |
-
-
-
--
-critical:
-
-IPv6 URI parsing heap overflow
-
-CVE-2004-0786
-
-Testing using the Codenomicon HTTP Test Tool performed by the Apache
-Software Foundation security group and Red Hat uncovered an input
-validation issue in the IPv6 URI parsing routines in the apr-util library.
-If a remote attacker sent a request including a carefully crafted URI, an
-httpd child process could be made to crash. One some BSD systems it
-is believed this flaw may be able to lead to remote code execution.
-
-
--
- Update Released: 15th September 2004
-
--
- Affects:
- 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
-
--
-important:
-
-SSL connection infinite loop
-
-CVE-2004-0748
-
-An issue was discovered in the mod_ssl module in Apache 2.0.
-A remote attacker who forces an SSL connection to
-be aborted in a particular state may cause an Apache child process to
-enter an infinite loop, consuming CPU resources.
-
-
--
- Update Released: 15th September 2004
-
--
- Affects:
- 2.0.50, 2.0.49?, 2.0.48?, 2.0.47?, 2.0.46?, 2.0.45?, 2.0.44?, 2.0.43?, 2.0.42?, 2.0.40?, 2.0.39?, 2.0.37?, 2.0.36?, 2.0.35?
-
--
-low:
-
-Environment variable expansion flaw
-
-CVE-2004-0747
-
-The Swedish IT Incident Centre (SITIC) reported a buffer overflow in the
-expansion of environment variables during configuration file parsing. This
-issue could allow a local user to gain the privileges of a httpd
-child if a server can be forced to parse a carefully crafted .htaccess file
-written by a local user.
-
-
--
- Update Released: 15th September 2004
-
--
- Affects:
- 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
-
--
-low:
-
-Malicious SSL proxy can cause crash
-
-CVE-2004-0751
-
-An issue was discovered in the mod_ssl module in Apache 2.0.44-2.0.50
-which could be triggered if
-the server is configured to allow proxying to a remote SSL server. A
-malicious remote SSL server could force an httpd child process to crash by
-sending a carefully crafted response header. This issue is not believed to
-allow execution of arbitrary code and will only result in a denial
-of service where a threaded process model is in use.
-
-
--
- Update Released: 15th September 2004
-
--
- Affects:
- 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44
-
--
-low:
-
-WebDAV remote crash
-
-CVE-2004-0809
-
-An issue was discovered in the mod_dav module which could be triggered
-for a location where WebDAV authoring access has been configured. A
-malicious remote client which is authorized to use the LOCK method
-could force an httpd child process to crash by sending a particular
-sequence of LOCK requests. This issue does not allow execution of
-arbitrary code. and will only result in a denial of service where a
-threaded process model is in use.
-
-
--
- Update Released: 15th September 2004
-
--
- Affects:
- 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
-
-
-
- |
-
-
-
-
- Fixed in Apache httpd 2.0.50
-
- |
-
-
-
--
-important:
-
-Header parsing memory leak
-
-CVE-2004-0493
-
-A memory leak in parsing of HTTP headers which can be triggered
-remotely may allow a denial of service attack due to excessive memory
-consumption.
-
-
--
- Update Released: 1st July 2004
-
--
- Affects:
- 2.0.49, 2.0.48?, 2.0.47?, 2.0.46?, 2.0.45?, 2.0.44?, 2.0.43?, 2.0.42?, 2.0.40?, 2.0.39?, 2.0.37?, 2.0.36?, 2.0.35?
-
--
-low:
-
-FakeBasicAuth overflow
-
-CVE-2004-0488
-
-A buffer overflow in the mod_ssl FakeBasicAuth code could be exploited
-by an attacker using a (trusted) client certificate with a subject DN
-field which exceeds 6K in length.
-
-
--
- Update Released: 1st July 2004
-
--
- Affects:
- 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
-
-
-
- |
-
-
-
-
- Fixed in Apache httpd 2.0.49
-
- |
-
-
-
--
-important:
-
-listening socket starvation
-
-CVE-2004-0174
-
-A starvation issue on listening sockets occurs when a short-lived
-connection on a rarely-accessed listening socket will cause a child to
-hold the accept mutex and block out new connections until another
-connection arrives on that rarely-accessed listening socket. This
-issue is known to affect some versions of AIX, Solaris, and Tru64; it
-is known to not affect FreeBSD or Linux.
-
-
-
--
- Update Released: 19th March 2004
-
--
- Affects:
- 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
-
--
-important:
-
-mod_ssl memory leak
-
-CVE-2004-0113
-
-A memory leak in mod_ssl allows a remote denial of service attack
-against an SSL-enabled server by sending plain HTTP requests to the
-SSL port.
-
-
--
- Update Released: 19th March 2004
-
--
- Affects:
- 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
-
--
-low:
-
-Error log escape filtering
-
-CVE-2003-0020
-
-Apache does not filter terminal escape sequences from error logs,
-which could make it easier for attackers to insert those sequences
-into terminal emulators containing vulnerabilities related to escape
-sequences.
-
-
--
- Update Released: 19th March 2004
-
--
- Affects:
- 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
-
-
-
- |
-
-
-
-
- Fixed in Apache httpd 2.0.48
-
- |
-
-
-
--
-low:
-
-Local configuration regular expression overflow
-
-CVE-2003-0542
-
-By using a regular expression with more than 9 captures a buffer
-overflow can occur in mod_alias or mod_rewrite. To exploit this an
-attacker would need to be able to create a carefully crafted configuration
-file (.htaccess or httpd.conf)
-
-
--
- Update Released: 27th October 2003
-
--
- Affects:
- 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
-
--
-moderate:
-
-CGI output information leak
-
-CVE-2003-0789
-
-A bug in mod_cgid mishandling of CGI redirect paths can result in
-CGI output going to the wrong client when a threaded MPM
-is used.
-
-
--
- Update Released: 27th October 2003
-
--
- Affects:
- 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
-
-
-
- |
-
-
-
-
- Fixed in Apache httpd 2.0.47
-
- |
-
-
-
--
-important:
-
-Remote DoS with multiple Listen directives
-
-CVE-2003-0253
-
-In a server with multiple listening sockets a certain error returned
-by accept() on a rarely access port can cause a temporary denial of
-service, due to a bug in the prefork MPM.
-
-
--
- Update Released: 9th July 2003
-
--
- Affects:
- 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
-
--
-low:
-
-mod_ssl renegotiation issue
-
-CVE-2003-0192
-
-A bug in the optional renegotiation code in mod_ssl included with
-Apache httpd can cause cipher suite restrictions to be ignored.
-This is triggered if optional renegotiation is used (SSLOptions
-+OptRenegotiate) along with verification of client certificates
-and a change to the cipher suite over the renegotiation.
-
-
--
- Update Released: 9th July 2003
-
--
- Affects:
- 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
-
--
-moderate:
-
-Remote DoS via IPv6 ftp proxy
-
-CVE-2003-0254
-
-When a client requests that proxy ftp connect to a ftp server with
-IPv6 address, and the proxy is unable to create an IPv6 socket,
-an infinite loop occurs causing a remote Denial of Service.
-
-
--
- Update Released: 9th July 2003
-
--
- Affects:
- 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
-
-
-
- |
-
-
-
-
- Fixed in Apache httpd 2.0.46
-
- |
-
-
-
--
-critical:
-
-APR remote crash
-
-CVE-2003-0245
-
-A vulnerability in the apr_psprintf function in the Apache Portable
-Runtime (APR) library allows remote
-attackers to cause a denial of service (crash) and possibly execute
-arbitrary code via long strings, as demonstrated using XML objects to
-mod_dav, and possibly other vectors.
-
-
--
- Update Released: 28th May 2003
-
--
- Affects:
- 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37
-
--
-important:
-
-Basic Authentication DoS
-
-CVE-2003-0189
-
-A build system problem in Apache 2.0.40 through 2.0.45 allows remote attackers
-to cause a denial of access to authenticated content when a threaded
-server is used.
-
-
--
- Update Released: 28th May 2003
-
--
- Affects:
- 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40
-
--
-important:
-
-OS2 device name DoS
-
-CVE-2003-0134
-
-Apache on OS2 up to and including Apache 2.0.45
-have a Denial of Service vulnerability caused by
-device names.
-
-
--
- Update Released: 28th May 2003
-
--
- Affects:
- 2.0.45, 2.0.44?, 2.0.43?, 2.0.42?, 2.0.40?, 2.0.39?, 2.0.37?, 2.0.36?, 2.0.35?
-
--
-low:
-
-Filtered escape sequences
-
-CVE-2003-0083
-
-Apache did not filter terminal escape sequences from its
-access logs, which could make it easier for attackers to insert those
-sequences into terminal emulators containing vulnerabilities related
-to escape sequences.
-
-
--
- Update Released: 2nd April 2004
-
--
- Affects:
- 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
-
-
-
- |
-
-
-
-
- Fixed in Apache httpd 2.0.45
-
- |
-
-
-
--
-important:
-
-Line feed memory leak DoS
-
-CVE-2003-0132
-
-Apache 2.0 versions before Apache 2.0.45 had a significant Denial of
-Service vulnerability. Remote attackers could cause a denial of service
-(memory consumption) via large chunks of linefeed characters, which
-causes Apache to allocate 80 bytes for each linefeed.
-
-
--
- Update Released: 2nd April 2004
-
--
- Affects:
- 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
-
-
-
- |
-
-
-
-
- Fixed in Apache httpd 2.0.44
-
- |
-
-
-
--
-critical:
-
-MS-DOS device name filtering
-
-CVE-2003-0016
-
On Windows platforms Apache did not
-correctly filter MS-DOS device names which
-could lead to denial of service attacks or remote code execution.
-
-
--
- Update Released: 20th January 2003
-
--
- Affects:
- 2.0.43, 2.0.42?, 2.0.40?, 2.0.39?, 2.0.37?, 2.0.36?, 2.0.35?
-
--
-important:
-
-Apache can serve unexpected files
-
-CVE-2003-0017
-
-On Windows platforms Apache could be forced to serve unexpected files
-by appending illegal characters such as '<' to the request URL
-
-
--
- Update Released: 20th January 2003
-
--
- Affects:
- 2.0.43, 2.0.42?, 2.0.40?, 2.0.39?, 2.0.37?, 2.0.36?, 2.0.35?
-
-
-
- |
-
-
-
-
- Fixed in Apache httpd 2.0.43
-
- |
-
-
-
--
-low:
-
-Error page XSS using wildcard DNS
-
-CVE-2002-0840
-
Cross-site scripting (XSS) vulnerability in the default error page of
-Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when
-UseCanonicalName is "Off" and support for wildcard DNS is present,
-allows remote attackers to execute script as other web page visitors
-via the Host: header.
-
--
- Update Released: 3rd October 2002
-
--
- Affects:
- 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
-
--
-moderate:
-
-CGI scripts source revealed using WebDAV
-
-CVE-2002-1156
-
In Apache 2.0.42 only, for a location where both WebDAV and CGI were
-enabled, a POST request to a CGI script would reveal the CGI source to
-a remote user.
-
--
- Update Released: 3rd October 2002
-
--
- Affects:
- 2.0.42
-
-
-
- |
-
-
-
-
- Fixed in Apache httpd 2.0.42
-
- |
-
-
-
--
-moderate:
-
-mod_dav crash
-
-CVE-2002-1593
-
-A flaw was found in handling of versioning hooks in mod_dav. An attacker
-could send a carefully crafted request in such a way to cause the child
-process handling the connection to crash. This issue will only result
-in a denial of service where a threaded process model is in use.
-
-
--
- Update Released: 24th September 2002
-
--
- Affects:
- 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
-
-
-
- |
-
-
-
-
- Fixed in Apache httpd 2.0.40
-
- |
-
-
-
--
-important:
-
-Path vulnerability
-
-CVE-2002-0661
-
Certain URIs would bypass security
-and allow users to invoke or access any file depending on the system
-configuration. Affects Windows, OS2, Netware and Cygwin platforms
-only.
-
--
- Update Released: 9th August 2002
-
--
- Affects:
- 2.0.39, 2.0.37, 2.0.36, 2.0.35
-
--
-low:
-
-Path revealing exposures
-
-CVE-2002-0654
-
A path-revealing exposure was present in multiview type
-map negotiation (such as the default error documents) where a
-module would report the full path of the typemapped .var file when
-multiple documents or no documents could be served.
-Additionally a path-revealing exposure in cgi/cgid when Apache
-fails to invoke a script. The modules would report "couldn't create
-child process /path-to-script/script.pl" revealing the full path
-of the script.
-
--
- Update Released: 9th August 2002
-
--
- Affects:
- 2.0.39, 2.0.37?, 2.0.36?, 2.0.35?
-
-
-
- |
-
-
-
-
- Fixed in Apache httpd 2.0.37
-
- |
-
-
-
--
-critical:
-
-Apache Chunked encoding vulnerability
-
-CVE-2002-0392
-
Malicious requests can cause various effects
-ranging from a relatively harmless increase in
-system resources through to denial of service attacks and in some
-cases the ability to execute arbitrary remote code.
-
--
- Update Released: 18th June 2002
-
--
- Affects:
- 2.0.36, 2.0.35
-
-
-
- |
-
-
-
-
- Fixed in Apache httpd 2.0.36
-
- |
-
-
-
--
-low:
-
-Warning messages could be displayed to users
-
-CVE-2002-1592
-
-In some cases warning messages could get returned to end users in
-addition to being recorded in the error log. This could reveal the
-path to a CGI script for example, a minor security exposure.
-
-
--
- Update Released: 8th May 2002
-
--
- Affects:
- 2.0.35
-
-
-
- |
-
Modified: httpd/site/trunk/docs/security/vulnerabilities_22.html
URL: http://svn.apache.org/viewcvs/httpd/site/trunk/docs/security/vulnerabilities_22.html?rev=398494&r1=398493&r2=398494&view=diff
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities_22.html (original)
+++ httpd/site/trunk/docs/security/vulnerabilities_22.html Sun Apr 30 18:32:18 2006
@@ -78,37 +78,6 @@
-
-
-
- Fixed in Apache httpd 2.2.1-dev
-
- |
-
-
-
--
-moderate:
-
-mod_imap Referer Cross-Site Scripting
-
-CVE-2005-3352
-
-A flaw in mod_imap when using the Referer directive with image maps.
-In certain site configurations a remote attacker could perform a cross-site
-scripting attack if a victim can be forced to visit a malicious
-URL using certain web browsers.
-
-
-
--
- Affects:
- 2.2.0
-
-
-
- |
-
Modified: httpd/site/trunk/xdocs/security/vulnerabilities_22.xml
URL: http://svn.apache.org/viewcvs/httpd/site/trunk/xdocs/security/vulnerabilities_22.xml?rev=398494&r1=398493&r2=398494&view=diff
==============================================================================
--- httpd/site/trunk/xdocs/security/vulnerabilities_22.xml (original)
+++ httpd/site/trunk/xdocs/security/vulnerabilities_22.xml Sun Apr 30 18:32:18 2006
@@ -19,28 +19,5 @@
these vulnerabilities to the Security
Team.
-
-Fixed in Apache httpd 2.2.1-dev
-
--
-moderate:
-
-mod_imap Referer Cross-Site Scripting
-
-CVE-2005-3352
-
-A flaw in mod_imap when using the Referer directive with image maps.
-In certain site configurations a remote attacker could perform a cross-site
-scripting attack if a victim can be forced to visit a malicious
-URL using certain web browsers.
-
-
-
--
- Affects:
- 2.2.0
-
-
-