httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From m..@apache.org
Subject svn commit: r398599 - in /httpd/site/trunk/docs/security: vulnerabilities_13.html vulnerabilities_20.html
Date Mon, 01 May 2006 14:13:16 GMT
Author: mjc
Date: Mon May  1 07:13:13 2006
New Revision: 398599

URL: http://svn.apache.org/viewcvs?rev=398599&view=rev
Log:
Rev 398494 made these documents go away, fix them.

Modified:
    httpd/site/trunk/docs/security/vulnerabilities_13.html
    httpd/site/trunk/docs/security/vulnerabilities_20.html

Modified: httpd/site/trunk/docs/security/vulnerabilities_13.html
URL: http://svn.apache.org/viewcvs/httpd/site/trunk/docs/security/vulnerabilities_13.html?rev=398599&r1=398598&r2=398599&view=diff
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities_13.html (original)
+++ httpd/site/trunk/docs/security/vulnerabilities_13.html Mon May  1 07:13:13 2006
@@ -78,6 +78,775 @@
   </blockquote>
  </td></tr>
 </table>
+           <table border="0" cellspacing="0" cellpadding="2" width="100%">
+ <tr><td bgcolor="#525D76">
+  <font color="#ffffff" face="arial,helvetica,sanserif">
+   <a name="1.3.35-dev"><strong>Fixed in Apache httpd 1.3.35-dev</strong></a>
+  </font>
+ </td></tr>
+ <tr><td>
+  <blockquote>
+<dl>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2005-3352">mod_imap Referer Cross-Site Scripting</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352">CVE-2005-3352</a>
+<p>
+A flaw in mod_imap when using the Referer directive with image maps.
+In certain site configurations a remote attacker could perform a cross-site
+scripting attack if a victim can be forced to visit a malicious 
+URL using certain web browsers.  
+</p>
+</dd>
+<dd />
+<dd>
+      Affects: 
+    1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
+</dd>
+</dl>
+  </blockquote>
+ </td></tr>
+</table>
+           <table border="0" cellspacing="0" cellpadding="2" width="100%">
+ <tr><td bgcolor="#525D76">
+  <font color="#ffffff" face="arial,helvetica,sanserif">
+   <a name="1.3.33"><strong>Fixed in Apache httpd 1.3.33</strong></a>
+  </font>
+ </td></tr>
+ <tr><td>
+  <blockquote>
+<dl>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2004-0940">mod_include overflow</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0940">CVE-2004-0940</a>
+<p>
+A buffer overflow in mod_include could allow a local user who
+is authorised to create server side include (SSI) files to gain
+the privileges of a httpd child.
+</p>
+</dd>
+<dd>
+  Update Released: 28th October 2004<br />
+</dd>
+<dd>
+      Affects: 
+    1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
+</dd>
+</dl>
+  </blockquote>
+ </td></tr>
+</table>
+           <table border="0" cellspacing="0" cellpadding="2" width="100%">
+ <tr><td bgcolor="#525D76">
+  <font color="#ffffff" face="arial,helvetica,sanserif">
+   <a name="1.3.32"><strong>Fixed in Apache httpd 1.3.32</strong></a>
+  </font>
+ </td></tr>
+ <tr><td>
+  <blockquote>
+<dl>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2004-0492">mod_proxy buffer overflow</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0492">CVE-2004-0492</a>
+<p>
+A buffer overflow was found in the Apache proxy module, mod_proxy, which
+can be triggered by receiving an invalid Content-Length header. In order
+to exploit this issue an attacker would need to get an Apache installation
+that was configured as a proxy to connect to a malicious site. This would
+cause the Apache child processing the request to crash, although this does
+not represent a significant Denial of Service attack as requests will
+continue to be handled by other Apache child processes.  This issue may
+lead to remote arbitrary code execution on some BSD platforms.
+</p>
+</dd>
+<dd>
+  Update Released: 20th October 2004<br />
+</dd>
+<dd>
+      Affects: 
+    1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26<p />
+</dd>
+</dl>
+  </blockquote>
+ </td></tr>
+</table>
+           <table border="0" cellspacing="0" cellpadding="2" width="100%">
+ <tr><td bgcolor="#525D76">
+  <font color="#ffffff" face="arial,helvetica,sanserif">
+   <a name="1.3.31"><strong>Fixed in Apache httpd 1.3.31</strong></a>
+  </font>
+ </td></tr>
+ <tr><td>
+  <blockquote>
+<dl>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2004-0174">listening socket starvation</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0174">CVE-2004-0174</a>
+<p>
+A starvation issue on listening sockets occurs when a short-lived
+connection on a rarely-accessed listening socket will cause a child to
+hold the accept mutex and block out new connections until another
+connection arrives on that rarely-accessed listening socket.  This
+issue is known to affect some versions of AIX, Solaris, and Tru64; it
+is known to not affect FreeBSD or Linux.
+
+</p>
+</dd>
+<dd>
+  Update Released: 12th May 2004<br />
+</dd>
+<dd>
+      Affects: 
+    1.3.29, 1.3.28?, 1.3.27?, 1.3.26?, 1.3.24?, 1.3.22?, 1.3.20?, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p />
+</dd>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2003-0993">Allow/Deny parsing on big-endian 64-bit platforms</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0993">CVE-2003-0993</a>
+<p>
+A bug in the parsing of Allow/Deny rules using IP addresses
+without a netmask on big-endian 64-bit platforms causes the rules
+to fail to match.
+</p>
+</dd>
+<dd>
+  Update Released: 12th May 2004<br />
+</dd>
+<dd>
+      Affects: 
+    1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2003-0020">Error log escape filtering</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0020">CVE-2003-0020</a>
+<p>
+Apache does not filter terminal escape sequences from error logs,
+which could make it easier for attackers to insert those sequences
+into terminal emulators containing vulnerabilities related to escape
+sequences.
+</p>
+</dd>
+<dd>
+  Update Released: 12th May 2004<br />
+</dd>
+<dd>
+      Affects: 
+    1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2003-0987">mod_digest nonce checking</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0987">CVE-2003-0987</a>
+<p>
+
+mod_digest does not properly verify the nonce of a client response by
+using a AuthNonce secret.  This could allow a malicious user who is
+able to sniff network traffic to conduct a replay attack against a
+website using Digest protection.  Note that mod_digest implements an
+older version of the MD5 Digest Authentication specification which
+is known not to work with modern browsers.  This issue does not affect
+mod_auth_digest.
+
+</p>
+</dd>
+<dd>
+  Update Released: 12th May 2004<br />
+</dd>
+<dd>
+      Affects: 
+    1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
+</dd>
+</dl>
+  </blockquote>
+ </td></tr>
+</table>
+           <table border="0" cellspacing="0" cellpadding="2" width="100%">
+ <tr><td bgcolor="#525D76">
+  <font color="#ffffff" face="arial,helvetica,sanserif">
+   <a name="1.3.29"><strong>Fixed in Apache httpd 1.3.29</strong></a>
+  </font>
+ </td></tr>
+ <tr><td>
+  <blockquote>
+<dl>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2003-0542">Local configuration regular expression overflow</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0542">CVE-2003-0542</a>
+<p>
+By using a regular expression with more than 9 captures a buffer
+overflow can occur in mod_alias or mod_rewrite.  To exploit this an
+attacker would need to be able to create a carefully crafted configuration
+file (.htaccess or httpd.conf)
+</p>
+</dd>
+<dd>
+  Update Released: 27th October 2003<br />
+</dd>
+<dd>
+      Affects: 
+    1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
+</dd>
+</dl>
+  </blockquote>
+ </td></tr>
+</table>
+           <table border="0" cellspacing="0" cellpadding="2" width="100%">
+ <tr><td bgcolor="#525D76">
+  <font color="#ffffff" face="arial,helvetica,sanserif">
+   <a name="1.3.28"><strong>Fixed in Apache httpd 1.3.28</strong></a>
+  </font>
+ </td></tr>
+ <tr><td>
+  <blockquote>
+<dl>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2003-0460">RotateLogs DoS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0460">CVE-2003-0460</a>
+<p>The rotatelogs support program on Win32 and OS/2 would quit logging
+and exit if it received special control characters such as 0x1A.
+</p>
+</dd>
+<dd>
+  Update Released: 18th July 2003<br />
+</dd>
+<dd>
+      Affects: 
+    1.3.27, 1.3.26?, 1.3.24?, 1.3.22?, 1.3.20?, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p />
+</dd>
+</dl>
+  </blockquote>
+ </td></tr>
+</table>
+           <table border="0" cellspacing="0" cellpadding="2" width="100%">
+ <tr><td bgcolor="#525D76">
+  <font color="#ffffff" face="arial,helvetica,sanserif">
+   <a name="1.3.27"><strong>Fixed in Apache httpd 1.3.27</strong></a>
+  </font>
+ </td></tr>
+ <tr><td>
+  <blockquote>
+<dl>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2002-0843">Buffer overflows in ab utility</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0843">CVE-2002-0843</a>
+<p>Buffer overflows in the benchmarking utility ab could be exploited if
+ab is run against a malicious server
+</p>
+</dd>
+<dd>
+  Update Released: 3rd October 2002<br />
+</dd>
+<dd>
+      Affects: 
+    1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
+</dd>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2002-0839">Shared memory permissions lead to local privilege escalation</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0839">CVE-2002-0839</a>
+<p>The permissions of the shared memory used for the scoreboard
+allows an attacker who can execute under
+the Apache UID to send a signal to any process as root or cause a local 
+denial of service attack.
+</p>
+</dd>
+<dd>
+  Update Released: 3rd October 2002<br />
+</dd>
+<dd>
+      Affects: 
+    1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2002-0840">Error page XSS using wildcard DNS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0840">CVE-2002-0840</a>
+<p>Cross-site scripting (XSS) vulnerability in the default error page of
+Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when
+UseCanonicalName is "Off" and support for wildcard DNS is present,
+allows remote attackers to execute script as other web page visitors
+via the Host: header.</p>
+</dd>
+<dd>
+  Update Released: 3rd October 2002<br />
+</dd>
+<dd>
+      Affects: 
+    1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
+</dd>
+</dl>
+  </blockquote>
+ </td></tr>
+</table>
+           <table border="0" cellspacing="0" cellpadding="2" width="100%">
+ <tr><td bgcolor="#525D76">
+  <font color="#ffffff" face="arial,helvetica,sanserif">
+   <a name="1.3.26"><strong>Fixed in Apache httpd 1.3.26</strong></a>
+  </font>
+ </td></tr>
+ <tr><td>
+  <blockquote>
+<dl>
+<dd>
+<b>critical: </b>
+<b>
+<name name="CVE-2002-0392">Apache Chunked encoding vulnerability</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0392">CVE-2002-0392</a>
+<p>Requests to all versions of Apache 1.3 can cause various effects
+ranging from a relatively harmless increase in
+system resources through to denial of service attacks and in some
+cases the ability to be remotely exploited.</p>
+</dd>
+<dd>
+  Update Released: 18th June 2002<br />
+</dd>
+<dd>
+      Affects: 
+    1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2003-0083">Filtered escape sequences</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0083">CVE-2003-0083</a>
+<p>
+Apache does not filter terminal escape sequences from its
+access logs, which could make it easier for attackers to insert those
+sequences into terminal emulators containing vulnerabilities related
+to escape sequences,
+</p>
+</dd>
+<dd>
+  Update Released: 18th June 2002<br />
+</dd>
+<dd>
+      Affects: 
+    1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
+</dd>
+</dl>
+  </blockquote>
+ </td></tr>
+</table>
+           <table border="0" cellspacing="0" cellpadding="2" width="100%">
+ <tr><td bgcolor="#525D76">
+  <font color="#ffffff" face="arial,helvetica,sanserif">
+   <a name="1.3.24"><strong>Fixed in Apache httpd 1.3.24</strong></a>
+  </font>
+ </td></tr>
+ <tr><td>
+  <blockquote>
+<dl>
+<dd>
+<b>critical: </b>
+<b>
+<name name="CVE-2002-0061">Win32 Apache Remote command execution</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0061">CVE-2002-0061</a>
+<p>Apache for Win32 before 1.3.24 and 2.0.34-beta allows remote 
+attackers to execute arbitrary commands via parameters passed
+to batch file CGI scripts.</p>
+</dd>
+<dd>
+  Update Released: 22nd March 2002<br />
+</dd>
+<dd>
+      Affects: 
+    1.3.22, 1.3.20?, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p />
+</dd>
+</dl>
+  </blockquote>
+ </td></tr>
+</table>
+           <table border="0" cellspacing="0" cellpadding="2" width="100%">
+ <tr><td bgcolor="#525D76">
+  <font color="#ffffff" face="arial,helvetica,sanserif">
+   <a name="1.3.22"><strong>Fixed in Apache httpd 1.3.22</strong></a>
+  </font>
+ </td></tr>
+ <tr><td>
+  <blockquote>
+<dl>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2001-0729">Requests can cause directory listing to be displayed</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0729">CVE-2001-0729</a>
+<p>A vulnerability was found in the Win32 port of
+Apache 1.3.20.  A client submitting a very long URI
+could cause a directory listing to be returned rather than
+the default index page. </p>
+</dd>
+<dd>
+  Update Released: 12th October 2001<br />
+</dd>
+<dd>
+      Affects: 
+    1.3.20<p />
+</dd>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2001-0731">Multiviews can cause a directory listing to be displayed</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0731">CVE-2001-0731</a>
+<p>A vulnerability was found when <directive>Multiviews</directive> 
+    are used to negotiate the directory index.  In some
+    configurations, requesting a URI with a <samp>QUERY_STRING</samp> of 
+    <samp>M=D</samp> could
+    return a directory listing rather than the expected index page.</p>
+</dd>
+<dd>
+  Update Released: 12th October 2001<br />
+</dd>
+<dd>
+      Affects: 
+    1.3.20, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p />
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2001-0730">split-logfile can cause arbitrary log files to be written to</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0730">CVE-2001-0730</a>
+<p>A vulnerability was found in the <samp>split-logfile</samp> support
+    program.  A request with a specially crafted <samp>Host:</samp>
+    header could allow any file with a <samp>.log</samp> extension on 
+    the system to be written to. </p>
+</dd>
+<dd>
+  Update Released: 12th October 2001<br />
+</dd>
+<dd>
+      Affects: 
+    1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
+</dd>
+</dl>
+  </blockquote>
+ </td></tr>
+</table>
+           <table border="0" cellspacing="0" cellpadding="2" width="100%">
+ <tr><td bgcolor="#525D76">
+  <font color="#ffffff" face="arial,helvetica,sanserif">
+   <a name="1.3.20"><strong>Fixed in Apache httpd 1.3.20</strong></a>
+  </font>
+ </td></tr>
+ <tr><td>
+  <blockquote>
+<dl>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2001-1342">Denial of service attack on Win32 and OS2</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1342">CVE-2001-1342</a>
+<p>A vulnerability was found in the Win32 and OS2 ports of Apache 1.3. A
+  client submitting a carefully constructed URI could cause a General
+  Protection Fault in a child process, bringing up a message box which
+  would have to be cleared by the operator to resume operation. This
+  vulnerability introduced no identified means to compromise the server
+  other than introducing a possible denial of service. </p>
+</dd>
+<dd>
+  Update Released: 22nd May 2001<br />
+</dd>
+<dd>
+      Affects: 
+    1.3.20, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p />
+</dd>
+</dl>
+  </blockquote>
+ </td></tr>
+</table>
+           <table border="0" cellspacing="0" cellpadding="2" width="100%">
+ <tr><td bgcolor="#525D76">
+  <font color="#ffffff" face="arial,helvetica,sanserif">
+   <a name="1.3.19"><strong>Fixed in Apache httpd 1.3.19</strong></a>
+  </font>
+ </td></tr>
+ <tr><td>
+  <blockquote>
+<dl>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2001-0925">Requests can cause directory listing to be displayed</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0925">CVE-2001-0925</a>
+<p>The default installation can lead <samp>mod_negotiation</samp> and 
+    <samp>mod_dir</samp> or <samp>mod_autoindex</samp> to display a 
+    directory listing instead of the multiview index.html file if a 
+    very long path was created artificially by using many slashes.  </p>
+</dd>
+<dd>
+  Update Released: 28th February 2001<br />
+</dd>
+<dd>
+      Affects: 
+    1.3.17, 1.3.14, 1.3.12, 1.3.11<p />
+</dd>
+</dl>
+  </blockquote>
+ </td></tr>
+</table>
+           <table border="0" cellspacing="0" cellpadding="2" width="100%">
+ <tr><td bgcolor="#525D76">
+  <font color="#ffffff" face="arial,helvetica,sanserif">
+   <a name="1.3.14"><strong>Fixed in Apache httpd 1.3.14</strong></a>
+  </font>
+ </td></tr>
+ <tr><td>
+  <blockquote>
+<dl>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2000-0913">Rewrite rules that include references allow access to any file</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0913">CVE-2000-0913</a>
+<p>The Rewrite module, <samp>mod_rewrite</samp>, can allow access to
+    any file on the web server.  The vulnerability occurs only with
+    certain specific cases of using regular expression references in
+    <samp>RewriteRule</samp> directives:  If the destination
+    of a <samp>RewriteRule</samp> contains regular expression references
+    then an attacker will be able to access any file on the server.</p>
+</dd>
+<dd>
+  Update Released: 13th October 2000<br />
+</dd>
+<dd>
+      Affects: 
+    1.3.12, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p />
+</dd>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2000-1204">Mass virtual hosting can display CGI source</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1204">CVE-2000-1204</a>
+<p>A security problem for users of the mass virtual hosting module, 
+    <samp>mod_vhost_alias</samp>, causes
+    the source to a CGI to be sent if the <samp>cgi-bin</samp> directory is 
+    under the document root.  However, it is not normal to have your 
+    cgi-bin directory under a document root.</p>
+</dd>
+<dd>
+  Update Released: 13th October 2000<br />
+</dd>
+<dd>
+      Affects: 
+    1.3.12, 1.3.11, 1.3.9<p />
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2000-0505">Requests can cause directory listing to be displayed on NT</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0505">CVE-2000-0505</a>
+<p>A security hole on Apache for Windows allows a user to 
+    view the listing of a 
+    directory instead of the default HTML page by sending a carefully 
+    constructed request.</p>
+</dd>
+<dd>
+  Update Released: 13th October 2000<br />
+</dd>
+<dd>
+      Affects: 
+    1.3.12, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p />
+</dd>
+</dl>
+  </blockquote>
+ </td></tr>
+</table>
+           <table border="0" cellspacing="0" cellpadding="2" width="100%">
+ <tr><td bgcolor="#525D76">
+  <font color="#ffffff" face="arial,helvetica,sanserif">
+   <a name="1.3.12"><strong>Fixed in Apache httpd 1.3.12</strong></a>
+  </font>
+ </td></tr>
+ <tr><td>
+  <blockquote>
+<dl>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2000-1205">Cross-site scripting can reveal private session information</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1205">CVE-2000-1205</a>
+<p>Apache was vulnerable to cross site scripting issues.
+    It was shown that malicious HTML tags can be embedded in client web 
+    requests if the server or script handling the request does not 
+    carefully encode all information displayed to 
+    the user.  Using these vulnerabilities attackers could, for 
+    example, obtain copies of your private 
+    cookies used to authenticate
+    you to other sites.</p>
+</dd>
+<dd>
+  Update Released: 25th February 2000<br />
+</dd>
+<dd>
+      Affects: 
+    1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
+</dd>
+</dl>
+  </blockquote>
+ </td></tr>
+</table>
+           <table border="0" cellspacing="0" cellpadding="2" width="100%">
+ <tr><td bgcolor="#525D76">
+  <font color="#ffffff" face="arial,helvetica,sanserif">
+   <a name="1.3.11"><strong>Fixed in Apache httpd 1.3.11</strong></a>
+  </font>
+ </td></tr>
+ <tr><td>
+  <blockquote>
+<dl>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2000-1206">Mass virtual hosting security issue</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1206">CVE-2000-1206</a>
+<p>A security problem can occur for sites using mass name-based virtual 
+hosting (using
+the new <samp>mod_vhost_alias</samp> module) or with special 
+<samp>mod_rewrite</samp> rules.
+
+<!-- Makes sure vhost alias can only be alnum, - or . -->
+
+</p>
+</dd>
+<dd>
+  Update Released: 21st January 2000<br />
+</dd>
+<dd>
+      Affects: 
+    1.3.9, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p />
+</dd>
+</dl>
+  </blockquote>
+ </td></tr>
+</table>
+           <table border="0" cellspacing="0" cellpadding="2" width="100%">
+ <tr><td bgcolor="#525D76">
+  <font color="#ffffff" face="arial,helvetica,sanserif">
+   <a name="1.3.4"><strong>Fixed in Apache httpd 1.3.4</strong></a>
+  </font>
+ </td></tr>
+ <tr><td>
+  <blockquote>
+<dl>
+<dd>
+<b>important: </b>
+<b>
+<name name="">Denial of service attack on Win32</name>
+</b>
+<p>There have been a number of important security fixes to Apache on
+Windows. The most important is that there is much better protection
+against people trying to access special DOS device names (such as
+"nul"). </p>
+</dd>
+<dd>
+  Update Released: 11th January 1999<br />
+</dd>
+<dd>
+      Affects: 
+    1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
+</dd>
+</dl>
+  </blockquote>
+ </td></tr>
+</table>
+           <table border="0" cellspacing="0" cellpadding="2" width="100%">
+ <tr><td bgcolor="#525D76">
+  <font color="#ffffff" face="arial,helvetica,sanserif">
+   <a name="1.3.2"><strong>Fixed in Apache httpd 1.3.2</strong></a>
+  </font>
+ </td></tr>
+ <tr><td>
+  <blockquote>
+<dl>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-1999-1199">Multiple header Denial of Service vulnerability</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1199">CVE-1999-1199</a>
+<p>A serious problem exists when a client
+sends a large number of headers with the same header name. Apache uses
+up memory faster than the amount of memory required to simply store
+the received data itself. That is, memory use increases faster and
+faster as more headers are received, rather than increasing at a
+constant rate. This makes a denial of service attack based on this
+method more effective than methods which cause Apache to use memory at
+a constant rate, since the attacker has to send less data.</p>
+</dd>
+<dd>
+  Update Released: 23rd September 1998<br />
+</dd>
+<dd>
+      Affects: 
+    1.3.1, 1.3.0<p />
+</dd>
+<dd>
+<b>important: </b>
+<b>
+<name name="">Denial of service attacks</name>
+</b>
+<p>Apache 1.3.2 has
+better protection against denial of service attacks. These are when
+people make excessive requests to the server to try and prevent other
+people using it. In 1.3.2 there are several new directives which can
+limit the size of requests (these directives all start with the word
+<SAMP>Limit</SAMP>).
+</p>
+</dd>
+<dd>
+  Update Released: 23rd September 1998<br />
+</dd>
+<dd>
+      Affects: 
+    1.3.1, 1.3.0<p />
+</dd>
+</dl>
+  </blockquote>
+ </td></tr>
+</table>
          </td>
    </tr>
    <!-- FOOTER -->

Modified: httpd/site/trunk/docs/security/vulnerabilities_20.html
URL: http://svn.apache.org/viewcvs/httpd/site/trunk/docs/security/vulnerabilities_20.html?rev=398599&r1=398598&r2=398599&view=diff
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities_20.html (original)
+++ httpd/site/trunk/docs/security/vulnerabilities_20.html Mon May  1 07:13:13 2006
@@ -78,6 +78,1048 @@
   </blockquote>
  </td></tr>
 </table>
+           <table border="0" cellspacing="0" cellpadding="2" width="100%">
+ <tr><td bgcolor="#525D76">
+  <font color="#ffffff" face="arial,helvetica,sanserif">
+   <a name="2.0.56-dev"><strong>Fixed in Apache httpd 2.0.56-dev</strong></a>
+  </font>
+ </td></tr>
+ <tr><td>
+  <blockquote>
+<dl>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2005-3357">mod_ssl access control DoS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3357">CVE-2005-3357</a>
+<p>
+A NULL pointer dereference flaw in mod_ssl was discovered affecting server
+configurations where an SSL virtual host is configured with access control
+and a custom 400 error document. A remote attacker could send a carefully
+crafted request to trigger this issue which would lead to a crash. This
+crash would only be a denial of service if using the worker MPM.
+</p>
+</dd>
+<dd />
+<dd>
+      Affects: 
+    2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2005-3352">mod_imap Referer Cross-Site Scripting</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352">CVE-2005-3352</a>
+<p>
+A flaw in mod_imap when using the Referer directive with image maps.
+In certain site configurations a remote attacker could perform a cross-site
+scripting attack if a victim can be forced to visit a malicious 
+URL using certain web browsers.  
+</p>
+</dd>
+<dd />
+<dd>
+      Affects: 
+    2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
+</dd>
+</dl>
+  </blockquote>
+ </td></tr>
+</table>
+           <table border="0" cellspacing="0" cellpadding="2" width="100%">
+ <tr><td bgcolor="#525D76">
+  <font color="#ffffff" face="arial,helvetica,sanserif">
+   <a name="2.0.55"><strong>Fixed in Apache httpd 2.0.55</strong></a>
+  </font>
+ </td></tr>
+ <tr><td>
+  <blockquote>
+<dl>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2005-2700">SSLVerifyClient bypass</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2700">CVE-2005-2700</a>
+<p>
+A flaw in the mod_ssl handling of the "SSLVerifyClient"
+directive. This flaw would occur if a virtual host has been configured
+using "SSLVerifyClient optional" and further a directive "SSLVerifyClient
+required" is set for a specific location.  For servers configured in this
+fashion, an attacker may be able to access resources that should otherwise
+be protected, by not supplying a client certificate when connecting.
+</p>
+</dd>
+<dd>
+  Update Released: 14th October 2005<br />
+</dd>
+<dd>
+      Affects: 
+    2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2005-2970">Worker MPM memory leak</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2970">CVE-2005-2970</a>
+<p>
+A memory leak in the worker MPM would allow remote attackers to cause
+a denial of service (memory consumption) via aborted connections,
+which prevents the memory for the transaction pool from being reused
+for other connections.  This issue was downgraded in severity to low
+(from moderate) as sucessful exploitation of the race condition would
+be difficult.
+</p>
+</dd>
+<dd>
+  Update Released: 14th October 2005<br />
+</dd>
+<dd>
+      Affects: 
+    2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36<p />
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2005-2491">PCRE overflow</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2491">CVE-2005-2491</a>
+<p>
+An integer overflow flaw was found in PCRE, a Perl-compatible regular
+expression library included within httpd.  A local user who has the
+ability to create .htaccess files could create a maliciously crafted
+regular expression in such as way that they could gain the privileges
+of a httpd child.
+</p>
+</dd>
+<dd>
+  Update Released: 14th October 2005<br />
+</dd>
+<dd>
+      Affects: 
+    2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2005-1268">Malicious CRL off-by-one</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1268">CVE-2005-1268</a>
+<p>
+An off-by-one stack overflow was discovered in the mod_ssl CRL
+verification callback. In order to exploit this issue the Apache
+server would need to be configured to use a malicious certificate
+revocation list (CRL)
+</p>
+</dd>
+<dd>
+  Update Released: 14th October 2005<br />
+</dd>
+<dd>
+      Affects: 
+    2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2005-2728">Byterange filter DoS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2728">CVE-2005-2728</a>
+<p>
+A flaw in the byterange filter would cause some responses to be buffered
+into memory. If a server has a dynamic resource such as a CGI
+script or PHP script which generates a large amount of data, an attacker
+could send carefully crafted requests in order to consume resources,
+potentially leading to a Denial of Service. 
+</p>
+</dd>
+<dd>
+  Update Released: 14th October 2005<br />
+</dd>
+<dd>
+      Affects: 
+    2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2005-2088">HTTP Request Spoofing</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2088">CVE-2005-2088</a>
+<p>
+A flaw occured when using the Apache server as a HTTP proxy. A remote
+attacker could send a HTTP request with both a "Transfer-Encoding:
+chunked" header and a Content-Length header, causing Apache to
+incorrectly handle and forward the body of the request in a way that
+causes the receiving server to process it as a separate HTTP request.
+This could allow the bypass of web application firewall protection or
+lead to cross-site scripting (XSS) attacks.
+</p>
+</dd>
+<dd>
+  Update Released: 14th October 2005<br />
+</dd>
+<dd>
+      Affects: 
+    2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
+</dd>
+</dl>
+  </blockquote>
+ </td></tr>
+</table>
+           <table border="0" cellspacing="0" cellpadding="2" width="100%">
+ <tr><td bgcolor="#525D76">
+  <font color="#ffffff" face="arial,helvetica,sanserif">
+   <a name="2.0.53"><strong>Fixed in Apache httpd 2.0.53</strong></a>
+  </font>
+ </td></tr>
+ <tr><td>
+  <blockquote>
+<dl>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2004-0942">Memory consumption DoS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0942">CVE-2004-0942</a>
+<p>
+An issue was discovered where the field length limit was not enforced
+for certain malicious requests.  This could allow a remote attacker who
+is able to send large amounts of data to a server the ability to cause
+Apache children to consume proportional amounts of memory, leading to
+a denial of service.
+</p>
+</dd>
+<dd>
+  Update Released: 8th February 2005<br />
+</dd>
+<dd>
+      Affects: 
+    2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2004-1834">mod_disk_cache stores sensitive headers</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1834">CVE-2004-1834</a>
+<p>
+The experimental mod_disk_cache module stored client authentication
+credentials for cached objects such as proxy authentication credentials
+and Basic Authentication passwords on disk.  
+</p>
+</dd>
+<dd>
+  Update Released: 8th February 2005<br />
+</dd>
+<dd>
+      Affects: 
+    2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2004-0885">SSLCipherSuite bypass</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0885">CVE-2004-0885</a>
+<p>
+An issue has been discovered in the mod_ssl module when configured to use
+the "SSLCipherSuite" directive in directory or location context. If a
+particular location context has been configured to require a specific set
+of cipher suites, then a client will be able to access that location using
+any cipher suite allowed by the virtual host configuration. 
+</p>
+</dd>
+<dd>
+  Update Released: 8th February 2005<br />
+</dd>
+<dd>
+      Affects: 
+    2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
+</dd>
+</dl>
+  </blockquote>
+ </td></tr>
+</table>
+           <table border="0" cellspacing="0" cellpadding="2" width="100%">
+ <tr><td bgcolor="#525D76">
+  <font color="#ffffff" face="arial,helvetica,sanserif">
+   <a name="2.0.52"><strong>Fixed in Apache httpd 2.0.52</strong></a>
+  </font>
+ </td></tr>
+ <tr><td>
+  <blockquote>
+<dl>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2004-0811">Basic authentication bypass</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0811">CVE-2004-0811</a>
+<p>
+A flaw in Apache 2.0.51 (only) broke the merging of the Satisfy
+directive which could result in access being granted to
+resources despite any configured authentication
+</p>
+</dd>
+<dd>
+  Update Released: 28th September 2004<br />
+</dd>
+<dd>
+      Affects: 
+    2.0.51<p />
+</dd>
+</dl>
+  </blockquote>
+ </td></tr>
+</table>
+           <table border="0" cellspacing="0" cellpadding="2" width="100%">
+ <tr><td bgcolor="#525D76">
+  <font color="#ffffff" face="arial,helvetica,sanserif">
+   <a name="2.0.51"><strong>Fixed in Apache httpd 2.0.51</strong></a>
+  </font>
+ </td></tr>
+ <tr><td>
+  <blockquote>
+<dl>
+<dd>
+<b>critical: </b>
+<b>
+<name name="CVE-2004-0786">IPv6 URI parsing heap overflow</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0786">CVE-2004-0786</a>
+<p>
+Testing using the Codenomicon HTTP Test Tool performed by the Apache
+Software Foundation security group and Red Hat uncovered an input
+validation issue in the IPv6 URI parsing routines in the apr-util library.
+If a remote attacker sent a request including a carefully crafted URI, an
+httpd child process could be made to crash.  One some BSD systems it
+is believed this flaw may be able to lead to remote code execution.
+</p>
+</dd>
+<dd>
+  Update Released: 15th September 2004<br />
+</dd>
+<dd>
+      Affects: 
+    2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
+</dd>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2004-0748">SSL connection infinite loop</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0748">CVE-2004-0748</a>
+<p>
+An issue was discovered in the mod_ssl module in Apache 2.0.  
+A remote attacker who forces an SSL connection to
+be aborted in a particular state may cause an Apache child process to
+enter an infinite loop, consuming CPU resources.
+</p>
+</dd>
+<dd>
+  Update Released: 15th September 2004<br />
+</dd>
+<dd>
+      Affects: 
+    2.0.50, 2.0.49?, 2.0.48?, 2.0.47?, 2.0.46?, 2.0.45?, 2.0.44?, 2.0.43?, 2.0.42?, 2.0.40?, 2.0.39?, 2.0.37?, 2.0.36?, 2.0.35?<p />
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2004-0747">Environment variable expansion flaw</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0747">CVE-2004-0747</a>
+<p>
+The Swedish IT Incident Centre (SITIC) reported a buffer overflow in the
+expansion of environment variables during configuration file parsing. This
+issue could allow a local user to gain the privileges of a httpd
+child if a server can be forced to parse a carefully crafted .htaccess file 
+written by a local user.
+</p>
+</dd>
+<dd>
+  Update Released: 15th September 2004<br />
+</dd>
+<dd>
+      Affects: 
+    2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2004-0751">Malicious SSL proxy can cause crash</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0751">CVE-2004-0751</a>
+<p>
+An issue was discovered in the mod_ssl module in Apache 2.0.44-2.0.50
+which could be triggered if
+the server is configured to allow proxying to a remote SSL server. A
+malicious remote SSL server could force an httpd child process to crash by
+sending a carefully crafted response header. This issue is not believed to
+allow execution of arbitrary code and will only result in a denial
+of service where a threaded process model is in use.
+</p>
+</dd>
+<dd>
+  Update Released: 15th September 2004<br />
+</dd>
+<dd>
+      Affects: 
+    2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44<p />
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2004-0809">WebDAV remote crash</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0809">CVE-2004-0809</a>
+<p>
+An issue was discovered in the mod_dav module which could be triggered
+for a location where WebDAV authoring access has been configured. A
+malicious remote client which is authorized to use the LOCK method
+could force an httpd child process to crash by sending a particular
+sequence of LOCK requests. This issue does not allow execution of
+arbitrary code.  and will only result in a denial of service where a
+threaded process model is in use.
+</p>
+</dd>
+<dd>
+  Update Released: 15th September 2004<br />
+</dd>
+<dd>
+      Affects: 
+    2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
+</dd>
+</dl>
+  </blockquote>
+ </td></tr>
+</table>
+           <table border="0" cellspacing="0" cellpadding="2" width="100%">
+ <tr><td bgcolor="#525D76">
+  <font color="#ffffff" face="arial,helvetica,sanserif">
+   <a name="2.0.50"><strong>Fixed in Apache httpd 2.0.50</strong></a>
+  </font>
+ </td></tr>
+ <tr><td>
+  <blockquote>
+<dl>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2004-0493">Header parsing memory leak</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0493">CVE-2004-0493</a>
+<p>
+A memory leak in parsing of HTTP headers which can be triggered
+remotely may allow a denial of service attack due to excessive memory
+consumption.
+</p>
+</dd>
+<dd>
+  Update Released: 1st July 2004<br />
+</dd>
+<dd>
+      Affects: 
+    2.0.49, 2.0.48?, 2.0.47?, 2.0.46?, 2.0.45?, 2.0.44?, 2.0.43?, 2.0.42?, 2.0.40?, 2.0.39?, 2.0.37?, 2.0.36?, 2.0.35?<p />
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2004-0488">FakeBasicAuth overflow</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0488">CVE-2004-0488</a>
+<p>
+A buffer overflow in the mod_ssl FakeBasicAuth code could be exploited
+by an attacker using a (trusted) client certificate with a subject DN
+field which exceeds 6K in length.
+</p>
+</dd>
+<dd>
+  Update Released: 1st July 2004<br />
+</dd>
+<dd>
+      Affects: 
+    2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
+</dd>
+</dl>
+  </blockquote>
+ </td></tr>
+</table>
+           <table border="0" cellspacing="0" cellpadding="2" width="100%">
+ <tr><td bgcolor="#525D76">
+  <font color="#ffffff" face="arial,helvetica,sanserif">
+   <a name="2.0.49"><strong>Fixed in Apache httpd 2.0.49</strong></a>
+  </font>
+ </td></tr>
+ <tr><td>
+  <blockquote>
+<dl>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2004-0174">listening socket starvation</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0174">CVE-2004-0174</a>
+<p>
+A starvation issue on listening sockets occurs when a short-lived
+connection on a rarely-accessed listening socket will cause a child to
+hold the accept mutex and block out new connections until another
+connection arrives on that rarely-accessed listening socket.  This
+issue is known to affect some versions of AIX, Solaris, and Tru64; it
+is known to not affect FreeBSD or Linux.
+
+</p>
+</dd>
+<dd>
+  Update Released: 19th March 2004<br />
+</dd>
+<dd>
+      Affects: 
+    2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
+</dd>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2004-0113">mod_ssl memory leak</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0113">CVE-2004-0113</a>
+<p>
+A memory leak in mod_ssl allows a remote denial of service attack 
+against an SSL-enabled server by sending plain HTTP requests to the
+SSL port. 
+</p>
+</dd>
+<dd>
+  Update Released: 19th March 2004<br />
+</dd>
+<dd>
+      Affects: 
+    2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2003-0020">Error log escape filtering</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0020">CVE-2003-0020</a>
+<p>
+Apache does not filter terminal escape sequences from error logs,
+which could make it easier for attackers to insert those sequences
+into terminal emulators containing vulnerabilities related to escape
+sequences.
+</p>
+</dd>
+<dd>
+  Update Released: 19th March 2004<br />
+</dd>
+<dd>
+      Affects: 
+    2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
+</dd>
+</dl>
+  </blockquote>
+ </td></tr>
+</table>
+           <table border="0" cellspacing="0" cellpadding="2" width="100%">
+ <tr><td bgcolor="#525D76">
+  <font color="#ffffff" face="arial,helvetica,sanserif">
+   <a name="2.0.48"><strong>Fixed in Apache httpd 2.0.48</strong></a>
+  </font>
+ </td></tr>
+ <tr><td>
+  <blockquote>
+<dl>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2003-0542">Local configuration regular expression overflow</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0542">CVE-2003-0542</a>
+<p>
+By using a regular expression with more than 9 captures a buffer
+overflow can occur in mod_alias or mod_rewrite.  To exploit this an
+attacker would need to be able to create a carefully crafted configuration
+file (.htaccess or httpd.conf)
+</p>
+</dd>
+<dd>
+  Update Released: 27th October 2003<br />
+</dd>
+<dd>
+      Affects: 
+    2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2003-0789">CGI output information leak</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0789">CVE-2003-0789</a>
+<p>
+A bug in mod_cgid mishandling of CGI redirect paths can result in
+CGI output going to the wrong client when a threaded MPM
+is used.
+</p>
+</dd>
+<dd>
+  Update Released: 27th October 2003<br />
+</dd>
+<dd>
+      Affects: 
+    2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
+</dd>
+</dl>
+  </blockquote>
+ </td></tr>
+</table>
+           <table border="0" cellspacing="0" cellpadding="2" width="100%">
+ <tr><td bgcolor="#525D76">
+  <font color="#ffffff" face="arial,helvetica,sanserif">
+   <a name="2.0.47"><strong>Fixed in Apache httpd 2.0.47</strong></a>
+  </font>
+ </td></tr>
+ <tr><td>
+  <blockquote>
+<dl>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2003-0253">Remote DoS with multiple Listen directives</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0253">CVE-2003-0253</a>
+<p>
+In a server with multiple listening sockets a certain error returned
+by accept() on a rarely access port can cause a temporary denial of
+service, due to a bug in the prefork MPM.
+</p>
+</dd>
+<dd>
+  Update Released: 9th July 2003<br />
+</dd>
+<dd>
+      Affects: 
+    2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2003-0192">mod_ssl renegotiation issue</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0192">CVE-2003-0192</a>
+<p>
+A bug in the optional renegotiation code in mod_ssl included with 
+Apache httpd can cause cipher suite restrictions to be ignored.
+This is triggered if optional renegotiation is used (SSLOptions
++OptRenegotiate) along with verification of client certificates
+and a change to the cipher suite over the renegotiation.
+</p>
+</dd>
+<dd>
+  Update Released: 9th July 2003<br />
+</dd>
+<dd>
+      Affects: 
+    2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2003-0254">Remote DoS via IPv6 ftp proxy</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0254">CVE-2003-0254</a>
+<p>
+When a client requests that proxy ftp connect to a ftp server with
+IPv6 address, and the proxy is unable to create an IPv6 socket,
+an infinite loop occurs causing a remote Denial of Service.
+</p>
+</dd>
+<dd>
+  Update Released: 9th July 2003<br />
+</dd>
+<dd>
+      Affects: 
+    2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
+</dd>
+</dl>
+  </blockquote>
+ </td></tr>
+</table>
+           <table border="0" cellspacing="0" cellpadding="2" width="100%">
+ <tr><td bgcolor="#525D76">
+  <font color="#ffffff" face="arial,helvetica,sanserif">
+   <a name="2.0.46"><strong>Fixed in Apache httpd 2.0.46</strong></a>
+  </font>
+ </td></tr>
+ <tr><td>
+  <blockquote>
+<dl>
+<dd>
+<b>critical: </b>
+<b>
+<name name="CVE-2003-0245">APR remote crash</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0245">CVE-2003-0245</a>
+<p>
+A vulnerability in the apr_psprintf function in the Apache Portable
+Runtime (APR) library allows remote 
+attackers to cause a denial of service (crash) and possibly execute
+arbitrary code via long strings, as demonstrated using XML objects to
+mod_dav, and possibly other vectors.
+</p>
+</dd>
+<dd>
+  Update Released: 28th May 2003<br />
+</dd>
+<dd>
+      Affects: 
+    2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37<p />
+</dd>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2003-0189">Basic Authentication DoS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0189">CVE-2003-0189</a>
+<p>
+A build system problem in Apache 2.0.40 through 2.0.45 allows remote attackers
+to cause a denial of access to authenticated content when a threaded
+server is used. 
+</p>
+</dd>
+<dd>
+  Update Released: 28th May 2003<br />
+</dd>
+<dd>
+      Affects: 
+    2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40<p />
+</dd>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2003-0134">OS2 device name DoS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0134">CVE-2003-0134</a>
+<p>
+Apache on OS2 up to and including Apache 2.0.45
+have a Denial of Service vulnerability caused by 
+device names.
+</p>
+</dd>
+<dd>
+  Update Released: 28th May 2003<br />
+</dd>
+<dd>
+      Affects: 
+    2.0.45, 2.0.44?, 2.0.43?, 2.0.42?, 2.0.40?, 2.0.39?, 2.0.37?, 2.0.36?, 2.0.35?<p />
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2003-0083">Filtered escape sequences</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0083">CVE-2003-0083</a>
+<p>
+Apache did not filter terminal escape sequences from its
+access logs, which could make it easier for attackers to insert those
+sequences into terminal emulators containing vulnerabilities related
+to escape sequences.
+</p>
+</dd>
+<dd>
+  Update Released: 2nd April 2004<br />
+</dd>
+<dd>
+      Affects: 
+    2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
+</dd>
+</dl>
+  </blockquote>
+ </td></tr>
+</table>
+           <table border="0" cellspacing="0" cellpadding="2" width="100%">
+ <tr><td bgcolor="#525D76">
+  <font color="#ffffff" face="arial,helvetica,sanserif">
+   <a name="2.0.45"><strong>Fixed in Apache httpd 2.0.45</strong></a>
+  </font>
+ </td></tr>
+ <tr><td>
+  <blockquote>
+<dl>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2003-0132">Line feed memory leak DoS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0132">CVE-2003-0132</a>
+<p>
+Apache 2.0 versions before Apache 2.0.45 had a significant Denial of
+Service vulnerability.  Remote attackers could cause a denial of service
+(memory consumption) via large chunks of linefeed characters, which
+causes Apache to allocate 80 bytes for each linefeed.
+</p>
+</dd>
+<dd>
+  Update Released: 2nd April 2004<br />
+</dd>
+<dd>
+      Affects: 
+    2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
+</dd>
+</dl>
+  </blockquote>
+ </td></tr>
+</table>
+           <table border="0" cellspacing="0" cellpadding="2" width="100%">
+ <tr><td bgcolor="#525D76">
+  <font color="#ffffff" face="arial,helvetica,sanserif">
+   <a name="2.0.44"><strong>Fixed in Apache httpd 2.0.44</strong></a>
+  </font>
+ </td></tr>
+ <tr><td>
+  <blockquote>
+<dl>
+<dd>
+<b>critical: </b>
+<b>
+<name name="CVE-2003-0016">MS-DOS device name filtering</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0016">CVE-2003-0016</a>
+<p>On Windows platforms Apache did not 
+correctly filter MS-DOS device names which 
+could lead to denial of service attacks or remote code execution.
+</p>
+</dd>
+<dd>
+  Update Released: 20th January 2003<br />
+</dd>
+<dd>
+      Affects: 
+    2.0.43, 2.0.42?, 2.0.40?, 2.0.39?, 2.0.37?, 2.0.36?, 2.0.35?<p />
+</dd>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2003-0017">Apache can serve unexpected files</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0017">CVE-2003-0017</a>
+<p>
+On Windows platforms Apache could be forced to serve unexpected files
+by appending illegal characters such as '&lt;' to the request URL
+</p>
+</dd>
+<dd>
+  Update Released: 20th January 2003<br />
+</dd>
+<dd>
+      Affects: 
+    2.0.43, 2.0.42?, 2.0.40?, 2.0.39?, 2.0.37?, 2.0.36?, 2.0.35?<p />
+</dd>
+</dl>
+  </blockquote>
+ </td></tr>
+</table>
+           <table border="0" cellspacing="0" cellpadding="2" width="100%">
+ <tr><td bgcolor="#525D76">
+  <font color="#ffffff" face="arial,helvetica,sanserif">
+   <a name="2.0.43"><strong>Fixed in Apache httpd 2.0.43</strong></a>
+  </font>
+ </td></tr>
+ <tr><td>
+  <blockquote>
+<dl>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2002-0840">Error page XSS using wildcard DNS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0840">CVE-2002-0840</a>
+<p>Cross-site scripting (XSS) vulnerability in the default error page of
+Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when
+UseCanonicalName is "Off" and support for wildcard DNS is present,
+allows remote attackers to execute script as other web page visitors
+via the Host: header.</p>
+</dd>
+<dd>
+  Update Released: 3rd October 2002<br />
+</dd>
+<dd>
+      Affects: 
+    2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2002-1156">CGI scripts source revealed using WebDAV</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1156">CVE-2002-1156</a>
+<p>In Apache 2.0.42 only, for a location where both WebDAV and CGI were
+enabled, a POST request to a CGI script would reveal the CGI source to
+a remote user. </p>
+</dd>
+<dd>
+  Update Released: 3rd October 2002<br />
+</dd>
+<dd>
+      Affects: 
+    2.0.42<p />
+</dd>
+</dl>
+  </blockquote>
+ </td></tr>
+</table>
+           <table border="0" cellspacing="0" cellpadding="2" width="100%">
+ <tr><td bgcolor="#525D76">
+  <font color="#ffffff" face="arial,helvetica,sanserif">
+   <a name="2.0.42"><strong>Fixed in Apache httpd 2.0.42</strong></a>
+  </font>
+ </td></tr>
+ <tr><td>
+  <blockquote>
+<dl>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2002-1593">mod_dav crash</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1593">CVE-2002-1593</a>
+<p>
+A flaw was found in handling of versioning hooks in mod_dav.  An attacker
+could send a carefully crafted request in such a way to cause the child
+process handling the connection to crash.  This issue will only result
+in a denial of service where a threaded process model is in use.
+</p>
+</dd>
+<dd>
+  Update Released: 24th September 2002<br />
+</dd>
+<dd>
+      Affects: 
+    2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
+</dd>
+</dl>
+  </blockquote>
+ </td></tr>
+</table>
+           <table border="0" cellspacing="0" cellpadding="2" width="100%">
+ <tr><td bgcolor="#525D76">
+  <font color="#ffffff" face="arial,helvetica,sanserif">
+   <a name="2.0.40"><strong>Fixed in Apache httpd 2.0.40</strong></a>
+  </font>
+ </td></tr>
+ <tr><td>
+  <blockquote>
+<dl>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2002-0661">Path vulnerability</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0661">CVE-2002-0661</a>
+<p>Certain URIs would bypass security
+and allow users to invoke or access any file depending on the system 
+configuration.  Affects Windows, OS2, Netware and Cygwin platforms
+only.</p>
+</dd>
+<dd>
+  Update Released: 9th August 2002<br />
+</dd>
+<dd>
+      Affects: 
+    2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2002-0654">Path revealing exposures</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0654">CVE-2002-0654</a>
+<p>A path-revealing exposure was present in multiview type
+map negotiation (such as the default error documents) where a
+module would report the full path of the typemapped .var file when
+multiple documents or no documents could be served.  
+Additionally a path-revealing exposure in cgi/cgid when Apache
+fails to invoke a script.  The modules would report "couldn't create 
+child process /path-to-script/script.pl" revealing the full path
+of the script.</p>
+</dd>
+<dd>
+  Update Released: 9th August 2002<br />
+</dd>
+<dd>
+      Affects: 
+    2.0.39, 2.0.37?, 2.0.36?, 2.0.35?<p />
+</dd>
+</dl>
+  </blockquote>
+ </td></tr>
+</table>
+           <table border="0" cellspacing="0" cellpadding="2" width="100%">
+ <tr><td bgcolor="#525D76">
+  <font color="#ffffff" face="arial,helvetica,sanserif">
+   <a name="2.0.37"><strong>Fixed in Apache httpd 2.0.37</strong></a>
+  </font>
+ </td></tr>
+ <tr><td>
+  <blockquote>
+<dl>
+<dd>
+<b>critical: </b>
+<b>
+<name name="CVE-2002-0392">Apache Chunked encoding vulnerability</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0392">CVE-2002-0392</a>
+<p>Malicious requests can cause various effects
+ranging from a relatively harmless increase in
+system resources through to denial of service attacks and in some
+cases the ability to execute arbitrary remote code.</p>
+</dd>
+<dd>
+  Update Released: 18th June 2002<br />
+</dd>
+<dd>
+      Affects: 
+    2.0.36, 2.0.35<p />
+</dd>
+</dl>
+  </blockquote>
+ </td></tr>
+</table>
+           <table border="0" cellspacing="0" cellpadding="2" width="100%">
+ <tr><td bgcolor="#525D76">
+  <font color="#ffffff" face="arial,helvetica,sanserif">
+   <a name="2.0.36"><strong>Fixed in Apache httpd 2.0.36</strong></a>
+  </font>
+ </td></tr>
+ <tr><td>
+  <blockquote>
+<dl>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2002-1592">Warning messages could be displayed to users</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1592">CVE-2002-1592</a>
+<p>
+In some cases warning messages could get returned to end users in 
+addition to being recorded in the error log.  This could reveal the
+path to a CGI script for example, a minor security exposure.
+</p>
+</dd>
+<dd>
+  Update Released: 8th May 2002<br />
+</dd>
+<dd>
+      Affects: 
+    2.0.35<p />
+</dd>
+</dl>
+  </blockquote>
+ </td></tr>
+</table>
          </td>
    </tr>
    <!-- FOOTER -->



Mime
View raw message