httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wr...@apache.org
Subject svn commit: r1179781 - in /httpd/site/trunk: docs/security/vulnerabilities_13.html docs/security/vulnerabilities_20.html docs/security/vulnerabilities_22.html xdocs/security/vulnerabilities-httpd.xml
Date Thu, 06 Oct 2011 19:31:39 GMT
Author: wrowe
Date: Thu Oct  6 19:31:38 2011
New Revision: 1179781

URL: http://svn.apache.org/viewvc?rev=1179781&view=rev
Log:
Update 2.0, and 1.3 vulnerabilities

Modified:
    httpd/site/trunk/docs/security/vulnerabilities_13.html
    httpd/site/trunk/docs/security/vulnerabilities_20.html
    httpd/site/trunk/docs/security/vulnerabilities_22.html
    httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml

Modified: httpd/site/trunk/docs/security/vulnerabilities_13.html
URL: http://svn.apache.org/viewvc/httpd/site/trunk/docs/security/vulnerabilities_13.html?rev=1179781&r1=1179780&r2=1179781&view=diff
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities_13.html [utf-8] (original)
+++ httpd/site/trunk/docs/security/vulnerabilities_13.html [utf-8] Thu Oct  6 19:31:38 2011
@@ -93,7 +93,7 @@ Team</a>.  </p>
  <tr>
  <td bgcolor="#525D76">
   <font color="#ffffff" face="arial,helvetica,sanserif">
-   <a name="1.3.42"><strong>Fixed in Apache httpd 1.3.42</strong></a>
+   <a name="1.3.41"><strong>Fixed in Apache httpd 1.3.41</strong></a>
   </font>
  </td>
  </tr>
@@ -103,41 +103,24 @@ Team</a>.  </p>
 <dd>
 <b>moderate: </b>
 <b>
-<name name="CVE-2010-0010">mod_proxy overflow on 64-bit systems</name>
+<name name="CVE-2007-6388">mod_status XSS</name>
 </b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0010">CVE-2010-0010</a>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388">CVE-2007-6388</a>
 <p>
-An incorrect conversion between numeric types flaw was found in the
-mod_proxy module which affects some 64-bit architecture systems.  A
-malicious HTTP server to which requests are being proxied could use
-this flaw to trigger a heap buffer overflow in an httpd child process
-via a carefully crafted response.
-</p>
+A flaw was found in the mod_status module. On sites where mod_status is
+enabled and the status pages were publicly accessible, a cross-site
+scripting attack is possible.
+Note that the server-status page is not enabled by default and it is best practice to not
make this publicly available.</p>
 </dd>
 <dd>
-  Reported to security team: 30th December 2009<br />
-  Issue public: 7th December 2010<br />
-  Update released: 3rd February 2010<br />
+  Reported to security team: 15th December 2007<br />
+  Issue public: 2nd January 2008<br />
+  Update released: 19th January 2008<br />
 </dd>
 <dd>
       Affected: 
-    1.3.41, 1.3.39, 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28,
1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6,
1.3.4, 1.3.3, 1.3.2<p />
+    1.3.39, 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27,
1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4,
1.3.3, 1.3.2<p />
 </dd>
-</dl>
-  </blockquote>
- </td></tr>
-</table>
-           <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr>
- <td bgcolor="#525D76">
-  <font color="#ffffff" face="arial,helvetica,sanserif">
-   <a name="1.3.41"><strong>Fixed in Apache httpd 1.3.41</strong></a>
-  </font>
- </td>
- </tr>
- <tr><td>
-  <blockquote>
-<dl>
 <dd>
 <b>moderate: </b>
 <b>
@@ -187,6 +170,44 @@ cross-site scripting attack is possible.
  <tr>
  <td bgcolor="#525D76">
   <font color="#ffffff" face="arial,helvetica,sanserif">
+   <a name="1.3.42"><strong>Fixed in Apache httpd 1.3.42</strong></a>
+  </font>
+ </td>
+ </tr>
+ <tr><td>
+  <blockquote>
+<dl>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2010-0010">mod_proxy overflow on 64-bit systems</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0010">CVE-2010-0010</a>
+<p>
+An incorrect conversion between numeric types flaw was found in the
+mod_proxy module which affects some 64-bit architecture systems.  A
+malicious HTTP server to which requests are being proxied could use
+this flaw to trigger a heap buffer overflow in an httpd child process
+via a carefully crafted response.
+</p>
+</dd>
+<dd>
+  Reported to security team: 30th December 2009<br />
+  Issue public: 7th December 2010<br />
+  Update released: 3rd February 2010<br />
+</dd>
+<dd>
+      Affected: 
+    1.3.41, 1.3.39, 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28,
1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6,
1.3.4, 1.3.3, 1.3.2<p />
+</dd>
+</dl>
+  </blockquote>
+ </td></tr>
+</table>
+           <table border="0" cellspacing="0" cellpadding="2" width="100%">
+ <tr>
+ <td bgcolor="#525D76">
+  <font color="#ffffff" face="arial,helvetica,sanserif">
    <a name="1.3.39"><strong>Fixed in Apache httpd 1.3.39</strong></a>
   </font>
  </td>

Modified: httpd/site/trunk/docs/security/vulnerabilities_20.html
URL: http://svn.apache.org/viewvc/httpd/site/trunk/docs/security/vulnerabilities_20.html?rev=1179781&r1=1179780&r2=1179781&view=diff
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities_20.html [utf-8] (original)
+++ httpd/site/trunk/docs/security/vulnerabilities_20.html [utf-8] Thu Oct  6 19:31:38 2011
@@ -93,6 +93,106 @@ Team</a>.  </p>
  <tr>
  <td bgcolor="#525D76">
   <font color="#ffffff" face="arial,helvetica,sanserif">
+   <a name="2.0.65-dev"><strong>Fixed in Apache httpd 2.0.65-dev</strong></a>
+  </font>
+ </td>
+ </tr>
+ <tr><td>
+  <blockquote>
+<dl>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2011-3192">Range header remote DoS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192">CVE-2011-3192</a>
+<p>
+A flaw was found in the way the Apache HTTP Server handled Range HTTP
+headers. A remote attacker could use this flaw to cause httpd to use
+an excessive amount of memory and CPU time via HTTP requests with a
+specially-crafted Range header.  This could be used in a denial of
+service attack.  </p>
+</dd>
+<dd>
+  Issue public: 20th August 2011<br />
+  Update released: 30th August 2011<br />
+</dd>
+<dd>
+      Affected: 
+    2.0.64, 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50,
2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36,
2.0.35<p />
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2011-3368">mod_proxy reverse proxy exposure</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368">CVE-2011-3368</a>
+<p>
+An exposure was found when using mod_proxy in reverse proxy mode.
+In certain configurations using RewriteRule with proxy flag or
+ProxyPassMatch, a remote attacker could cause the reverse proxy to
+connect to an arbitrary server, possibly disclosing sensitive
+information from internal web servers not directly accessible to
+attacker.</p>
+</dd>
+<dd>
+<p>Acknowledgements: 
+This issue was reported by Context Information Security Ltd
+</p>
+</dd>
+<dd>
+  Reported to security team: 16th September 2011<br />
+  Issue public: 5th October 2011<br />
+</dd>
+<dd>
+      Affected: 
+    2.0.64, 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50,
2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36,
2.0.35<p />
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2011-0419">apr_fnmatch flaw leads to mod_autoindex remote DoS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0419">CVE-2011-0419</a>
+<p>
+A flaw was found in the apr_fnmatch() function of the bundled APR
+library.  Where mod_autoindex is enabled, and a directory indexed by
+mod_autoindex contained files with sufficiently long names, a
+remote attacker could send a carefully crafted request which would
+cause excessive CPU usage.  This could be used in a denial of service
+attack.
+</p>
+<p>
+Workaround: Setting the 'IgnoreClient' option to the 'IndexOptions'
+directive disables processing of the client-supplied request query
+arguments, preventing this attack.
+</p>
+<p>
+Resolution: Update APR to release 0.9.20 (to be bundled with httpd 2.0.65)
+</p>
+</dd>
+<dd>
+<p>Acknowledgements: 
+This issue was reported by Maksymilian Arciemowicz
+</p>
+</dd>
+<dd>
+  Reported to security team: 2nd March 2011<br />
+  Issue public: 10th May 2011<br />
+  Update released: 21st May 2011<br />
+</dd>
+<dd>
+      Affected: 
+    2.0.64, 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50,
2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36,
2.0.35<p />
+</dd>
+</dl>
+  </blockquote>
+ </td></tr>
+</table>
+           <table border="0" cellspacing="0" cellpadding="2" width="100%">
+ <tr>
+ <td bgcolor="#525D76">
+  <font color="#ffffff" face="arial,helvetica,sanserif">
    <a name="2.0.64"><strong>Fixed in Apache httpd 2.0.64</strong></a>
   </font>
  </td>
@@ -140,7 +240,7 @@ proposing a patch fix for this issue.
 A buffer over-read flaw was found in the bundled expat
 library.  An attacker who is able to get Apache to parse
 an untrused XML document (for example through mod_dav) may
-be able to cause a crash.  This crash would only                                        
                                                                         
+be able to cause a crash.  This crash would only
 be a denial of service if using the worker MPM.
 </p>
 </dd>

Modified: httpd/site/trunk/docs/security/vulnerabilities_22.html
URL: http://svn.apache.org/viewvc/httpd/site/trunk/docs/security/vulnerabilities_22.html?rev=1179781&r1=1179780&r2=1179781&view=diff
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities_22.html [utf-8] (original)
+++ httpd/site/trunk/docs/security/vulnerabilities_22.html [utf-8] Thu Oct  6 19:31:38 2011
@@ -208,7 +208,7 @@ service attack.  </p>
  <tr>
  <td bgcolor="#525D76">
   <font color="#ffffff" face="arial,helvetica,sanserif">
-   <a name="2.2.18"><strong>Fixed in Apache httpd 2.2.18</strong></a>
+   <a name="2.2.19"><strong>Fixed in Apache httpd 2.2.19</strong></a>
   </font>
  </td>
  </tr>
@@ -234,6 +234,9 @@ Workaround: Setting the 'IgnoreClient' o
 directive disables processing of the client-supplied request query
 arguments, preventing this attack.
 </p>
+<p>
+Resolution: Update APR to release 1.4.5 (bundled with httpd 2.2.19)
+</p>
 </dd>
 <dd>
 <p>Acknowledgements: 
@@ -243,11 +246,11 @@ This issue was reported by Maksymilian A
 <dd>
   Reported to security team: 2nd March 2011<br />
   Issue public: 10th May 2011<br />
-  Update released: 12th May 2011<br />
+  Update released: 21st May 2011<br />
 </dd>
 <dd>
       Affected: 
-    2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6,
2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
+    2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8,
2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p />
 </dd>
 </dl>
   </blockquote>
@@ -274,7 +277,7 @@ This issue was reported by Maksymilian A
 A buffer over-read flaw was found in the bundled expat
 library.  An attacker who is able to get Apache to parse
 an untrused XML document (for example through mod_dav) may
-be able to cause a crash.  This crash would only                                        
                                                                         
+be able to cause a crash.  This crash would only
 be a denial of service if using the worker MPM.
 </p>
 </dd>

Modified: httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml?rev=1179781&r1=1179780&r2=1179781&view=diff
==============================================================================
--- httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml [utf-8] (original)
+++ httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml [utf-8] Thu Oct  6 19:31:38
2011
@@ -37,6 +37,131 @@ This issue was reported by Context Infor
 <affects prod="httpd" version="2.2.0"/>
 </issue>
 
+<issue fixed="2.0.65-dev" reported="20110916" public="20111005" released="">
+<cve name="CVE-2011-3368"/>
+<severity level="3">moderate</severity>
+<title>mod_proxy reverse proxy exposure</title>
+<description><p>
+An exposure was found when using mod_proxy in reverse proxy mode.
+In certain configurations using RewriteRule with proxy flag or
+ProxyPassMatch, a remote attacker could cause the reverse proxy to
+connect to an arbitrary server, possibly disclosing sensitive
+information from internal web servers not directly accessible to
+attacker.</p>
+</description>
+<acknowledgements>
+This issue was reported by Context Information Security Ltd
+</acknowledgements>
+<affects prod="httpd" version="2.0.64"/>
+<affects prod="httpd" version="2.0.63"/>
+<affects prod="httpd" version="2.0.61"/>
+<affects prod="httpd" version="2.0.59"/>
+<affects prod="httpd" version="2.0.58"/>
+<affects prod="httpd" version="2.0.55"/>
+<affects prod="httpd" version="2.0.54"/>
+<affects prod="httpd" version="2.0.53"/>
+<affects prod="httpd" version="2.0.52"/>
+<affects prod="httpd" version="2.0.51"/>
+<affects prod="httpd" version="2.0.50"/>
+<affects prod="httpd" version="2.0.49"/>
+<affects prod="httpd" version="2.0.48"/>
+<affects prod="httpd" version="2.0.47"/>
+<affects prod="httpd" version="2.0.46"/>
+<affects prod="httpd" version="2.0.45"/>
+<affects prod="httpd" version="2.0.44"/>
+<affects prod="httpd" version="2.0.43"/>
+<affects prod="httpd" version="2.0.42"/>
+<affects prod="httpd" version="2.0.40"/>
+<affects prod="httpd" version="2.0.39"/>
+<affects prod="httpd" version="2.0.37"/>
+<affects prod="httpd" version="2.0.36"/>
+<affects prod="httpd" version="2.0.35"/>
+</issue>
+
+<issue fixed="" reported="20110916" public="20111005" released="">
+<cve name="CVE-2011-3368"/>
+<severity level="3">moderate</severity>
+<title>mod_proxy reverse proxy exposure</title>
+<description><p>
+An exposure was found when using mod_proxy in reverse proxy mode.
+In certain configurations using RewriteRule with proxy flag,
+a remote attacker could cause the reverse proxy to
+connect to an arbitrary server, possibly disclosing sensitive
+information from internal web servers not directly accessible to
+attacker.</p>
+<p>No update of 1.3 will be released.  Patches will be published to
+<a href="http://archive.apache.org/dist/httpd/patches/apply_to_1.3.42/"
+>http://archive.apache.org/dist/httpd/patches/apply_to_1.3.42/</a></p>
+</description>
+<acknowledgements>
+This issue was reported by Context Information Security Ltd
+</acknowledgements>
+<affects prod="httpd" version="1.3.42"/>
+<affects prod="httpd" version="1.3.41"/>
+<affects prod="httpd" version="1.3.39"/>
+<affects prod="httpd" version="1.3.37"/>
+<affects prod="httpd" version="1.3.36"/>
+<affects prod="httpd" version="1.3.35"/>
+<affects prod="httpd" version="1.3.34"/>
+<affects prod="httpd" version="1.3.33"/>
+<affects prod="httpd" version="1.3.32"/>
+<affects prod="httpd" version="1.3.31"/>
+<affects prod="httpd" version="1.3.29"/>
+<affects prod="httpd" version="1.3.28"/>
+<affects prod="httpd" version="1.3.27"/>
+<affects prod="httpd" version="1.3.26"/>
+<affects prod="httpd" version="1.3.24"/>
+<affects prod="httpd" version="1.3.22"/>
+<affects prod="httpd" version="1.3.20"/>
+<affects prod="httpd" version="1.3.19"/>
+<affects prod="httpd" version="1.3.17"/>
+<affects prod="httpd" version="1.3.14"/>
+<affects prod="httpd" version="1.3.12"/>
+<affects prod="httpd" version="1.3.11"/>
+<affects prod="httpd" version="1.3.9"/>
+<affects prod="httpd" version="1.3.6"/>
+<affects prod="httpd" version="1.3.4"/>
+<affects prod="httpd" version="1.3.3"/>
+<affects prod="httpd" version="1.3.2"/>
+</issue>
+
+<issue fixed="1.3.41" public="20080102" reported="20071215" released="20080119">
+<cve name="CVE-2007-6388"/>
+<severity level="3">moderate</severity>      
+<title>mod_status XSS</title>
+<description><p>
+A flaw was found in the mod_status module. On sites where mod_status is
+enabled and the status pages were publicly accessible, a cross-site
+scripting attack is possible.
+Note that the server-status page is not enabled by default and it is best practice to not
make this publicly available.</p></description>
+<affects prod="httpd" version="1.3.39"/>
+<affects prod="httpd" version="1.3.37"/>
+<affects prod="httpd" version="1.3.36"/>
+<affects prod="httpd" version="1.3.35"/>
+<affects prod="httpd" version="1.3.34"/>
+<affects prod="httpd" version="1.3.33"/>
+<affects prod="httpd" version="1.3.32"/>
+<affects prod="httpd" version="1.3.31"/>
+<affects prod="httpd" version="1.3.29"/>
+<affects prod="httpd" version="1.3.28"/>
+<affects prod="httpd" version="1.3.27"/>
+<affects prod="httpd" version="1.3.26"/>
+<affects prod="httpd" version="1.3.24"/>
+<affects prod="httpd" version="1.3.22"/>
+<affects prod="httpd" version="1.3.20"/>
+<affects prod="httpd" version="1.3.19"/>
+<affects prod="httpd" version="1.3.17"/>
+<affects prod="httpd" version="1.3.14"/>
+<affects prod="httpd" version="1.3.12"/>
+<affects prod="httpd" version="1.3.11"/>
+<affects prod="httpd" version="1.3.9"/>
+<affects prod="httpd" version="1.3.6"/>
+<affects prod="httpd" version="1.3.4"/>
+<affects prod="httpd" version="1.3.3"/>
+<affects prod="httpd" version="1.3.2"/>
+</issue>
+
+
 <issue fixed="2.2.21" reported="20110907" public="20110914" released="20110914">
 <cve name="CVE-2011-3348"/>
 <severity level="3">moderate</severity>
@@ -90,7 +215,44 @@ service attack.  </p>
 <affects prod="httpd" version="2.2.0"/>
 </issue>
 
-<issue fixed="2.2.18" reported="20110302" public="20110510" released="20110512">
+<issue fixed="2.0.65-dev" reported="20110820" public="20110820" released="20110830">
+<cve name="CVE-2011-3192"/>
+<severity level="2">important</severity>
+<title>Range header remote DoS</title>
+<description><p>
+A flaw was found in the way the Apache HTTP Server handled Range HTTP
+headers. A remote attacker could use this flaw to cause httpd to use
+an excessive amount of memory and CPU time via HTTP requests with a
+specially-crafted Range header.  This could be used in a denial of
+service attack.  </p>
+</description>
+<affects prod="httpd" version="2.0.64"/>
+<affects prod="httpd" version="2.0.63"/>
+<affects prod="httpd" version="2.0.61"/>
+<affects prod="httpd" version="2.0.59"/>
+<affects prod="httpd" version="2.0.58"/>
+<affects prod="httpd" version="2.0.55"/>
+<affects prod="httpd" version="2.0.54"/>
+<affects prod="httpd" version="2.0.53"/>
+<affects prod="httpd" version="2.0.52"/>
+<affects prod="httpd" version="2.0.51"/>
+<affects prod="httpd" version="2.0.50"/>
+<affects prod="httpd" version="2.0.49"/>
+<affects prod="httpd" version="2.0.48"/>
+<affects prod="httpd" version="2.0.47"/>
+<affects prod="httpd" version="2.0.46"/>
+<affects prod="httpd" version="2.0.45"/>
+<affects prod="httpd" version="2.0.44"/>
+<affects prod="httpd" version="2.0.43"/>
+<affects prod="httpd" version="2.0.42"/>
+<affects prod="httpd" version="2.0.40"/>
+<affects prod="httpd" version="2.0.39"/>
+<affects prod="httpd" version="2.0.37"/>
+<affects prod="httpd" version="2.0.36"/>
+<affects prod="httpd" version="2.0.35"/>
+</issue>
+
+<issue fixed="2.2.19" reported="20110302" public="20110510" released="20110521">
 <cve name="CVE-2011-0419"/>
 <severity level="3">moderate</severity>
 <title>apr_fnmatch flaw leads to mod_autoindex remote DoS</title>
@@ -105,11 +267,14 @@ attack.
 Workaround: Setting the 'IgnoreClient' option to the 'IndexOptions'
 directive disables processing of the client-supplied request query
 arguments, preventing this attack.
+</p><p>
+Resolution: Update APR to release 1.4.5 (bundled with httpd 2.2.19)
 </p>
 </description>
 <acknowledgements>
 This issue was reported by Maksymilian Arciemowicz
 </acknowledgements>
+<affects prod="httpd" version="2.2.18"/>
 <affects prod="httpd" version="2.2.17"/>
 <affects prod="httpd" version="2.2.16"/>
 <affects prod="httpd" version="2.2.15"/>
@@ -128,6 +293,54 @@ This issue was reported by Maksymilian A
 <affects prod="httpd" version="2.2.0"/>
 </issue>
 
+<issue fixed="2.0.65-dev" reported="20110302" public="20110510" released="20110521">
+<cve name="CVE-2011-0419"/>
+<severity level="3">moderate</severity>
+<title>apr_fnmatch flaw leads to mod_autoindex remote DoS</title>
+<description><p>
+A flaw was found in the apr_fnmatch() function of the bundled APR
+library.  Where mod_autoindex is enabled, and a directory indexed by
+mod_autoindex contained files with sufficiently long names, a
+remote attacker could send a carefully crafted request which would
+cause excessive CPU usage.  This could be used in a denial of service
+attack.
+</p><p>
+Workaround: Setting the 'IgnoreClient' option to the 'IndexOptions'
+directive disables processing of the client-supplied request query
+arguments, preventing this attack.
+</p><p>
+Resolution: Update APR to release 0.9.20 (to be bundled with httpd 2.0.65)
+</p>
+</description>
+<acknowledgements>
+This issue was reported by Maksymilian Arciemowicz
+</acknowledgements>
+<affects prod="httpd" version="2.0.64"/>
+<affects prod="httpd" version="2.0.63"/>
+<affects prod="httpd" version="2.0.61"/>
+<affects prod="httpd" version="2.0.59"/>
+<affects prod="httpd" version="2.0.58"/>
+<affects prod="httpd" version="2.0.55"/>
+<affects prod="httpd" version="2.0.54"/>
+<affects prod="httpd" version="2.0.53"/>
+<affects prod="httpd" version="2.0.52"/>
+<affects prod="httpd" version="2.0.51"/>
+<affects prod="httpd" version="2.0.50"/>
+<affects prod="httpd" version="2.0.49"/>
+<affects prod="httpd" version="2.0.48"/>
+<affects prod="httpd" version="2.0.47"/>
+<affects prod="httpd" version="2.0.46"/>
+<affects prod="httpd" version="2.0.45"/>
+<affects prod="httpd" version="2.0.44"/>
+<affects prod="httpd" version="2.0.43"/>
+<affects prod="httpd" version="2.0.42"/>
+<affects prod="httpd" version="2.0.40"/>
+<affects prod="httpd" version="2.0.39"/>
+<affects prod="httpd" version="2.0.37"/>
+<affects prod="httpd" version="2.0.36"/>
+<affects prod="httpd" version="2.0.35"/>
+</issue>
+
 <issue fixed="2.2.17" reported="20090821" public="20090117" released="20101019">
 <cve name="CVE-2009-3720"/>
 <severity level="4">low</severity>
@@ -136,7 +349,7 @@ This issue was reported by Maksymilian A
 A buffer over-read flaw was found in the bundled expat
 library.  An attacker who is able to get Apache to parse
 an untrused XML document (for example through mod_dav) may
-be able to cause a crash.  This crash would only                                        
                                                                         
+be able to cause a crash.  This crash would only
 be a denial of service if using the worker MPM.
 </p>
 </description>
@@ -165,7 +378,7 @@ be a denial of service if using the work
 A buffer over-read flaw was found in the bundled expat
 library.  An attacker who is able to get Apache to parse
 an untrused XML document (for example through mod_dav) may
-be able to cause a crash.  This crash would only                                        
                                                                         
+be able to cause a crash.  This crash would only
 be a denial of service if using the worker MPM.
 </p>
 </description>



Mime
View raw message