httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r816096 - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities_22.html
Date Sun, 06 May 2012 17:44:50 GMT
Author: buildbot
Date: Sun May  6 17:44:50 2012
New Revision: 816096

Log:
Staging update by buildbot for httpd

Modified:
    websites/staging/httpd/trunk/content/   (props changed)
    websites/staging/httpd/trunk/content/security/vulnerabilities_22.html

Propchange: websites/staging/httpd/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Sun May  6 17:44:50 2012
@@ -1 +1 @@
-1334712
+1334714

Modified: websites/staging/httpd/trunk/content/security/vulnerabilities_22.html
==============================================================================
--- websites/staging/httpd/trunk/content/security/vulnerabilities_22.html (original)
+++ websites/staging/httpd/trunk/content/security/vulnerabilities_22.html Sun May  6 17:44:50 2012
@@ -5,7 +5,7 @@
         <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
         <link href="/css/apsite.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
         <meta name="author" content="Documentation Group" /><meta name="email" content="docs@httpd.apache.org" />
-        <title>Apache httpd 2.2 vulnerabilities - The Apache HTTP Server Project</title>
+        <title> - The Apache HTTP Server Project</title>
     </head>
     <body>
         
@@ -72,7 +72,901 @@
         <!-- RIGHT SIDE INFORMATION -->
         <div id="apcontents">
             
-            
+            <p>Title: Apache httpd 2.2 vulnerabilities
+Notice:    Licensed to the Apache Software Foundation (ASF) under one
+           or more contributor license agreements.  See the NOTICE file
+           distributed with this work for additional information
+           regarding copyright ownership.  The ASF licenses this file
+           to you under the Apache License, Version 2.0 (the
+           "License"); you may not use this file except in compliance
+           with the License.  You may obtain a copy of the License at
+           .
+             http://www.apache.org/licenses/LICENSE-2.0
+           .
+           Unless required by applicable law or agreed to in writing,
+           software distributed under the License is distributed on an
+           "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+           KIND, either express or implied.  See the License for the
+           specific language governing permissions and limitations
+           under the License.</p>
+<h1 id="top">Apache httpd 2.2 vulnerabilities</h1>
+<p>This page lists all security vulnerabilities fixed in released versions of
+Apache httpd 2.2. Each vulnerability is given a security <a href="/security/impact_levels.html">impact
+rating</a> by the Apache security team - please
+note that this rating may well vary from platform to platform. We also list
+the versions of Apache httpd the flaw is known to affect, and where a flaw
+has not been verified list the version with a question mark.</p>
+<p>Please note that if a vulnerability is shown below as being fixed in a
+"-dev" release then this means that a fix has been applied to the
+development source tree and will be part of an upcoming full release.</p>
+<p>This page is created from a database of vulnerabilities originally
+populated by Apache Week. Please send comments or corrections for these
+vulnerabilities to the <a href="/security_report.html">Security Team</a>.</p>
+<h1 id="2.2.22">Fixed in Apache httpd 2.2.22</h1>
+<dl>
+<dd><strong>low:</strong>  <strong><name name="CVE-2011-3607">mod_setenvif.htaccess
+  privilege escalation</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3607">CVE-2011-3607</a> </dd>
+</dl>
+<p>An integer overflow flaw was found which, when the mod_setenvif module is
+enabled, could allow local users to gain privileges via a.htaccess file.</p>
+<dl>
+<dt>Acknowledgements: This issue was reported by halfdog</dt>
+<dd>
+<p>Reported to security team: 4th October 2011<br></br>Issue public:
+ 2nd November 2011<br></br>Update released:
+ 31st January 2012<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15,
+ 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5,
+ 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
+</dd>
+<dd>
+<p><strong>low:</strong>  <strong><name name="CVE-2012-0021">mod_log_config crash</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0021">CVE-2012-0021</a> </p>
+</dd>
+<dt>A flaw was found in mod_log_config. If the '%{cookiename}C' log format</dt>
+<dt>string is in use, a remote attacker could send a specific cookie causing a</dt>
+<dt>crash. This crash would only be a denial of service if using a threaded</dt>
+<dt>MPM.</dt>
+<dd>
+<p>Reported to security team: 30th December 2011<br></br>Issue public:
+ 28th November 2011<br></br>Update released:
+ 31st January 2012<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17</p>
+</dd>
+<dd>
+<p><strong>low:</strong>  <strong><name name="CVE-2012-0031">scoreboard parent DoS</name></strong></p>
+<p><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0031">CVE-2012-0031</a> 
+A flaw was found in the handling of the scoreboard. An unprivileged child
+process could cause the parent process to crash at shutdown rather than
+terminate cleanly.</p>
+</dd>
+<dt>Acknowledgements: This issue was reported by halfdog</dt>
+<dd>
+<p>Reported to security team: 30th December 2011<br></br>Issue public:
+ 11th January 2012<br></br>Update released:
+ 31st January 2012<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15,
+ 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5,
+ 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
+</dd>
+<dd>
+<p><strong>moderate:</strong>  <strong><name name="CVE-2011-4317">mod_proxy reverse proxy
+  exposure</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317">CVE-2011-4317</a> </p>
+</dd>
+</dl>
+<p>An additional exposure was found when using mod_proxy in reverse proxy
+mode. In certain configurations using RewriteRule with proxy flag or
+ProxyPassMatch, a remote attacker could cause the reverse proxy to connect
+to an arbitrary server, possibly disclosing sensitive information from
+internal web servers not directly accessible to attacker.</p>
+<dl>
+<dt>Acknowledgements: This issue was reported by Prutha Parikh of Qualys</dt>
+<dd>
+<p>Reported to security team: 20th October 2011<br></br>Issue public:
+ 22nd January 2012<br></br>Update released:
+ 31st January 2012<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15,
+ 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5,
+ 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
+</dd>
+<dd>
+<p><strong>moderate:</strong>  <strong><name name="CVE-2012-0053">error responses can
+  expose cookies</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0053">CVE-2012-0053</a> </p>
+</dd>
+</dl>
+<p>A flaw was found in the default error response for status code 400. This
+flaw could be used by an attacker to expose "httpOnly" cookies when no
+custom ErrorDocument is specified.</p>
+<dl>
+<dt>Acknowledgements: This issue was reported by Norman Hippert</dt>
+<dd>
+<p>Reported to security team: 15th January 2012<br></br>Issue public:
+ 23rd January 2012<br></br>Update released:
+ 31st January 2012<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15,
+ 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5,
+ 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
+</dd>
+<dd>
+<p><strong>moderate:</strong>  <strong><name name="CVE-2011-3368">mod_proxy reverse proxy
+  exposure</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368">CVE-2011-3368</a> </p>
+</dd>
+</dl>
+<p>An exposure was found when using mod_proxy in reverse proxy mode. In
+certain configurations using RewriteRule with proxy flag or ProxyPassMatch,
+a remote attacker could cause the reverse proxy to connect to an arbitrary
+server, possibly disclosing sensitive information from internal web servers
+not directly accessible to attacker.</p>
+<dl>
+<dt>Acknowledgements: This issue was reported by Context Information Security</dt>
+<dt>Ltd</dt>
+<dd>
+<p>Reported to security team: 16th September 2011<br></br>Issue public:
+ 5th October 2011<br></br>Update released:
+ 31st January 2012<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15,
+ 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5,
+ 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
+</dd>
+</dl>
+<h1 id="2.2.21">Fixed in Apache httpd 2.2.21</h1>
+<dl>
+<dd><strong>moderate:</strong>  <strong><name name="CVE-2011-3348">mod_proxy_ajp remote
+  DoS</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3348">CVE-2011-3348</a> </dd>
+<dt>A flaw was found when mod_proxy_ajp is used together with</dt>
+<dt>mod_proxy_balancer. Given a specific configuration, a remote attacker could</dt>
+<dt>send certain malformed HTTP requests, putting a backend server into an</dt>
+<dt>error state until the retry timeout expired. This could lead to a temporary</dt>
+<dt>denial of service.</dt>
+<dd>
+<p>Reported to security team: 7th September 2011<br></br>Issue public:
+ 14th September 2011<br></br>Update released:
+ 14th September 2011<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14,
+ 2.2.13, 2.2.12</p>
+</dd>
+</dl>
+<h1 id="2.2.20">Fixed in Apache httpd 2.2.20</h1>
+<dl>
+<dd><strong>important:</strong>  <strong><name name="CVE-2011-3192">Range header remote
+  DoS</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192">CVE-2011-3192</a> </dd>
+</dl>
+<p>A flaw was found in the way the Apache HTTP Server handled Range HTTP
+headers. A remote attacker could use this flaw to cause httpd to use an
+excessive amount of memory and CPU time via HTTP requests with a
+specially-crafted Range header. This could be used in a denial of service
+attack.</p>
+<dl>
+<dt>Advisory: <a href="CVE-2011-3192.txt">CVE-2011-3192.txt</a> </dt>
+<dd>
+<p>Issue public: 20th August 2011<br></br>Update released:
+ 30th August 2011<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13,
+ 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3,
+ 2.2.2, 2.2.0</p>
+</dd>
+</dl>
+<h1 id="2.2.19">Fixed in Apache httpd 2.2.19</h1>
+<dl>
+<dd><strong>moderate:</strong>  <strong><name name="CVE-2011-0419">apr_fnmatch flaw leads to
+  mod_autoindex remote DoS</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0419">CVE-2011-0419</a> </dd>
+</dl>
+<p>A flaw was found in the apr_fnmatch() function of the bundled APR library.
+Where mod_autoindex is enabled, and a directory indexed by mod_autoindex
+contained files with sufficiently long names, a remote attacker could send
+a carefully crafted request which would cause excessive CPU usage. This
+could be used in a denial of service attack.</p>
+<p>Workaround: Setting the 'IgnoreClient' option to the 'IndexOptions'
+directive disables processing of the client-supplied request query
+arguments, preventing this attack.</p>
+<p>Resolution: Update APR to release 1.4.5 (bundled with httpd 2.2.19)</p>
+<dl>
+<dt>Acknowledgements: This issue was reported by Maksymilian Arciemowicz</dt>
+<dd>
+<p>Reported to security team: 2nd March 2011<br></br>Issue public:
+ 10th May 2011<br></br>Update released: 21st May 2011<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12,
+ 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
+</dd>
+</dl>
+<h1 id="2.2.17">Fixed in Apache httpd 2.2.17</h1>
+<dl>
+<dd><strong>low:</strong>  <strong><name name="CVE-2009-3720">expat DoS</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720">CVE-2009-3720</a> </dd>
+<dt>A buffer over-read flaw was found in the bundled expat library. An attacker</dt>
+<dt>who is able to get Apache to parse an untrused XML document (for example</dt>
+<dt>through mod_dav) may be able to cause a crash. This crash would only be a</dt>
+<dt>denial of service if using the worker MPM.</dt>
+<dd>
+<p>Reported to security team: 21st August 2009<br></br>Issue public:
+ 17th January 2009<br></br>Update released:
+ 19th October 2010<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10,
+ 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
+</dd>
+<dd>
+<p><strong>low:</strong>  <strong><name name="CVE-2009-3560">expat DoS</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560">CVE-2009-3560</a> </p>
+</dd>
+<dt>A buffer over-read flaw was found in the bundled expat library. An attacker</dt>
+<dt>who is able to get Apache to parse an untrused XML document (for example</dt>
+<dt>through mod_dav) may be able to cause a crash. This crash would only be a</dt>
+<dt>denial of service if using the worker MPM.</dt>
+<dd>
+<p>Issue public: 2nd December 2009<br></br>Update released:
+ 19th October 2010<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10,
+ 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
+</dd>
+<dd>
+<p><strong>low:</strong>  <strong><name name="CVE-2010-1623">apr_bridage_split_line
+  DoS</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1623">CVE-2010-1623</a> </p>
+</dd>
+<dt>A flaw was found in the apr_brigade_split_line() function of the bundled</dt>
+<dt>APR-util library, used to process non-SSL requests. A remote attacker could</dt>
+<dt>send requests, carefully crafting the timing of individual bytes, which</dt>
+<dt>would slowly consume memory, potentially leading to a denial of service.</dt>
+<dd>
+<p>Reported to security team: 3rd March 2010<br></br>Issue public:
+ 1st October 2010<br></br>Update released:
+ 19th October 2010<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10,
+ 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
+</dd>
+</dl>
+<h1 id="2.2.16">Fixed in Apache httpd 2.2.16</h1>
+<dl>
+<dd><strong>important:</strong>  <strong><name name="CVE-2010-2068">Timeout detection flaw
+  (mod_proxy_http)</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2068">CVE-2010-2068</a> </dd>
+</dl>
+<p>An information disclosure flaw was found in mod_proxy_http in versions
+2.2.9 through 2.2.15, 2.3.4-alpha and 2.3.5-alpha. Under certain timeout
+conditions, the server could return a response intended for another user.
+Only Windows, Netware and OS2 operating systems are affected. Only those
+configurations which trigger the use of proxy worker pools are affected.
+There was no vulnerability on earlier versions, as proxy pools were not yet
+introduced. The simplest workaround is to globally configure;</p>
+<p>SetEnv proxy-nokeepalive 1</p>
+<p>Source code patches are at;</p>
+<ul>
+<li>
+<p><a href="http://www.apache.org/dist/httpd/patches/apply_to_2.2.15/CVE-2010-2068-r953616.patch">http://www.apache.org/dist/httpd/patches/apply_to_2.2.15/CVE-2010-2068-r953616.patch</a> </p>
+</li>
+<li>
+<p><a href="http://www.apache.org/dist/httpd/patches/apply_to_2.3.5/CVE-2010-2068-r953418.patch">http://www.apache.org/dist/httpd/patches/apply_to_2.3.5/CVE-2010-2068-r953418.patch</a> </p>
+</li>
+</ul>
+<p>Binary replacement modules are at</p>
+<ul>
+<li><a href="http://www.apache.org/dist/httpd/binaries/win32/mod_proxy_http-CVE-2010-2068.zip">http://www.apache.org/dist/httpd/binaries/win32/mod_proxy_http-CVE-2010-2068.zip</a> </li>
+</ul>
+<dl>
+<dt>Acknowledgements: We would like to thank Loren Anderson for the detailed</dt>
+<dt>analysis and reporting of this issue.</dt>
+<dd>
+<p>Issue public: 9th June 2010<br></br>Update released:
+ 25th July 2010<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.3.5-alpha, 2.3.4-alpha, 2.2.15, 2.2.14, 2.2.13, 2.2.12,
+ 2.2.11, 2.2.10, 2.2.9</p>
+</dd>
+<dd>
+<p><strong>low:</strong>  <strong><name name="CVE-2010-1452">mod_cache and mod_dav
+  DoS</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1452">CVE-2010-1452</a> </p>
+</dd>
+</dl>
+<p>A flaw was found in the handling of requests by mod_cache and mod_dav. A
+malicious remote attacker could send a carefully crafted request and cause
+a httpd child process to crash. This crash would only be a denial of
+service if using the worker MPM. This issue is further mitigated as mod_dav
+is only affected by requests that are most likely to be authenticated, and
+mod_cache is only affected if the uncommon
+"CacheIgnoreURLSessionIdentifiers" directive, introduced in version 2.2.14,
+is used.</p>
+<dl>
+<dt>Acknowledgements: This issue was reported by Mark Drayton.</dt>
+<dd>
+<p>Reported to security team: 4th May 2010<br></br>Issue public:
+ 25th July 2010<br></br>Update released: 25th July 2010<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9,
+ 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
+</dd>
+</dl>
+<h1 id="2.2.15">Fixed in Apache httpd 2.2.15</h1>
+<dl>
+<dd><strong>important:</strong>  <strong><name name="CVE-2010-0425">mod_isapi module unload
+  flaw</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0425">CVE-2010-0425</a> </dd>
+</dl>
+<p>A flaw was found with within mod_isapi which would attempt to unload the
+ISAPI dll when it encountered various error states. This could leave the
+callbacks in an undefined state and result in a segfault. On Windows
+platforms using mod_isapi, a remote attacker could send a malicious request
+to trigger this issue, and as win32 MPM runs only one process, this would
+result in a denial of service, and potentially allow arbitrary code
+execution.</p>
+<dl>
+<dt>Acknowledgements: We would like to thank Brett Gervasoni of Sense of</dt>
+<dt>Security for reporting and proposing a patch fix for this issue.</dt>
+<dd>
+<p>Reported to security team: 9th February 2010<br></br>Issue public:
+ 2nd March 2010<br></br>Update released: 5th March 2010<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6,
+ 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
+</dd>
+<dd>
+<p><strong>low:</strong>  <strong><name name="CVE-2010-0434">Subrequest handling of request
+  headers (mod_headers)</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0434">CVE-2010-0434</a> </p>
+</dd>
+</dl>
+<p>A flaw in the core subrequest process code was fixed, to always provide a
+shallow copy of the headers_in array to the subrequest, instead of a
+pointer to the parent request's array as it had for requests without
+request bodies. This meant all modules such as mod_headers which may
+manipulate the input headers for a subrequest would poison the parent
+request in two ways, one by modifying the parent request, which might not
+be intended, and second by leaving pointers to modified header fields in
+memory allocated to the subrequest scope, which could be freed before the
+main request processing was finished, resulting in a segfault or in
+revealing data from another request on threaded servers, such as the worker
+or winnt MPMs.</p>
+<dl>
+<dt>Acknowledgements: We would like to thank Philip Pickett of VMware for</dt>
+<dt>reporting and proposing a fix for this issue.</dt>
+<dd>
+<p>Issue public: 9th December 2009<br></br>Update released:
+ 5th March 2010<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6,
+ 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
+</dd>
+<dd>
+<p><strong>moderate:</strong>  <strong><name name="CVE-2010-0408">mod_proxy_ajp
+  DoS</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0408">CVE-2010-0408</a> </p>
+</dd>
+</dl>
+<p>mod_proxy_ajp would return the wrong status code if it encountered an
+error, causing a backend server to be put into an error state until the
+retry timeout expired. A remote attacker could send malicious requests to
+trigger this issue, resulting in denial of service.</p>
+<dl>
+<dt>Acknowledgements: We would like to thank Niku Toivola of Sulake Corporation</dt>
+<dt>for reporting and proposing a patch fix for this issue.</dt>
+<dd>
+<p>Reported to security team: 2nd February 2010<br></br>Issue public:
+ 2nd March 2010<br></br>Update released: 5th March 2010<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6,
+ 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
+</dd>
+</dl>
+<h1 id="2.2.14">Fixed in Apache httpd 2.2.14</h1>
+<dl>
+<dd><strong>low:</strong>  <strong><name name="CVE-2009-3094">mod_proxy_ftp DoS</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094">CVE-2009-3094</a> </dd>
+<dt>A NULL pointer dereference flaw was found in the mod_proxy_ftp module. A</dt>
+<dt>malicious FTP server to which requests are being proxied could use this</dt>
+<dt>flaw to crash an httpd child process via a malformed reply to the EPSV or</dt>
+<dt>PASV commands, resulting in a limited denial of service.</dt>
+<dd>
+<p>Reported to security team: 4th September 2009<br></br>Issue public:
+ 2nd August 2009<br></br>Update released: 5th October 2009<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5,
+ 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
+</dd>
+<dd>
+<p><strong>low:</strong>  <strong><name name="CVE-2009-3095">mod_proxy_ftp FTP command
+  injection</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095">CVE-2009-3095</a> </p>
+</dd>
+<dt>A flaw was found in the mod_proxy_ftp module. In a reverse proxy</dt>
+<dt>configuration, a remote attacker could use this flaw to bypass intended</dt>
+<dt>access restrictions by creating a carefully-crafted HTTP Authorization</dt>
+<dt>header, allowing the attacker to send arbitrary commands to the FTP server.</dt>
+<dd>
+<p>Reported to security team: 3rd September 2009<br></br>Issue public:
+ 3rd August 2009<br></br>Update released: 5th October 2009<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5,
+ 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
+</dd>
+<dd>
+<p><strong>moderate:</strong>  <strong><name name="CVE-2009-2699">Solaris pollset
+  DoS</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2699">CVE-2009-2699</a> </p>
+</dd>
+<dt>Faulty error handling was found affecting Solaris pollset support (Event</dt>
+<dt>Port backend) caused by a bug in APR. A remote attacker could trigger this</dt>
+<dt>issue on Solaris servers which used prefork or event MPMs, resulting in a</dt>
+<dt>denial of service.</dt>
+<dd>
+<p>Reported to security team: 5th August 2009<br></br>Issue public:
+ 23rd September 2009<br></br>Update released:
+ 5th October 2009<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5,
+ 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
+</dd>
+</dl>
+<h1 id="2.2.13">Fixed in Apache httpd 2.2.13</h1>
+<dl>
+<dd><strong>low:</strong>  <strong><name name="CVE-2009-2412">APR apr_palloc heap
+  overflow</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412">CVE-2009-2412</a> </dd>
+<dt>A flaw in apr_palloc() in the bundled copy of APR could cause heap</dt>
+<dt>overflows in programs that try to apr_palloc() a user controlled size. The</dt>
+<dt>Apache HTTP Server itself does not pass unsanitized user-provided sizes to</dt>
+<dt>this function, so it could only be triggered through some other application</dt>
+<dt>which uses apr_palloc() in a vulnerable way.</dt>
+<dd>
+<p>Reported to security team: 27th July 2009<br></br>Issue public:
+ 4th August 2009<br></br>Update released: 9th August 2009<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4,
+ 2.2.3, 2.2.2, 2.2.0</p>
+</dd>
+</dl>
+<h1 id="2.2.12">Fixed in Apache httpd 2.2.12</h1>
+<dl>
+<dd><strong>important:</strong>  <strong><name name="CVE-2009-1890">mod_proxy reverse proxy
+  DoS</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1890">CVE-2009-1890</a> </dd>
+<dt>A denial of service flaw was found in the mod_proxy module when it was used</dt>
+<dt>as a reverse proxy. A remote attacker could use this flaw to force a proxy</dt>
+<dt>process to consume large amounts of CPU time.</dt>
+<dd>
+<p>Reported to security team: 30th June 2009<br></br>Issue public:
+ 2nd July 2009<br></br>Update released: 27th July 2009<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3,
+ 2.2.2, 2.2.0</p>
+</dd>
+<dd>
+<p><strong>important:</strong>  <strong><name name="CVE-2009-1191">mod_proxy_ajp
+  information disclosure</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1191">CVE-2009-1191</a> </p>
+</dd>
+<dt>An information disclosure flaw was found in mod_proxy_ajp in version 2.2.11</dt>
+<dt>only. In certain situations, if a user sent a carefully crafted HTTP</dt>
+<dt>request, the server could return a response intended for another user.</dt>
+<dd>
+<p>Reported to security team: 5th March 2009<br></br>Issue public:
+ 21st April 2009<br></br>Update released: 27th July 2009<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.2.11</p>
+</dd>
+<dd>
+<p><strong>low:</strong>  <strong><name name="CVE-2009-1891">mod_deflate DoS</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891">CVE-2009-1891</a> </p>
+</dd>
+<dt>A denial of service flaw was found in the mod_deflate module. This module</dt>
+<dt>continued to compress large files until compression was complete, even if</dt>
+<dt>the network connection that requested the content was closed before</dt>
+<dt>compression completed. This would cause mod_deflate to consume large</dt>
+<dt>amounts of CPU if mod_deflate was enabled for a large file.</dt>
+<dd>
+<p>Issue public: 26th June 2009<br></br>Update released:
+ 27th July 2009<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3,
+ 2.2.2, 2.2.0</p>
+</dd>
+<dd>
+<p><strong>low:</strong>  <strong><name name="CVE-2009-1195">AllowOverride Options handling
+  bypass</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1195">CVE-2009-1195</a> </p>
+</dd>
+<dt>A flaw was found in the handling of the "Options" and "AllowOverride"</dt>
+<dt>directives. In configurations using the "AllowOverride" directive with</dt>
+<dt>certain "Options=" arguments, local users were not restricted from</dt>
+<dt>executing commands from a Server-Side-Include script as intended.</dt>
+<dd>
+<p>Reported to security team: 9th March 2009<br></br>Issue public:
+ 22nd April 2009<br></br>Update released: 27th July 2009<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3,
+ 2.2.2, 2.2.0</p>
+</dd>
+<dd>
+<p><strong>moderate:</strong>  <strong><name name="CVE-2009-1956">APR-util off-by-one
+  overflow</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1956">CVE-2009-1956</a> </p>
+</dd>
+<dt>An off-by-one overflow flaw was found in the way the bundled copy of the</dt>
+<dt>APR-util library processed a variable list of arguments. An attacker could</dt>
+<dt>provide a specially-crafted string as input for the formatted output</dt>
+<dt>conversion routine, which could, on big-endian platforms, potentially lead</dt>
+<dt>to the disclosure of sensitive information or a denial of service.</dt>
+<dd>
+<p>Issue public: 24th April 2009<br></br>Update released:
+ 72th  2009<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3,
+ 2.2.2, 2.2.0</p>
+</dd>
+<dd>
+<p><strong>moderate:</strong>  <strong><name name="CVE-2009-1955">APR-util XML DoS</name></strong></p>
+<p><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955">CVE-2009-1955</a> 
+A denial of service flaw was found in the bundled copy of the APR-util
+library Extensible Markup Language (XML) parser. A remote attacker could
+create a specially-crafted XML document that would cause excessive memory
+consumption when processed by the XML decoding engine.</p>
+</dd>
+<dd>
+<p>Issue public: 1st June 2009<br></br>Update released:
+ 27th July 2009<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3,
+ 2.2.2, 2.2.0</p>
+</dd>
+<dd>
+<p><strong>moderate:</strong>  <strong><name name="CVE-2009-0023">APR-util heap
+  underwrite</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0023">CVE-2009-0023</a> </p>
+</dd>
+<dt>A heap-based underwrite flaw was found in the way the bundled copy of the</dt>
+<dt>APR-util library created compiled forms of particular search patterns. An</dt>
+<dt>attacker could formulate a specially-crafted search keyword, that would</dt>
+<dt>overwrite arbitrary heap memory locations when processed by the pattern</dt>
+<dt>preparation engine.</dt>
+<dd>
+<p>Issue public: 1st June 2009<br></br>Update released:
+ 27th July 2009<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3,
+ 2.2.2, 2.2.0</p>
+</dd>
+</dl>
+<h1 id="2.2.10">Fixed in Apache httpd 2.2.10</h1>
+<dl>
+<dd><strong>important:</strong>  <strong><name name="CVE-2010-2791">Timeout detection flaw
+  (mod_proxy_http)</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2791">CVE-2010-2791</a> </dd>
+</dl>
+<p>An information disclosure flaw was found in mod_proxy_http in version 2.2.9
+only, on Unix platforms. Under certain timeout conditions, the server could
+return a response intended for another user. Only those configurations
+which trigger the use of proxy worker pools are affected. There was no
+vulnerability on earlier versions, as proxy pools were not yet introduced.
+The simplest workaround is to globally configure:</p>
+<dl>
+<dt>SetEnv proxy-nokeepalive 1</dt>
+<dd>
+<p>Issue public: 23rd July 2010<br></br>Update released:
+ 31st October 2008<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.2.9</p>
+</dd>
+<dd>
+<p><strong>low:</strong>  <strong><name name="CVE-2008-2939">mod_proxy_ftp globbing
+  XSS</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939">CVE-2008-2939</a> </p>
+</dd>
+<dt>A flaw was found in the handling of wildcards in the path of a FTP URL with</dt>
+<dt>mod_proxy_ftp. If mod_proxy_ftp is enabled to support FTP-over-HTTP,</dt>
+<dt>requests containing globbing characters could lead to cross-site scripting</dt>
+<dt>(XSS) attacks.</dt>
+<dd>
+<p>Reported to security team: 28th July 2008<br></br>Issue public:
+ 5th August 2008<br></br>Update released:
+ 31st October 2008<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
+</dd>
+</dl>
+<h1 id="2.2.9">Fixed in Apache httpd 2.2.9</h1>
+<dl>
+<dd><strong>low:</strong>  <strong><name name="CVE-2007-6420">mod_proxy_balancer
+  CSRF</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6420">CVE-2007-6420</a> </dd>
+<dt>The mod_proxy_balancer provided an administrative interface that could be</dt>
+<dt>vulnerable to cross-site request forgery (CSRF) attacks.</dt>
+<dd>
+<p>Reported to security team: 12th October 2007<br></br>Issue public:
+ 9th January 2008<br></br>Update released: 14th June 2008<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
+</dd>
+<dd>
+<p><strong>moderate:</strong>  <strong><name name="CVE-2008-2364">mod_proxy_http
+  DoS</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364">CVE-2008-2364</a> </p>
+</dd>
+<dt>A flaw was found in the handling of excessive interim responses from an</dt>
+<dt>origin server when using mod_proxy_http. A remote attacker could cause a</dt>
+<dt>denial of service or high memory usage.</dt>
+<dd>
+<p>Reported to security team: 29th May 2008<br></br>Issue public:
+ 10th June 2008<br></br>Update released: 14th June 2008<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
+</dd>
+</dl>
+<h1 id="2.2.8">Fixed in Apache httpd 2.2.8</h1>
+<dl>
+<dd><strong>low:</strong>  <strong><name name="CVE-2008-0005">mod_proxy_ftp UTF-7
+  XSS</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005">CVE-2008-0005</a> </dd>
+<dt>A workaround was added in the mod_proxy_ftp module. On sites where</dt>
+<dt>mod_proxy_ftp is enabled and a forward proxy is configured, a cross-site</dt>
+<dt>scripting attack is possible against Web browsers which do not correctly</dt>
+<dt>derive the response character set following the rules in RFC 2616.</dt>
+<dd>
+<p>Reported to security team: 15th December 2007<br></br>Issue public:
+ 8th January 2008<br></br>Update released:
+ 19th January 2008<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
+</dd>
+<dd>
+<p><strong>low:</strong>  <strong><name name="CVE-2007-6422">mod_proxy_balancer
+  DoS</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6422">CVE-2007-6422</a> </p>
+</dd>
+<dt>A flaw was found in the mod_proxy_balancer module. On sites where</dt>
+<dt>mod_proxy_balancer is enabled, an authorized user could send a carefully</dt>
+<dt>crafted request that would cause the Apache child process handling that</dt>
+<dt>request to crash. This could lead to a denial of service if using a</dt>
+<dt>threaded Multi-Processing Module.</dt>
+<dd>
+<p>Reported to security team: 12th December 2007<br></br>Issue public:
+ 2nd January 2008<br></br>Update released:
+ 19th January 2008<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
+</dd>
+<dd>
+<p><strong>low:</strong>  <strong><name name="CVE-2007-6421">mod_proxy_balancer
+  XSS</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6421">CVE-2007-6421</a> </p>
+</dd>
+<dt>A flaw was found in the mod_proxy_balancer module. On sites where</dt>
+<dt>mod_proxy_balancer is enabled, a cross-site scripting attack against an</dt>
+<dt>authorized user is possible.</dt>
+<dd>
+<p>Reported to security team: 12th December 2007<br></br>Issue public:
+ 2nd January 2008<br></br>Update released:
+ 19th January 2008<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
+</dd>
+<dd>
+<p><strong>moderate:</strong>  <strong><name name="CVE-2007-6388">mod_status XSS</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388">CVE-2007-6388</a> </p>
+</dd>
+<dt>A flaw was found in the mod_status module. On sites where mod_status is</dt>
+<dt>enabled and the status pages were publicly accessible, a cross-site</dt>
+<dt>scripting attack is possible. Note that the server-status page is not</dt>
+<dt>enabled by default and it is best practice to not make this publicly</dt>
+<dt>available.</dt>
+<dd>
+<p>Reported to security team: 15th December 2007<br></br>Issue public:
+ 2nd January 2008<br></br>Update released:
+ 19th January 2008<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
+</dd>
+<dd>
+<p><strong>moderate:</strong>  <strong><name name="CVE-2007-5000">mod_imagemap XSS</name></strong></p>
+<p><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000">CVE-2007-5000</a> 
+A flaw was found in the mod_imagemap module. On sites where mod_imagemap is
+enabled and an imagemap file is publicly available, a cross-site scripting
+attack is possible.</p>
+</dd>
+<dd>
+<p>Reported to security team: 23rd October 2007<br></br>Issue public:
+ 11th December 2007<br></br>Update released:
+ 19th January 2008<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
+</dd>
+</dl>
+<h1 id="2.2.6">Fixed in Apache httpd 2.2.6</h1>
+<dl>
+<dd><strong>moderate:</strong>  <strong><name name="CVE-2007-3847">mod_proxy crash</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847">CVE-2007-3847</a> </dd>
+<dt>A flaw was found in the Apache HTTP Server mod_proxy module. On sites where</dt>
+<dt>a reverse proxy is configured, a remote attacker could send a carefully</dt>
+<dt>crafted request that would cause the Apache child process handling that</dt>
+<dt>request to crash. On sites where a forward proxy is configured, an attacker</dt>
+<dt>could cause a similar crash if a user could be persuaded to visit a</dt>
+<dt>malicious site using the proxy. This could lead to a denial of service if</dt>
+<dt>using a threaded Multi-Processing Module.</dt>
+<dd>
+<p>Issue public: 10th December 2006<br></br>Update released:
+ 7th September 2007<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
+</dd>
+<dd>
+<p><strong>moderate:</strong>  <strong><name name="CVE-2006-5752">mod_status cross-site
+  scripting</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752">CVE-2006-5752</a> </p>
+</dd>
+<dt>A flaw was found in the mod_status module. On sites where the server-status</dt>
+<dt>page is publicly accessible and ExtendedStatus is enabled this could lead</dt>
+<dt>to a cross-site scripting attack. Note that the server-status page is not</dt>
+<dt>enabled by default and it is best practice to not make this publicly</dt>
+<dt>available.</dt>
+<dd>
+<p>Reported to security team: 19th October 2006<br></br>Issue public:
+ 20th June 2007<br></br>Update released:
+ 7th September 2007<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
+</dd>
+<dd>
+<p><strong>moderate:</strong>  <strong><name name="CVE-2007-3304">Signals to arbitrary
+  processes</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304">CVE-2007-3304</a> </p>
+</dd>
+<dt>The Apache HTTP server did not verify that a process was an Apache child</dt>
+<dt>process before sending it signals. A local attacker with the ability to run</dt>
+<dt>scripts on the HTTP server could manipulate the scoreboard and cause</dt>
+<dt>arbitrary processes to be terminated which could lead to a denial of</dt>
+<dt>service.</dt>
+<dd>
+<p>Reported to security team: 15th May 2006<br></br>Issue public:
+ 19th June 2007<br></br>Update released:
+ 7th September 2007<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
+</dd>
+<dd>
+<p><strong>moderate:</strong>  <strong><name name="CVE-2007-1862">mod_cache information
+  leak</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1862">CVE-2007-1862</a> </p>
+</dd>
+<dt>The recall_headers function in mod_mem_cache in Apache 2.2.4 did not</dt>
+<dt>properly copy all levels of header data, which can cause Apache to return</dt>
+<dt>HTTP headers containing previously used data, which could be used by remote</dt>
+<dt>attackers to obtain potentially sensitive information.</dt>
+<dd>
+<p>Reported to security team: 26th April 2007<br></br>Issue public:
+ 1st June 2007<br></br>Update released: 7th September 2007<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.2.4</p>
+</dd>
+<dd>
+<p><strong>moderate:</strong>  <strong><name name="CVE-2007-1863">mod_cache proxy
+  DoS</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863">CVE-2007-1863</a> </p>
+</dd>
+<dt>A bug was found in the mod_cache module. On sites where caching is enabled,</dt>
+<dt>a remote attacker could send a carefully crafted request that would cause</dt>
+<dt>the Apache child process handling that request to crash. This could lead to</dt>
+<dt>a denial of service if using a threaded Multi-Processing Module.</dt>
+<dd>
+<p>Reported to security team: 2nd May 2007<br></br>Issue public:
+ 18th June 2007<br></br>Update released:
+ 7th September 2007<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
+</dd>
+</dl>
+<h1 id="2.2.3">Fixed in Apache httpd 2.2.3</h1>
+<dl>
+<dd><strong>important:</strong>  <strong><name name="CVE-2006-3747">mod_rewrite off-by-one
+  error</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3747">CVE-2006-3747</a> </dd>
+<dt>An off-by-one flaw exists in the Rewrite module, mod_rewrite. Depending on</dt>
+<dt>the manner in which Apache httpd was compiled, this software defect may</dt>
+<dt>result in a vulnerability which, in combination with certain types of</dt>
+<dt>Rewrite rules in the web server configuration files, could be triggered</dt>
+<dt>remotely. For vulnerable builds, the nature of the vulnerability can be</dt>
+<dt>denial of service (crashing of web server processes) or potentially allow</dt>
+<dt>arbitrary code execution.</dt>
+<dd>
+<p>Reported to security team: 21st July 2006<br></br>Issue public:
+ 27th July 2006<br></br>Update released: 27th July 2006<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.2.2, 2.2.0</p>
+</dd>
+</dl>
+<h1 id="2.2.2">Fixed in Apache httpd 2.2.2</h1>
+<dl>
+<dd><strong>low:</strong>  <strong><name name="CVE-2005-3357">mod_ssl access control
+  DoS</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3357">CVE-2005-3357</a> </dd>
+<dt>A NULL pointer dereference flaw in mod_ssl was discovered affecting server</dt>
+<dt>configurations where an SSL virtual host is configured with access control</dt>
+<dt>and a custom 400 error document. A remote attacker could send a carefully</dt>
+<dt>crafted request to trigger this issue which would lead to a crash. This</dt>
+<dt>crash would only be a denial of service if using the worker MPM.</dt>
+<dd>
+<p>Reported to security team: 5th December 2005<br></br>Issue public:
+ 12th December 2005<br></br>Update released: 1st May 2006<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.2.0</p>
+</dd>
+<dd>
+<p><strong>moderate:</strong>  <strong><name name="CVE-2005-3352">mod_imap Referer
+  Cross-Site Scripting</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352">CVE-2005-3352</a> </p>
+</dd>
+<dt>A flaw in mod_imap when using the Referer directive with image maps. In</dt>
+<dt>certain site configurations a remote attacker could perform a cross-site</dt>
+<dt>scripting attack if a victim can be forced to visit a malicious URL using</dt>
+<dt>certain web browsers.</dt>
+<dd>
+<p>Reported to security team: 1st November 2005<br></br>Issue public:
+ 12th December 2005<br></br>Update released: 1st May 2006<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.2.0</p>
+</dd>
+</dl>
             
 
             <!-- FOOTER -->



Mime
View raw message