httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r816110 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities_13.html security/vulnerabilities_20.html
Date Sun, 06 May 2012 18:48:42 GMT
Modified: websites/staging/httpd/trunk/content/security/vulnerabilities_20.html
==============================================================================
--- websites/staging/httpd/trunk/content/security/vulnerabilities_20.html (original)
+++ websites/staging/httpd/trunk/content/security/vulnerabilities_20.html Sun May  6 18:48:41 2012
@@ -5,7 +5,7 @@
         <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
         <link href="/css/apsite.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
         <meta name="author" content="Documentation Group" /><meta name="email" content="docs@httpd.apache.org" />
-        <title>Apache httpd 2.0 vulnerabilities - The Apache HTTP Server Project</title>
+        <title> - The Apache HTTP Server Project</title>
     </head>
     <body>
         
@@ -72,7 +72,1223 @@
         <!-- RIGHT SIDE INFORMATION -->
         <div id="apcontents">
             
-            
+            <p>Title: Apache httpd 2.0 vulnerabilities
+Notice:    Licensed to the Apache Software Foundation (ASF) under one
+           or more contributor license agreements.  See the NOTICE file
+           distributed with this work for additional information
+           regarding copyright ownership.  The ASF licenses this file
+           to you under the Apache License, Version 2.0 (the
+           "License"); you may not use this file except in compliance
+           with the License.  You may obtain a copy of the License at
+           .
+             http://www.apache.org/licenses/LICENSE-2.0
+           .
+           Unless required by applicable law or agreed to in writing,
+           software distributed under the License is distributed on an
+           "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+           KIND, either express or implied.  See the License for the
+           specific language governing permissions and limitations
+           under the License.</p>
+<h1 id="top">Apache httpd 2.0 vulnerabilities</h1>
+<p>This page lists all security vulnerabilities fixed in released versions of
+Apache httpd 2.0. Each vulnerability is given a security <a href="/security/impact_levels.html">impact
+rating</a> by the Apache security team - please
+note that this rating may well vary from platform to platform. We also list
+the versions of Apache httpd the flaw is known to affect, and where a flaw
+has not been verified list the version with a question mark.</p>
+<p>Please note that if a vulnerability is shown below as being fixed in a
+"-dev" release then this means that a fix has been applied to the
+development source tree and will be part of an upcoming full release.</p>
+<p>This page is created from a database of vulnerabilities originally
+populated by Apache Week. Please send comments or corrections for these
+vulnerabilities to the <a href="/security_report.html">Security Team</a>.</p>
+<h1 id="2.0.65-dev">Fixed in Apache httpd 2.0.65-dev</h1>
+<dl>
+<dd><strong>important:</strong>  <strong><name name="CVE-2011-3192">Range header remote
+  DoS</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192">CVE-2011-3192</a> </dd>
+</dl>
+<p>A flaw was found in the way the Apache HTTP Server handled Range HTTP
+headers. A remote attacker could use this flaw to cause httpd to use an
+excessive amount of memory and CPU time via HTTP requests with a
+specially-crafted Range header. This could be used in a denial of service
+attack.</p>
+<dl>
+<dt>Advisory: <a href="CVE-2011-3192.txt">CVE-2011-3192.txt</a> </dt>
+<dd>
+<p>Issue public: 20th August 2011<br></br>Update released:
+ 30th August 2011<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.64, 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54,
+ 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46,
+ 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
+</dd>
+<dd>
+<p><strong>moderate:</strong>  <strong><name name="CVE-2011-3368">mod_proxy reverse proxy
+  exposure</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368">CVE-2011-3368</a> </p>
+</dd>
+</dl>
+<p>An exposure was found when using mod_proxy in reverse proxy mode. In
+certain configurations using RewriteRule with proxy flag or ProxyPassMatch,
+a remote attacker could cause the reverse proxy to connect to an arbitrary
+server, possibly disclosing sensitive information from internal web servers
+not directly accessible to attacker.</p>
+<dl>
+<dt>Acknowledgements: This issue was reported by Context Information Security</dt>
+<dt>Ltd</dt>
+<dd>
+<p>Reported to security team: 16th September 2011<br></br>Issue public:
+ 5th October 2011<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.64, 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54,
+ 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46,
+ 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
+</dd>
+<dd>
+<p><strong>moderate:</strong>  <strong><name name="CVE-2011-0419">apr_fnmatch flaw leads to
+  mod_autoindex remote DoS</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0419">CVE-2011-0419</a> </p>
+</dd>
+</dl>
+<p>A flaw was found in the apr_fnmatch() function of the bundled APR library.
+Where mod_autoindex is enabled, and a directory indexed by mod_autoindex
+contained files with sufficiently long names, a remote attacker could send
+a carefully crafted request which would cause excessive CPU usage. This
+could be used in a denial of service attack.</p>
+<p>Workaround: Setting the 'IgnoreClient' option to the 'IndexOptions'
+directive disables processing of the client-supplied request query
+arguments, preventing this attack.</p>
+<p>Resolution: Update APR to release 0.9.20 (to be bundled with httpd 2.0.65)</p>
+<dl>
+<dt>Acknowledgements: This issue was reported by Maksymilian Arciemowicz</dt>
+<dd>
+<p>Reported to security team: 2nd March 2011<br></br>Issue public:
+ 10th May 2011<br></br>Update released: 21st May 2011<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.64, 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54,
+ 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46,
+ 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
+</dd>
+</dl>
+<h1 id="2.0.64">Fixed in Apache httpd 2.0.64</h1>
+<dl>
+<dd><strong>important:</strong>  <strong><name name="CVE-2010-0425">mod_isapi module unload
+  flaw</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0425">CVE-2010-0425</a> </dd>
+</dl>
+<p>A flaw was found with within mod_isapi which would attempt to unload the
+ISAPI dll when it encountered various error states. This could leave the
+callbacks in an undefined state and result in a segfault. On Windows
+platforms using mod_isapi, a remote attacker could send a malicious request
+to trigger this issue, and as win32 MPM runs only one process, this would
+result in a denial of service, and potentially allow arbitrary code
+execution.</p>
+<dl>
+<dt>Acknowledgements: We would like to thank Brett Gervasoni of Sense of</dt>
+<dt>Security for reporting and proposing a patch fix for this issue.</dt>
+<dd>
+<p>Reported to security team: 9th February 2010<br></br>Issue public:
+ 2nd March 2010<br></br>Update released: 19th October 2010<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53,
+ 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45,
+ 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37</p>
+</dd>
+<dd>
+<p><strong>low:</strong>  <strong><name name="CVE-2009-3720">expat DoS</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720">CVE-2009-3720</a> </p>
+</dd>
+<dt>A buffer over-read flaw was found in the bundled expat library. An attacker</dt>
+<dt>who is able to get Apache to parse an untrused XML document (for example</dt>
+<dt>through mod_dav) may be able to cause a crash. This crash would only be a</dt>
+<dt>denial of service if using the worker MPM.</dt>
+<dd>
+<p>Reported to security team: 21st August 2009<br></br>Issue public:
+ 17th January 2009<br></br>Update released:
+ 19th October 2010<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53,
+ 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45,
+ 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
+</dd>
+<dd>
+<p><strong>low:</strong>  <strong><name name="CVE-2009-3560">expat DoS</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560">CVE-2009-3560</a> </p>
+</dd>
+<dt>A buffer over-read flaw was found in the bundled expat library. An attacker</dt>
+<dt>who is able to get Apache to parse an untrused XML document (for example</dt>
+<dt>through mod_dav) may be able to cause a crash. This crash would only be a</dt>
+<dt>denial of service if using the worker MPM.</dt>
+<dd>
+<p>Issue public: 2nd December 2009<br></br>Update released:
+ 19th October 2010<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53,
+ 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45,
+ 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
+</dd>
+<dd>
+<p><strong>low:</strong>  <strong><name name="CVE-2010-1623">apr_bridage_split_line
+  DoS</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1623">CVE-2010-1623</a> </p>
+</dd>
+<dt>A flaw was found in the apr_brigade_split_line() function of the bundled</dt>
+<dt>APR-util library, used to process non-SSL requests. A remote attacker could</dt>
+<dt>send requests, carefully crafting the timing of individual bytes, which</dt>
+<dt>would slowly consume memory, potentially leading to a denial of service.</dt>
+<dd>
+<p>Reported to security team: 3rd March 2010<br></br>Issue public:
+ 1st October 2010<br></br>Update released:
+ 19th October 2010<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53,
+ 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45,
+ 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
+</dd>
+<dd>
+<p><strong>low:</strong>  <strong><name name="CVE-2010-1452">mod_dav DoS</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1452">CVE-2010-1452</a> </p>
+</dd>
+</dl>
+<p>A flaw was found in the handling of requests by mod_dav. A malicious remote
+attacker could send a carefully crafted request and cause a httpd child
+process to crash. This crash would only be a denial of service if using the
+worker MPM. This issue is further mitigated as mod_dav is only affected by
+requests that are most likely to be authenticated.</p>
+<dl>
+<dt>Acknowledgements: This issue was reported by Mark Drayton.</dt>
+<dd>
+<p>Reported to security team: 4th May 2010<br></br>Issue public:
+ 25th July 2010<br></br>Update released: 19th October 2010<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53,
+ 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45,
+ 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
+</dd>
+<dd>
+<p><strong>low:</strong>  <strong><name name="CVE-2009-2412">APR apr_palloc heap
+  overflow</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412">CVE-2009-2412</a> </p>
+</dd>
+<dt>A flaw in apr_palloc() in the bundled copy of APR could cause heap</dt>
+<dt>overflows in programs that try to apr_palloc() a user controlled size. The</dt>
+<dt>Apache HTTP Server itself does not pass unsanitized user-provided sizes to</dt>
+<dt>this function, so it could only be triggered through some other application</dt>
+<dt>which uses apr_palloc() in a vulnerable way.</dt>
+<dd>
+<p>Reported to security team: 27th July 2009<br></br>Issue public:
+ 4th August 2009<br></br>Update released:
+ 19th October 2010<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53,
+ 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45,
+ 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
+</dd>
+<dd>
+<p><strong>low:</strong>  <strong><name name="CVE-2009-1891">mod_deflate DoS</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891">CVE-2009-1891</a> </p>
+</dd>
+<dt>A denial of service flaw was found in the mod_deflate module. This module</dt>
+<dt>continued to compress large files until compression was complete, even if</dt>
+<dt>the network connection that requested the content was closed before</dt>
+<dt>compression completed. This would cause mod_deflate to consume large</dt>
+<dt>amounts of CPU if mod_deflate was enabled for a large file.</dt>
+<dd>
+<p>Issue public: 26th June 2009<br></br>Update released:
+ 19th October 2010<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53,
+ 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45,
+ 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
+</dd>
+<dd>
+<p><strong>low:</strong>  <strong><name name="CVE-2009-3095">mod_proxy_ftp FTP command
+  injection</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095">CVE-2009-3095</a> </p>
+</dd>
+<dt>A flaw was found in the mod_proxy_ftp module. In a reverse proxy</dt>
+<dt>configuration, a remote attacker could use this flaw to bypass intended</dt>
+<dt>access restrictions by creating a carefully-crafted HTTP Authorization</dt>
+<dt>header, allowing the attacker to send arbitrary commands to the FTP server.</dt>
+<dd>
+<p>Reported to security team: 3rd September 2009<br></br>Issue public:
+ 3rd August 2009<br></br>Update released:
+ 19th October 2010<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53,
+ 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45,
+ 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
+</dd>
+<dd>
+<p><strong>low:</strong>  <strong><name name="CVE-2009-3094">mod_proxy_ftp DoS</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094">CVE-2009-3094</a> </p>
+</dd>
+<dt>A NULL pointer dereference flaw was found in the mod_proxy_ftp module. A</dt>
+<dt>malicious FTP server to which requests are being proxied could use this</dt>
+<dt>flaw to crash an httpd child process via a malformed reply to the EPSV or</dt>
+<dt>PASV commands, resulting in a limited denial of service.</dt>
+<dd>
+<p>Reported to security team: 4th September 2009<br></br>Issue public:
+ 2nd August 2009<br></br>Update released:
+ 19th October 2010<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53,
+ 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45,
+ 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
+</dd>
+<dd>
+<p><strong>low:</strong>  <strong><name name="CVE-2010-0434">Subrequest handling of request
+  headers (mod_headers)</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0434">CVE-2010-0434</a> </p>
+</dd>
+</dl>
+<p>A flaw in the core subrequest process code was fixed, to always provide a
+shallow copy of the headers_in array to the subrequest, instead of a
+pointer to the parent request's array as it had for requests without
+request bodies. This meant all modules such as mod_headers which may
+manipulate the input headers for a subrequest would poison the parent
+request in two ways, one by modifying the parent request, which might not
+be intended, and second by leaving pointers to modified header fields in
+memory allocated to the subrequest scope, which could be freed before the
+main request processing was finished, resulting in a segfault or in
+revealing data from another request on threaded servers, such as the worker
+or winnt MPMs.</p>
+<dl>
+<dt>Acknowledgements: We would like to thank Philip Pickett of VMware for</dt>
+<dt>reporting and proposing a fix for this issue.</dt>
+<dd>
+<p>Issue public: 9th December 2009<br></br>Update released:
+ 19th October 2010<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53,
+ 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45,
+ 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
+</dd>
+<dd>
+<p><strong>low:</strong>  <strong><name name="CVE-2008-2939">mod_proxy_ftp globbing
+  XSS</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939">CVE-2008-2939</a> </p>
+</dd>
+<dt>A flaw was found in the handling of wildcards in the path of a FTP URL with</dt>
+<dt>mod_proxy_ftp. If mod_proxy_ftp is enabled to support FTP-over-HTTP,</dt>
+<dt>requests containing globbing characters could lead to cross-site scripting</dt>
+<dt>(XSS) attacks.</dt>
+<dd>
+<p>Reported to security team: 28th July 2008<br></br>Issue public:
+ 5th August 2008<br></br>Update released:
+ 19th October 2010<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53,
+ 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45,
+ 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
+</dd>
+<dd>
+<p><strong>moderate:</strong>  <strong><name name="CVE-2008-2364">mod_proxy_http
+  DoS</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364">CVE-2008-2364</a> </p>
+</dd>
+<dt>A flaw was found in the handling of excessive interim responses from an</dt>
+<dt>origin server when using mod_proxy_http. A remote attacker could cause a</dt>
+<dt>denial of service or high memory usage.</dt>
+<dd>
+<p>Reported to security team: 29th May 2008<br></br>Issue public:
+ 10th June 2008<br></br>Update released: 19th October 2010<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53,
+ 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45,
+ 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
+</dd>
+</dl>
+<h1 id="2.0.63">Fixed in Apache httpd 2.0.63</h1>
+<dl>
+<dd><strong>low:</strong>  <strong><name name="CVE-2008-0005">mod_proxy_ftp UTF-7
+  XSS</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005">CVE-2008-0005</a> </dd>
+<dt>A workaround was added in the mod_proxy_ftp module. On sites where</dt>
+<dt>mod_proxy_ftp is enabled and a forward proxy is configured, a cross-site</dt>
+<dt>scripting attack is possible against Web browsers which do not correctly</dt>
+<dt>derive the response character set following the rules in RFC 2616.</dt>
+<dd>
+<p>Reported to security team: 15th December 2007<br></br>Issue public:
+ 8th January 2008<br></br>Update released:
+ 19th January 2008<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52,
+ 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44,
+ 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
+</dd>
+<dd>
+<p><strong>moderate:</strong>  <strong><name name="CVE-2007-6388">mod_status XSS</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388">CVE-2007-6388</a> </p>
+</dd>
+<dt>A flaw was found in the mod_status module. On sites where mod_status is</dt>
+<dt>enabled and the status pages were publicly accessible, a cross-site</dt>
+<dt>scripting attack is possible. Note that the server-status page is not</dt>
+<dt>enabled by default and it is best practice to not make this publicly</dt>
+<dt>available.</dt>
+<dd>
+<p>Reported to security team: 15th December 2007<br></br>Issue public:
+ 2nd January 2008<br></br>Update released:
+ 19th January 2008<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52,
+ 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44,
+ 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
+</dd>
+<dd>
+<p><strong>moderate:</strong>  <strong><name name="CVE-2007-5000">mod_imap XSS</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000">CVE-2007-5000</a> </p>
+</dd>
+<dt>A flaw was found in the mod_imap module. On sites where mod_imap is enabled</dt>
+<dt>and an imagemap file is publicly available, a cross-site scripting attack</dt>
+<dt>is possible.</dt>
+<dd>
+<p>Reported to security team: 23rd October 2007<br></br>Issue public:
+ 11th December 2007<br></br>Update released:
+ 19th January 2008<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52,
+ 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44,
+ 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
+</dd>
+</dl>
+<h1 id="2.0.61">Fixed in Apache httpd 2.0.61</h1>
+<dl>
+<dd><strong>moderate:</strong>  <strong><name name="CVE-2007-3847">mod_proxy crash</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847">CVE-2007-3847</a> </dd>
+<dt>A flaw was found in the Apache HTTP Server mod_proxy module. On sites where</dt>
+<dt>a reverse proxy is configured, a remote attacker could send a carefully</dt>
+<dt>crafted request that would cause the Apache child process handling that</dt>
+<dt>request to crash. On sites where a forward proxy is configured, an attacker</dt>
+<dt>could cause a similar crash if a user could be persuaded to visit a</dt>
+<dt>malicious site using the proxy. This could lead to a denial of service if</dt>
+<dt>using a threaded Multi-Processing Module.</dt>
+<dd>
+<p>Issue public: 10th December 2006<br></br>Update released:
+ 7th September 2007<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51,
+ 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43,
+ 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
+</dd>
+<dd>
+<p><strong>moderate:</strong>  <strong><name name="CVE-2006-5752">mod_status cross-site
+  scripting</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752">CVE-2006-5752</a> </p>
+</dd>
+<dt>A flaw was found in the mod_status module. On sites where the server-status</dt>
+<dt>page is publicly accessible and ExtendedStatus is enabled this could lead</dt>
+<dt>to a cross-site scripting attack. Note that the server-status page is not</dt>
+<dt>enabled by default and it is best practice to not make this publicly</dt>
+<dt>available.</dt>
+<dd>
+<p>Reported to security team: 19th October 2006<br></br>Issue public:
+ 20th June 2007<br></br>Update released:
+ 7th September 2007<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51,
+ 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43,
+ 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
+</dd>
+<dd>
+<p><strong>moderate:</strong>  <strong><name name="CVE-2007-3304">Signals to arbitrary
+  processes</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304">CVE-2007-3304</a> </p>
+</dd>
+<dt>The Apache HTTP server did not verify that a process was an Apache child</dt>
+<dt>process before sending it signals. A local attacker with the ability to run</dt>
+<dt>scripts on the HTTP server could manipulate the scoreboard and cause</dt>
+<dt>arbitrary processes to be terminated which could lead to a denial of</dt>
+<dt>service.</dt>
+<dd>
+<p>Reported to security team: 15th May 2006<br></br>Issue public:
+ 19th June 2007<br></br>Update released:
+ 7th September 2007<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51,
+ 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43,
+ 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
+</dd>
+<dd>
+<p><strong>moderate:</strong>  <strong><name name="CVE-2007-1863">mod_cache proxy
+  DoS</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863">CVE-2007-1863</a> </p>
+</dd>
+<dt>A bug was found in the mod_cache module. On sites where caching is enabled,</dt>
+<dt>a remote attacker could send a carefully crafted request that would cause</dt>
+<dt>the Apache child process handling that request to crash. This could lead to</dt>
+<dt>a denial of service if using a threaded Multi-Processing Module.</dt>
+<dd>
+<p>Reported to security team: 2nd May 2007<br></br>Issue public:
+ 18th June 2007<br></br>Update released:
+ 7th September 2007<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51,
+ 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43,
+ 2.0.42, 2.0.40, 2.0.39, 2.0.37</p>
+</dd>
+</dl>
+<h1 id="2.0.59">Fixed in Apache httpd 2.0.59</h1>
+<dl>
+<dd><strong>important:</strong>  <strong><name name="CVE-2006-3747">mod_rewrite off-by-one
+  error</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3747">CVE-2006-3747</a> </dd>
+<dt>An off-by-one flaw exists in the Rewrite module, mod_rewrite. Depending on</dt>
+<dt>the manner in which Apache httpd was compiled, this software defect may</dt>
+<dt>result in a vulnerability which, in combination with certain types of</dt>
+<dt>Rewrite rules in the web server configuration files, could be triggered</dt>
+<dt>remotely. For vulnerable builds, the nature of the vulnerability can be</dt>
+<dt>denial of service (crashing of web server processes) or potentially allow</dt>
+<dt>arbitrary code execution.</dt>
+<dd>
+<p>Reported to security team: 21st July 2006<br></br>Issue public:
+ 27th July 2006<br></br>Update released: 27th July 2006<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50,
+ 2.0.49, 2.0.48, 2.0.47, 2.0.46</p>
+</dd>
+</dl>
+<h1 id="2.0.58">Fixed in Apache httpd 2.0.58</h1>
+<dl>
+<dd><strong>low:</strong>  <strong><name name="CVE-2005-3357">mod_ssl access control
+  DoS</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3357">CVE-2005-3357</a> </dd>
+<dt>A NULL pointer dereference flaw in mod_ssl was discovered affecting server</dt>
+<dt>configurations where an SSL virtual host is configured with access control</dt>
+<dt>and a custom 400 error document. A remote attacker could send a carefully</dt>
+<dt>crafted request to trigger this issue which would lead to a crash. This</dt>
+<dt>crash would only be a denial of service if using the worker MPM.</dt>
+<dd>
+<p>Reported to security team: 5th December 2005<br></br>Issue public:
+ 12th December 2005<br></br>Update released: 1st May 2006<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49,
+ 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40,
+ 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
+</dd>
+<dd>
+<p><strong>moderate:</strong>  <strong><name name="CVE-2005-3352">mod_imap Referer
+  Cross-Site Scripting</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352">CVE-2005-3352</a> </p>
+</dd>
+<dt>A flaw in mod_imap when using the Referer directive with image maps. In</dt>
+<dt>certain site configurations a remote attacker could perform a cross-site</dt>
+<dt>scripting attack if a victim can be forced to visit a malicious URL using</dt>
+<dt>certain web browsers.</dt>
+<dd>
+<p>Reported to security team: 1st November 2005<br></br>Issue public:
+ 12th December 2005<br></br>Update released: 1st May 2006<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49,
+ 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40,
+ 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
+</dd>
+</dl>
+<h1 id="2.0.55">Fixed in Apache httpd 2.0.55</h1>
+<dl>
+<dd><strong>important:</strong>  <strong><name name="CVE-2005-2700">SSLVerifyClient
+  bypass</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2700">CVE-2005-2700</a> </dd>
+<dt>A flaw in the mod_ssl handling of the "SSLVerifyClient" directive. This</dt>
+<dt>flaw would occur if a virtual host has been configured using</dt>
+<dt>"SSLVerifyClient optional" and further a directive "SSLVerifyClient</dt>
+<dt>required" is set for a specific location. For servers configured in this</dt>
+<dt>fashion, an attacker may be able to access resources that should otherwise</dt>
+<dt>be protected, by not supplying a client certificate when connecting.</dt>
+<dd>
+<p>Issue public: 30th August 2005<br></br>Update released:
+ 14th October 2005<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48,
+ 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39,
+ 2.0.37, 2.0.36, 2.0.35</p>
+</dd>
+<dd>
+<p><strong>low:</strong>  <strong><name name="CVE-2005-2970">Worker MPM memory
+  leak</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2970">CVE-2005-2970</a> </p>
+</dd>
+<dt>A memory leak in the worker MPM would allow remote attackers to cause a</dt>
+<dt>denial of service (memory consumption) via aborted connections, which</dt>
+<dt>prevents the memory for the transaction pool from being reused for other</dt>
+<dt>connections. This issue was downgraded in severity to low (from moderate)</dt>
+<dt>as sucessful exploitation of the race condition would be difficult.</dt>
+<dd>
+<p>Update released: 14th October 2005<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48,
+ 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39,
+ 2.0.37, 2.0.36</p>
+</dd>
+<dd>
+<p><strong>low:</strong>  <strong><name name="CVE-2005-2491">PCRE overflow</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2491">CVE-2005-2491</a> </p>
+</dd>
+<dt>An integer overflow flaw was found in PCRE, a Perl-compatible regular</dt>
+<dt>expression library included within httpd. A local user who has the ability</dt>
+<dt>to create.htaccess files could create a maliciously crafted regular</dt>
+<dt>expression in such as way that they could gain the privileges of a httpd</dt>
+<dt>child.</dt>
+<dd>
+<p>Issue public: 1st August 2005<br></br>Update released:
+ 14th October 2005<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48,
+ 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39,
+ 2.0.37, 2.0.36, 2.0.35</p>
+</dd>
+<dd>
+<p><strong>low:</strong>  <strong><name name="CVE-2005-1268">Malicious CRL
+  off-by-one</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1268">CVE-2005-1268</a> </p>
+</dd>
+<dt>An off-by-one stack overflow was discovered in the mod_ssl CRL verification</dt>
+<dt>callback. In order to exploit this issue the Apache server would need to be</dt>
+<dt>configured to use a malicious certificate revocation list (CRL)</dt>
+<dd>
+<p>Issue public: 8th June 2005<br></br>Update released:
+ 14th October 2005<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48,
+ 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39,
+ 2.0.37, 2.0.36, 2.0.35</p>
+</dd>
+<dd>
+<p><strong>moderate:</strong>  <strong><name name="CVE-2005-2728">Byterange filter
+  DoS</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2728">CVE-2005-2728</a> </p>
+</dd>
+<dt>A flaw in the byterange filter would cause some responses to be buffered</dt>
+<dt>into memory. If a server has a dynamic resource such as a CGI script or PHP</dt>
+<dt>script which generates a large amount of data, an attacker could send</dt>
+<dt>carefully crafted requests in order to consume resources, potentially</dt>
+<dt>leading to a Denial of Service.</dt>
+<dd>
+<p>Issue public: 7th July 2005<br></br>Update released:
+ 14th October 2005<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48,
+ 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39,
+ 2.0.37, 2.0.36, 2.0.35</p>
+</dd>
+<dd>
+<p><strong>moderate:</strong>  <strong><name name="CVE-2005-2088">HTTP Request
+  Spoofing</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2088">CVE-2005-2088</a> </p>
+</dd>
+<dt>A flaw occured when using the Apache server as a HTTP proxy. A remote</dt>
+<dt>attacker could send a HTTP request with both a "Transfer-Encoding: chunked"</dt>
+<dt>header and a Content-Length header, causing Apache to incorrectly handle</dt>
+<dt>and forward the body of the request in a way that causes the receiving</dt>
+<dt>server to process it as a separate HTTP request. This could allow the</dt>
+<dt>bypass of web application firewall protection or lead to cross-site</dt>
+<dt>scripting (XSS) attacks.</dt>
+<dd>
+<p>Issue public: 11th June 2005<br></br>Update released:
+ 14th October 2005<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48,
+ 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39,
+ 2.0.37, 2.0.36, 2.0.35</p>
+</dd>
+</dl>
+<h1 id="2.0.53">Fixed in Apache httpd 2.0.53</h1>
+<dl>
+<dd><strong>important:</strong>  <strong><name name="CVE-2004-0942">Memory consumption
+  DoS</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0942">CVE-2004-0942</a> </dd>
+<dt>An issue was discovered where the field length limit was not enforced for</dt>
+<dt>certain malicious requests. This could allow a remote attacker who is able</dt>
+<dt>to send large amounts of data to a server the ability to cause Apache</dt>
+<dt>children to consume proportional amounts of memory, leading to a denial of</dt>
+<dt>service.</dt>
+<dd>
+<p>Reported to security team: 28th October 2004<br></br>Issue public:
+ 1st November 2004<br></br>Update released:
+ 8th February 2005<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46,
+ 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
+</dd>
+<dd>
+<p><strong>low:</strong>  <strong><name name="CVE-2004-1834">mod_disk_cache stores
+  sensitive headers</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1834">CVE-2004-1834</a> </p>
+</dd>
+<dt>The experimental mod_disk_cache module stored client authentication</dt>
+<dt>credentials for cached objects such as proxy authentication credentials and</dt>
+<dt>Basic Authentication passwords on disk.</dt>
+<dd>
+<p>Reported to security team: 2nd March 2004<br></br>Issue public:
+ 20th March 2004<br></br>Update released:
+ 8th February 2005<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46,
+ 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
+</dd>
+<dd>
+<p><strong>moderate:</strong>  <strong><name name="CVE-2004-0885">SSLCipherSuite
+  bypass</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0885">CVE-2004-0885</a> </p>
+</dd>
+<dt>An issue has been discovered in the mod_ssl module when configured to use</dt>
+<dt>the "SSLCipherSuite" directive in directory or location context. If a</dt>
+<dt>particular location context has been configured to require a specific set</dt>
+<dt>of cipher suites, then a client will be able to access that location using</dt>
+<dt>any cipher suite allowed by the virtual host configuration.</dt>
+<dd>
+<p>Issue public: 1st October 2004<br></br>Update released:
+ 8th February 2005<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46,
+ 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
+</dd>
+</dl>
+<h1 id="2.0.52">Fixed in Apache httpd 2.0.52</h1>
+<dl>
+<dd><strong>important:</strong>  <strong><name name="CVE-2004-0811">Basic authentication
+  bypass</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0811">CVE-2004-0811</a> </dd>
+<dt>A flaw in Apache 2.0.51 (only) broke the merging of the Satisfy directive</dt>
+<dt>which could result in access being granted to resources despite any</dt>
+<dt>configured authentication</dt>
+<dd>
+<p>Issue public: 18th September 2004<br></br>Update released:
+ 28th September 2004<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.51</p>
+</dd>
+</dl>
+<h1 id="2.0.51">Fixed in Apache httpd 2.0.51</h1>
+<dl>
+<dd><strong>critical:</strong>  <strong><name name="CVE-2004-0786">IPv6 URI parsing heap
+  overflow</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0786">CVE-2004-0786</a> </dd>
+<dt>Testing using the Codenomicon HTTP Test Tool performed by the Apache</dt>
+<dt>Software Foundation security group and Red Hat uncovered an input</dt>
+<dt>validation issue in the IPv6 URI parsing routines in the apr-util library.</dt>
+<dt>If a remote attacker sent a request including a carefully crafted URI, an</dt>
+<dt>httpd child process could be made to crash. One some BSD systems it is</dt>
+<dt>believed this flaw may be able to lead to remote code execution.</dt>
+<dd>
+<p>Reported to security team: 25th August 2004<br></br>Issue public:
+ 15th September 2004<br></br>Update released:
+ 15th September 2004<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44,
+ 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
+</dd>
+<dd>
+<p><strong>important:</strong>  <strong><name name="CVE-2004-0748">SSL connection infinite
+  loop</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0748">CVE-2004-0748</a> </p>
+</dd>
+<dt>An issue was discovered in the mod_ssl module in Apache 2.0. A remote</dt>
+<dt>attacker who forces an SSL connection to be aborted in a particular state</dt>
+<dt>may cause an Apache child process to enter an infinite loop, consuming CPU</dt>
+<dt>resources.</dt>
+<dd>
+<p>Issue public: 7th July 2004<br></br>Update released:
+ 15th September 2004<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.50, 2.0.49?, 2.0.48?, 2.0.47?, 2.0.46?, 2.0.45?,
+ 2.0.44?, 2.0.43?, 2.0.42?, 2.0.40?, 2.0.39?, 2.0.37?, 2.0.36?, 2.0.35?</p>
+</dd>
+<dd>
+<p><strong>low:</strong>  <strong><name name="CVE-2004-0747">Environment variable expansion
+  flaw</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0747">CVE-2004-0747</a> </p>
+</dd>
+</dl>
+<p>A buffer overflow was found in the expansion of environment variables
+during configuration file parsing. This issue could allow a local user to
+gain the privileges of a httpd child if a server can be forced to parse a
+carefully crafted.htaccess file written by a local user.</p>
+<dl>
+<dt>Acknowledgements: We would like to thank the Swedish IT Incident Centre</dt>
+<dt>(SITIC) for reporting this issue.</dt>
+<dd>
+<p>Reported to security team: 5th August 2004<br></br>Issue public:
+ 15th September 2004<br></br>Update released:
+ 15th September 2004<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44,
+ 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
+</dd>
+<dd>
+<p><strong>low:</strong>  <strong><name name="CVE-2004-0751">Malicious SSL proxy can cause
+  crash</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0751">CVE-2004-0751</a> </p>
+</dd>
+<dt>An issue was discovered in the mod_ssl module in Apache 2.0.44-2.0.50 which</dt>
+<dt>could be triggered if the server is configured to allow proxying to a</dt>
+<dt>remote SSL server. A malicious remote SSL server could force an httpd child</dt>
+<dt>process to crash by sending a carefully crafted response header. This issue</dt>
+<dt>is not believed to allow execution of arbitrary code and will only result</dt>
+<dt>in a denial of service where a threaded process model is in use.</dt>
+<dd>
+<p>Issue public: 7th July 2004<br></br>Update released:
+ 15th September 2004<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44</p>
+</dd>
+<dd>
+<p><strong>low:</strong>  <strong><name name="CVE-2004-0809">WebDAV remote crash</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0809">CVE-2004-0809</a> </p>
+</dd>
+<dt>An issue was discovered in the mod_dav module which could be triggered for</dt>
+<dt>a location where WebDAV authoring access has been configured. A malicious</dt>
+<dt>remote client which is authorized to use the LOCK method could force an</dt>
+<dt>httpd child process to crash by sending a particular sequence of LOCK</dt>
+<dt>requests. This issue does not allow execution of arbitrary code. and will</dt>
+<dt>only result in a denial of service where a threaded process model is in</dt>
+<dt>use.</dt>
+<dd>
+<p>Issue public: 12th September 2004<br></br>Update released:
+ 15th September 2004<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44,
+ 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
+</dd>
+</dl>
+<h1 id="2.0.50">Fixed in Apache httpd 2.0.50</h1>
+<dl>
+<dd><strong>important:</strong>  <strong><name name="CVE-2004-0493">Header parsing memory
+  leak</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0493">CVE-2004-0493</a> </dd>
+<dt>A memory leak in parsing of HTTP headers which can be triggered remotely</dt>
+<dt>may allow a denial of service attack due to excessive memory consumption.</dt>
+<dd>
+<p>Reported to security team: 13th June 2004<br></br>Issue public:
+ 1st July 2004<br></br>Update released: 1st July 2004<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.49, 2.0.48?, 2.0.47?, 2.0.46?, 2.0.45?, 2.0.44?,
+ 2.0.43?, 2.0.42?, 2.0.40?, 2.0.39?, 2.0.37?, 2.0.36?, 2.0.35?</p>
+</dd>
+<dd>
+<p><strong>low:</strong>  <strong><name name="CVE-2004-0488">FakeBasicAuth
+  overflow</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0488">CVE-2004-0488</a> </p>
+</dd>
+<dt>A buffer overflow in the mod_ssl FakeBasicAuth code could be exploited by</dt>
+<dt>an attacker using a (trusted) client certificate with a subject DN field</dt>
+<dt>which exceeds 6K in length.</dt>
+<dd>
+<p>Issue public: 17th May 2004<br></br>Update released:
+ 1st July 2004<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43,
+ 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
+</dd>
+</dl>
+<h1 id="2.0.49">Fixed in Apache httpd 2.0.49</h1>
+<dl>
+<dd><strong>important:</strong>  <strong><name name="CVE-2004-0174">listening socket
+  starvation</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0174">CVE-2004-0174</a> </dd>
+<dt>A starvation issue on listening sockets occurs when a short-lived</dt>
+<dt>connection on a rarely-accessed listening socket will cause a child to hold</dt>
+<dt>the accept mutex and block out new connections until another connection</dt>
+<dt>arrives on that rarely-accessed listening socket. This issue is known to</dt>
+<dt>affect some versions of AIX, Solaris, and Tru64; it is known to not affect</dt>
+<dt>FreeBSD or Linux.</dt>
+<dd>
+<p>Reported to security team: 25th February 2004<br></br>Issue public:
+ 18th March 2004<br></br>Update released: 19th March 2004<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42,
+ 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
+</dd>
+<dd>
+<p><strong>important:</strong>  <strong><name name="CVE-2004-0113">mod_ssl memory
+  leak</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0113">CVE-2004-0113</a> </p>
+</dd>
+<dt>A memory leak in mod_ssl allows a remote denial of service attack against</dt>
+<dt>an SSL-enabled server by sending plain HTTP requests to the SSL port.</dt>
+<dd>
+<p>Issue public: 20th February 2004<br></br>Update released:
+ 19th March 2004<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42,
+ 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
+</dd>
+<dd>
+<p><strong>low:</strong>  <strong><name name="CVE-2003-0020">Error log escape
+  filtering</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0020">CVE-2003-0020</a> </p>
+</dd>
+<dt>Apache does not filter terminal escape sequences from error logs, which</dt>
+<dt>could make it easier for attackers to insert those sequences into terminal</dt>
+<dt>emulators containing vulnerabilities related to escape sequences.</dt>
+<dd>
+<p>Issue public: 24th February 2003<br></br>Update released:
+ 19th March 2004<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42,
+ 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
+</dd>
+</dl>
+<h1 id="2.0.48">Fixed in Apache httpd 2.0.48</h1>
+<dl>
+<dd><strong>low:</strong>  <strong><name name="CVE-2003-0542">Local configuration regular
+  expression overflow</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0542">CVE-2003-0542</a> </dd>
+<dt>By using a regular expression with more than 9 captures a buffer overflow</dt>
+<dt>can occur in mod_alias or mod_rewrite. To exploit this an attacker would</dt>
+<dt>need to be able to create a carefully crafted configuration file (.htaccess</dt>
+<dt>or httpd.conf)</dt>
+<dd>
+<p>Reported to security team: 4th August 2003<br></br>Issue public:
+ 27th October 2003<br></br>Update released:
+ 27th October 2003<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40,
+ 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
+</dd>
+<dd>
+<p><strong>moderate:</strong>  <strong><name name="CVE-2003-0789">CGI output information
+  leak</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0789">CVE-2003-0789</a> </p>
+</dd>
+<dt>A bug in mod_cgid mishandling of CGI redirect paths can result in CGI</dt>
+<dt>output going to the wrong client when a threaded MPM is used.</dt>
+<dd>
+<p>Reported to security team: 3rd October 2003<br></br>Issue public:
+ 27th October 2003<br></br>Update released:
+ 27th October 2003<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40,
+ 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
+</dd>
+</dl>
+<h1 id="2.0.47">Fixed in Apache httpd 2.0.47</h1>
+<dl>
+<dd><strong>important:</strong>  <strong><name name="CVE-2003-0253">Remote DoS with multiple
+  Listen directives</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0253">CVE-2003-0253</a> </dd>
+<dt>In a server with multiple listening sockets a certain error returned by</dt>
+<dt>accept() on a rarely access port can cause a temporary denial of service,</dt>
+<dt>due to a bug in the prefork MPM.</dt>
+<dd>
+<p>Reported to security team: 25th June 2003<br></br>Issue public:
+ 9th July 2003<br></br>Update released: 9th July 2003<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39,
+ 2.0.37, 2.0.36, 2.0.35</p>
+</dd>
+<dd>
+<p><strong>low:</strong>  <strong><name name="CVE-2003-0192">mod_ssl renegotiation
+  issue</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0192">CVE-2003-0192</a> </p>
+</dd>
+<dt>A bug in the optional renegotiation code in mod_ssl included with Apache</dt>
+<dt>httpd can cause cipher suite restrictions to be ignored. This is triggered</dt>
+<dt>if optional renegotiation is used (SSLOptions +OptRenegotiate) along with</dt>
+<dt>verification of client certificates and a change to the cipher suite over</dt>
+<dt>the renegotiation.</dt>
+<dd>
+<p>Reported to security team: 30th April 2003<br></br>Issue public:
+ 9th July 2003<br></br>Update released: 9th July 2003<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39,
+ 2.0.37, 2.0.36, 2.0.35</p>
+</dd>
+<dd>
+<p><strong>moderate:</strong>  <strong><name name="CVE-2003-0254">Remote DoS via IPv6 ftp
+  proxy</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0254">CVE-2003-0254</a> </p>
+</dd>
+<dt>When a client requests that proxy ftp connect to a ftp server with IPv6</dt>
+<dt>address, and the proxy is unable to create an IPv6 socket, an infinite loop</dt>
+<dt>occurs causing a remote Denial of Service.</dt>
+<dd>
+<p>Reported to security team: 25th June 2003<br></br>Issue public:
+ 9th July 2003<br></br>Update released: 9th July 2003<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39,
+ 2.0.37, 2.0.36, 2.0.35</p>
+</dd>
+</dl>
+<h1 id="2.0.46">Fixed in Apache httpd 2.0.46</h1>
+<dl>
+<dd>
+<p><strong>critical:</strong>  <strong><name name="CVE-2003-0245">APR remote crash</name></strong></p>
+<p><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0245">CVE-2003-0245</a> 
+A vulnerability in the apr_psprintf function in the Apache Portable Runtime
+(APR) library allows remote attackers to cause a denial of service (crash)
+and possibly execute arbitrary code via long strings, as demonstrated using
+XML objects to mod_dav, and possibly other vectors.</p>
+</dd>
+<dd>
+<p>Reported to security team: 9th April 2003<br></br>Issue public:
+ 28th May 2003<br></br>Update released: 28th May 2003<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37</p>
+</dd>
+<dd>
+<p><strong>important:</strong>  <strong><name name="CVE-2003-0189">Basic Authentication
+  DoS</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0189">CVE-2003-0189</a> </p>
+</dd>
+<dt>A build system problem in Apache 2.0.40 through 2.0.45 allows remote</dt>
+<dt>attackers to cause a denial of access to authenticated content when a</dt>
+<dt>threaded server is used.</dt>
+<dd>
+<p>Reported to security team: 25th April 2003<br></br>Issue public:
+ 28th May 2003<br></br>Update released: 28th May 2003<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40</p>
+</dd>
+<dd>
+<p><strong>important:</strong>  <strong><name name="CVE-2003-0134">OS2 device name
+  DoS</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0134">CVE-2003-0134</a> </p>
+</dd>
+<dt>Apache on OS2 up to and including Apache 2.0.45 have a Denial of Service</dt>
+<dt>vulnerability caused by device names.</dt>
+<dd>
+<p>Issue public: 31st March 2003<br></br>Update released:
+ 28th May 2003<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.45, 2.0.44?, 2.0.43?, 2.0.42?, 2.0.40?, 2.0.39?,
+ 2.0.37?, 2.0.36?, 2.0.35?</p>
+</dd>
+<dd>
+<p><strong>low:</strong>  <strong><name name="CVE-2003-0083">Filtered escape
+  sequences</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0083">CVE-2003-0083</a> </p>
+</dd>
+<dt>Apache did not filter terminal escape sequences from its access logs, which</dt>
+<dt>could make it easier for attackers to insert those sequences into terminal</dt>
+<dt>emulators containing vulnerabilities related to escape sequences.</dt>
+<dd>
+<p>Issue public: 24th February 2003<br></br>Update released:
+ 2nd April 2004<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37,
+ 2.0.36, 2.0.35</p>
+</dd>
+</dl>
+<h1 id="2.0.45">Fixed in Apache httpd 2.0.45</h1>
+<dl>
+<dd><strong>important:</strong>  <strong><name name="CVE-2003-0132">Line feed memory leak
+  DoS</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0132">CVE-2003-0132</a> </dd>
+<dt>Apache 2.0 versions before Apache 2.0.45 had a significant Denial of</dt>
+<dt>Service vulnerability. Remote attackers could cause a denial of service</dt>
+<dt>(memory consumption) via large chunks of linefeed characters, which causes</dt>
+<dt>Apache to allocate 80 bytes for each linefeed.</dt>
+<dd>
+<p>Issue public: 2nd April 2004<br></br>Update released:
+ 2nd April 2004<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36,
+ 2.0.35</p>
+</dd>
+</dl>
+<h1 id="2.0.44">Fixed in Apache httpd 2.0.44</h1>
+<dl>
+<dd><strong>critical:</strong>  <strong><name name="CVE-2003-0016">MS-DOS device name
+  filtering</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0016">CVE-2003-0016</a> </dd>
+<dt>On Windows platforms Apache did not correctly filter MS-DOS device names</dt>
+<dt>which could lead to denial of service attacks or remote code execution.</dt>
+<dd>
+<p>Reported to security team: 4th December 2002<br></br>Issue public:
+ 20th January 2003<br></br>Update released:
+ 20th January 2003<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.43, 2.0.42?, 2.0.40?, 2.0.39?, 2.0.37?, 2.0.36?, 2.0.35?</p>
+</dd>
+<dd>
+<p><strong>important:</strong>  <strong><name name="CVE-2003-0017">Apache can serve
+  unexpected files</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0017">CVE-2003-0017</a> </p>
+</dd>
+<dt>On Windows platforms Apache could be forced to serve unexpected files by</dt>
+<dt>appending illegal characters such as '&lt;' to the request URL</dt>
+<dd>
+<p>Reported to security team: 15th November 2002<br></br>Issue public:
+ 20th January 2003<br></br>Update released:
+ 20th January 2003<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.43, 2.0.42?, 2.0.40?, 2.0.39?, 2.0.37?, 2.0.36?, 2.0.35?</p>
+</dd>
+</dl>
+<h1 id="2.0.43">Fixed in Apache httpd 2.0.43</h1>
+<dl>
+<dd><strong>low:</strong>  <strong><name name="CVE-2002-0840">Error page XSS using wildcard
+  DNS</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0840">CVE-2002-0840</a> </dd>
+<dt>Cross-site scripting (XSS) vulnerability in the default error page of</dt>
+<dt>Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is</dt>
+<dt>"Off" and support for wildcard DNS is present, allows remote attackers to</dt>
+<dt>execute script as other web page visitors via the Host: header.</dt>
+<dd>
+<p>Reported to security team: 20th September 2002<br></br>Issue public:
+ 2nd October 2002<br></br>Update released:
+ 3rd October 2002<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
+</dd>
+<dd>
+<p><strong>moderate:</strong>  <strong><name name="CVE-2002-1156">CGI scripts source
+  revealed using WebDAV</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1156">CVE-2002-1156</a> </p>
+</dd>
+<dt>In Apache 2.0.42 only, for a location where both WebDAV and CGI were</dt>
+<dt>enabled, a POST request to a CGI script would reveal the CGI source to a</dt>
+<dt>remote user.</dt>
+<dd>
+<p>Update released: 3rd October 2002<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.42</p>
+</dd>
+</dl>
+<h1 id="2.0.42">Fixed in Apache httpd 2.0.42</h1>
+<dl>
+<dd><strong>moderate:</strong>  <strong><name name="CVE-2002-1593">mod_dav crash</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1593">CVE-2002-1593</a> </dd>
+<dt>A flaw was found in handling of versioning hooks in mod_dav. An attacker</dt>
+<dt>could send a carefully crafted request in such a way to cause the child</dt>
+<dt>process handling the connection to crash. This issue will only result in a</dt>
+<dt>denial of service where a threaded process model is in use.</dt>
+<dd>
+<p>Issue public: 19th September 2002<br></br>Update released:
+ 24th September 2002<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
+</dd>
+</dl>
+<h1 id="2.0.40">Fixed in Apache httpd 2.0.40</h1>
+<dl>
+<dd><strong>important:</strong>  <strong><name name="CVE-2002-0661">Path
+  vulnerability</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0661">CVE-2002-0661</a> </dd>
+<dt>Certain URIs would bypass security and allow users to invoke or access any</dt>
+<dt>file depending on the system configuration. Affects Windows, OS2, Netware</dt>
+<dt>and Cygwin platforms only.</dt>
+<dd>
+<p>Reported to security team: 7th August 2002<br></br>Issue public:
+ 9th August 2002<br></br>Update released: 9th August 2002<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
+</dd>
+<dd>
+<p><strong>low:</strong>  <strong><name name="CVE-2002-0654">Path revealing
+  exposures</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0654">CVE-2002-0654</a> </p>
+</dd>
+<dt>A path-revealing exposure was present in multiview type map negotiation</dt>
+<dt>(such as the default error documents) where a module would report the full</dt>
+<dt>path of the typemapped.var file when multiple documents or no documents</dt>
+<dt>could be served. Additionally a path-revealing exposure in cgi/cgid when</dt>
+<dt>Apache fails to invoke a script. The modules would report "couldn't create</dt>
+<dt>child process /path-to-script/script.pl" revealing the full path of the</dt>
+<dt>script.</dt>
+<dd>
+<p>Reported to security team: 5th July 2002<br></br>Issue public:
+ 9th August 2002<br></br>Update released: 9th August 2002<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.39, 2.0.37?, 2.0.36?, 2.0.35?</p>
+</dd>
+</dl>
+<h1 id="2.0.37">Fixed in Apache httpd 2.0.37</h1>
+<dl>
+<dd><strong>critical:</strong>  <strong><name name="CVE-2002-0392">Apache Chunked encoding
+  vulnerability</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0392">CVE-2002-0392</a> </dd>
+<dt>Malicious requests can cause various effects ranging from a relatively</dt>
+<dt>harmless increase in system resources through to denial of service attacks</dt>
+<dt>and in some cases the ability to execute arbitrary remote code.</dt>
+<dd>
+<p>Reported to security team: 27th May 2002<br></br>Issue public:
+ 17th June 2002<br></br>Update released: 18th June 2002<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.36, 2.0.35</p>
+</dd>
+</dl>
+<h1 id="2.0.36">Fixed in Apache httpd 2.0.36</h1>
+<dl>
+<dd><strong>low:</strong>  <strong><name name="CVE-2002-1592">Warning messages could be
+  displayed to users</name></strong> 
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1592">CVE-2002-1592</a> </dd>
+<dt>In some cases warning messages could get returned to end users in addition</dt>
+<dt>to being recorded in the error log. This could reveal the path to a CGI</dt>
+<dt>script for example, a minor security exposure.</dt>
+<dd>
+<p>Issue public: 22nd April 2002<br></br>Update released:
+ 8th May 2002<br></br></p>
+</dd>
+<dd>
+<p>Affected: 2.0.35</p>
+</dd>
+</dl>
             
 
             <!-- FOOTER -->



Mime
View raw message