httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r826582 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/ security/vulnerabilities-httpd.page/
Date Sat, 21 Jul 2012 21:16:46 GMT
Author: buildbot
Date: Sat Jul 21 21:16:45 2012
New Revision: 826582

Log:
Staging update by buildbot for httpd

Added:
    websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.page/
    websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.page/securitydates.xsl   (with props)
    websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.page/securitydb.xsl   (with props)
Modified:
    websites/staging/httpd/trunk/content/   (props changed)
    websites/staging/httpd/trunk/content/security/vulnerabilities_13.html
    websites/staging/httpd/trunk/content/security/vulnerabilities_20.html
    websites/staging/httpd/trunk/content/security/vulnerabilities_22.html
    websites/staging/httpd/trunk/content/security/vulnerabilities_24.html

Propchange: websites/staging/httpd/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Sat Jul 21 21:16:45 2012
@@ -1 +1 @@
-1360669
+1364174

Added: websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.page/securitydates.xsl
==============================================================================
Binary file - no diff available.

Propchange: websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.page/securitydates.xsl
------------------------------------------------------------------------------
    svn:executable = *

Propchange: websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.page/securitydates.xsl
------------------------------------------------------------------------------
    svn:mime-type = application/xml

Added: websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.page/securitydb.xsl
==============================================================================
Binary file - no diff available.

Propchange: websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.page/securitydb.xsl
------------------------------------------------------------------------------
    svn:executable = *

Propchange: websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.page/securitydb.xsl
------------------------------------------------------------------------------
    svn:mime-type = application/xml

Modified: websites/staging/httpd/trunk/content/security/vulnerabilities_13.html
==============================================================================
--- websites/staging/httpd/trunk/content/security/vulnerabilities_13.html (original)
+++ websites/staging/httpd/trunk/content/security/vulnerabilities_13.html Sat Jul 21 21:16:45 2012
@@ -5,7 +5,7 @@
         <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
         <link href="/css/apsite.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
         <meta name="author" content="Documentation Group" /><meta name="email" content="docs@httpd.apache.org" />
-        <title>Apache httpd 1.3 vulnerabilities - The Apache HTTP Server Project</title>
+        <title>httpd 1.3 vulnerabilities - The Apache HTTP Server Project</title>
     </head>
     <body>
         
@@ -72,675 +72,791 @@
 
         <!-- RIGHT SIDE INFORMATION -->
         <div id="apcontents">
-            
-            <h1 id="top">Apache httpd 1.3 vulnerabilities</h1>
-<p>This page lists all security vulnerabilities fixed in released versions of
-Apache httpd 1.3. Each vulnerability is given a security <a href="/security/impact_levels.html">impact
-rating</a> by the Apache security team - please
-note that this rating may well vary from platform to platform. We also list
-the versions of Apache httpd the flaw is known to affect, and where a flaw
-has not been verified list the version with a question mark.</p>
-<p>Please note that if a vulnerability is shown below as being fixed in a
-"-dev" release then this means that a fix has been applied to the
-development source tree and will be part of an upcoming full release.</p>
-<p>This page is created from a database of vulnerabilities originally
-populated by Apache Week. Please send comments or corrections for these
-vulnerabilities to the <a href="/security_report.html">Security Team</a>.</p>
-<h1 id="1.3-never">Not fixed in Apache httpd 1.3</h1>
-<dl>
-<dd><strong>moderate:</strong>  <strong><name name="CVE-2011-3368">mod_proxy reverse proxy
-  exposure</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368">CVE-2011-3368</a> </dd>
-</dl>
-<p>An exposure was found when using mod_proxy in reverse proxy mode. In
-certain configurations using RewriteRule with proxy flag, a remote attacker
-could cause the reverse proxy to connect to an arbitrary server, possibly
-disclosing sensitive information from internal web servers not directly
-accessible to attacker.</p>
-<p>No update of 1.3 will be released. Patches will be published to
-<a href="http://archive.apache.org/dist/httpd/patches/apply_to_1.3.42/">http://archive.apache.org/dist/httpd/patches/apply_to_1.3.42/</a> </p>
-<dl>
-<dt>Acknowledgements: This issue was reported by Context Information Security</dt>
-<dt>Ltd</dt>
-<dd>
-<p>Reported to security team: 16th September 2011<br></br>Issue public:
- 5th October 2011<br></br></p>
-</dd>
-<dd>
-<p>Affected: 1.3.42, 1.3.41, 1.3.39, 1.3.37, 1.3.36, 1.3.35, 1.3.34,
- 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24,
- 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6,
- 1.3.4, 1.3.3, 1.3.2</p>
-</dd>
-</dl>
-<h1 id="1.3.42">Fixed in Apache httpd 1.3.42</h1>
-<dl>
-<dd><strong>moderate:</strong>  <strong><name name="CVE-2010-0010">mod_proxy overflow on
-  64-bit systems</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0010">CVE-2010-0010</a> </dd>
-<dt>An incorrect conversion between numeric types flaw was found in the</dt>
-<dt>mod_proxy module which affects some 64-bit architecture systems. A</dt>
-<dt>malicious HTTP server to which requests are being proxied could use this</dt>
-<dt>flaw to trigger a heap buffer overflow in an httpd child process via a</dt>
-<dt>carefully crafted response.</dt>
-<dd>
-<p>Reported to security team: 30th December 2009<br></br>Issue public:
- 7th December 2010<br></br>Update released:
- 3rd February 2010<br></br></p>
-</dd>
-<dd>
-<p>Affected: 1.3.41, 1.3.39, 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33,
- 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22,
- 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4,
- 1.3.3, 1.3.2</p>
-</dd>
-</dl>
-<h1 id="1.3.41">Fixed in Apache httpd 1.3.41</h1>
-<dl>
-<dd><strong>moderate:</strong>  <strong><name name="CVE-2007-6388">mod_status XSS</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388">CVE-2007-6388</a> </dd>
-<dt>A flaw was found in the mod_status module. On sites where mod_status is</dt>
-<dt>enabled and the status pages were publicly accessible, a cross-site</dt>
-<dt>scripting attack is possible. Note that the server-status page is not</dt>
-<dt>enabled by default and it is best practice to not make this publicly</dt>
-<dt>available.</dt>
-<dd>
-<p>Reported to security team: 15th December 2007<br></br>Issue public:
- 2nd January 2008<br></br>Update released:
- 19th January 2008<br></br></p>
-</dd>
-<dd>
-<p>Affected: 1.3.39, 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32,
- 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20,
- 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3,
- 1.3.2</p>
-</dd>
-<dd>
-<p><strong>moderate:</strong>  <strong><name name="CVE-2007-5000">mod_imap XSS</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000">CVE-2007-5000</a> </p>
-</dd>
-<dt>A flaw was found in the mod_imap module. On sites where mod_imap is enabled</dt>
-<dt>and an imagemap file is publicly available, a cross-site scripting attack</dt>
-<dt>is possible.</dt>
-<dd>
-<p>Reported to security team: 23rd October 2007<br></br>Issue public:
- 11th December 2007<br></br>Update released:
- 19th January 2008<br></br></p>
-</dd>
-<dd>
-<p>Affected: 1.3.39, 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32,
- 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20,
- 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3,
- 1.3.2, 1.3.1, 1.3.0</p>
-</dd>
-</dl>
-<h1 id="1.3.39">Fixed in Apache httpd 1.3.39</h1>
-<dl>
-<dd><strong>moderate:</strong>  <strong><name name="CVE-2006-5752">mod_status cross-site
-  scripting</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752">CVE-2006-5752</a> </dd>
-<dt>A flaw was found in the mod_status module. On sites where the server-status</dt>
-<dt>page is publicly accessible and ExtendedStatus is enabled this could lead</dt>
-<dt>to a cross-site scripting attack. Note that the server-status page is not</dt>
-<dt>enabled by default and it is best practice to not make this publicly</dt>
-<dt>available.</dt>
-<dd>
-<p>Reported to security team: 19th October 2006<br></br>Issue public:
- 20th June 2007<br></br>Update released:
- 7th September 2007<br></br></p>
-</dd>
-<dd>
-<p>Affected: 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31,
- 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19,
- 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2</p>
-</dd>
-<dd>
-<p><strong>moderate:</strong>  <strong><name name="CVE-2007-3304">Signals to arbitrary
-  processes</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304">CVE-2007-3304</a> </p>
-</dd>
-<dt>The Apache HTTP server did not verify that a process was an Apache child</dt>
-<dt>process before sending it signals. A local attacker with the ability to run</dt>
-<dt>scripts on the HTTP server could manipulate the scoreboard and cause</dt>
-<dt>arbitrary processes to be terminated which could lead to a denial of</dt>
-<dt>service.</dt>
-<dd>
-<p>Reported to security team: 15th May 2006<br></br>Issue public:
- 19th June 2007<br></br>Update released:
- 7th September 2007<br></br></p>
-</dd>
-<dd>
-<p>Affected: 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31,
- 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19,
- 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2,
- 1.3.1, 1.3.0</p>
-</dd>
-</dl>
-<h1 id="1.3.37">Fixed in Apache httpd 1.3.37</h1>
-<dl>
-<dd><strong>important:</strong>  <strong><name name="CVE-2006-3747">mod_rewrite off-by-one
-  error</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3747">CVE-2006-3747</a> </dd>
-<dt>An off-by-one flaw exists in the Rewrite module, mod_rewrite. Depending on</dt>
-<dt>the manner in which Apache httpd was compiled, this software defect may</dt>
-<dt>result in a vulnerability which, in combination with certain types of</dt>
-<dt>Rewrite rules in the web server configuration files, could be triggered</dt>
-<dt>remotely. For vulnerable builds, the nature of the vulnerability can be</dt>
-<dt>denial of service (crashing of web server processes) or potentially allow</dt>
-<dt>arbitrary code execution.</dt>
-<dd>
-<p>Reported to security team: 21st July 2006<br></br>Issue public:
- 27th July 2006<br></br>Update released: 27th July 2006<br></br></p>
-</dd>
-<dd>
-<p>Affected: 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29,
- 1.3.28</p>
-</dd>
-</dl>
-<h1 id="1.3.35">Fixed in Apache httpd 1.3.35</h1>
-<dl>
-<dd><strong>moderate:</strong>  <strong><name name="CVE-2006-3918">Expect header Cross-Site
-  Scripting</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3918">CVE-2006-3918</a> </dd>
-<dt>A flaw in the handling of invalid Expect headers. If an attacker can</dt>
-<dt>influence the Expect header that a victim sends to a target site they could</dt>
-<dt>perform a cross-site scripting attack. It is known that some versions of</dt>
-<dt>Flash can set an arbitrary Expect header which can trigger this flaw. Not</dt>
-<dt>marked as a security issue for 2.0 or 2.2 as the cross-site scripting is</dt>
-<dt>only returned to the victim after the server times out a connection.</dt>
-<dd>
-<p>Issue public: 8th May 2006<br></br>Update released:
- 1st May 2006<br></br></p>
-</dd>
-<dd>
-<p>Affected: 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27,
- 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12,
- 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3</p>
-</dd>
-<dd>
-<p><strong>moderate:</strong>  <strong><name name="CVE-2005-3352">mod_imap Referer
-  Cross-Site Scripting</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352">CVE-2005-3352</a> </p>
-</dd>
-<dt>A flaw in mod_imap when using the Referer directive with image maps. In</dt>
-<dt>certain site configurations a remote attacker could perform a cross-site</dt>
-<dt>scripting attack if a victim can be forced to visit a malicious URL using</dt>
-<dt>certain web browsers.</dt>
-<dd>
-<p>Reported to security team: 1st November 2005<br></br>Issue public:
- 12th December 2005<br></br>Update released: 1st May 2006<br></br></p>
-</dd>
-<dd>
-<p>Affected: 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27,
- 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12,
- 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0</p>
-</dd>
-</dl>
-<h1 id="1.3.33">Fixed in Apache httpd 1.3.33</h1>
-<dl>
-<dd><strong>moderate:</strong>  <strong><name name="CVE-2004-0940">mod_include
-  overflow</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0940">CVE-2004-0940</a> </dd>
-<dt>A buffer overflow in mod_include could allow a local user who is authorised</dt>
-<dt>to create server side include (SSI) files to gain the privileges of a httpd</dt>
-<dt>child.</dt>
-<dd>
-<p>Issue public: 21st October 2004<br></br>Update released:
- 28th October 2004<br></br></p>
-</dd>
-<dd>
-<p>Affected: 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24,
- 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6,
- 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0</p>
-</dd>
-</dl>
-<h1 id="1.3.32">Fixed in Apache httpd 1.3.32</h1>
-<dl>
-<dd><strong>moderate:</strong>  <strong><name name="CVE-2004-0492">mod_proxy buffer
-  overflow</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0492">CVE-2004-0492</a> </dd>
-<dt>A buffer overflow was found in the Apache proxy module, mod_proxy, which</dt>
-<dt>can be triggered by receiving an invalid Content-Length header. In order to</dt>
-<dt>exploit this issue an attacker would need to get an Apache installation</dt>
-<dt>that was configured as a proxy to connect to a malicious site. This would</dt>
-<dt>cause the Apache child processing the request to crash, although this does</dt>
-<dt>not represent a significant Denial of Service attack as requests will</dt>
-<dt>continue to be handled by other Apache child processes. This issue may lead</dt>
-<dt>to remote arbitrary code execution on some BSD platforms.</dt>
-<dd>
-<p>Reported to security team: 8th June 2003<br></br>Issue public:
- 10th June 2003<br></br>Update released: 20th October 2004<br></br></p>
-</dd>
-<dd>
-<p>Affected: 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26</p>
-</dd>
-</dl>
-<h1 id="1.3.31">Fixed in Apache httpd 1.3.31</h1>
-<dl>
-<dd><strong>important:</strong>  <strong><name name="CVE-2004-0174">listening socket
-  starvation</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0174">CVE-2004-0174</a> </dd>
-<dt>A starvation issue on listening sockets occurs when a short-lived</dt>
-<dt>connection on a rarely-accessed listening socket will cause a child to hold</dt>
-<dt>the accept mutex and block out new connections until another connection</dt>
-<dt>arrives on that rarely-accessed listening socket. This issue is known to</dt>
-<dt>affect some versions of AIX, Solaris, and Tru64; it is known to not affect</dt>
-<dt>FreeBSD or Linux.</dt>
-<dd>
-<p>Reported to security team: 25th February 2004<br></br>Issue public:
- 18th March 2004<br></br>Update released: 12th May 2004<br></br></p>
-</dd>
-<dd>
-<p>Affected: 1.3.29, 1.3.28?, 1.3.27?, 1.3.26?, 1.3.24?, 1.3.22?,
- 1.3.20?, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?, 1.3.6?,
- 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?</p>
-</dd>
-<dd>
-<p><strong>important:</strong>  <strong><name name="CVE-2003-0993">Allow/Deny parsing on
-  big-endian 64-bit platforms</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0993">CVE-2003-0993</a> </p>
-</dd>
-<dt>A bug in the parsing of Allow/Deny rules using IP addresses without a</dt>
-<dt>netmask on big-endian 64-bit platforms causes the rules to fail to match.</dt>
-<dd>
-<p>Issue public: 15th October 2003<br></br>Update released:
- 12th May 2004<br></br></p>
-</dd>
-<dd>
-<p>Affected: 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20,
- 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3,
- 1.3.2, 1.3.1, 1.3.0</p>
-</dd>
-<dd>
-<p><strong>low:</strong>  <strong><name name="CVE-2003-0020">Error log escape
-  filtering</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0020">CVE-2003-0020</a> </p>
-</dd>
-<dt>Apache does not filter terminal escape sequences from error logs, which</dt>
-<dt>could make it easier for attackers to insert those sequences into terminal</dt>
-<dt>emulators containing vulnerabilities related to escape sequences.</dt>
-<dd>
-<p>Issue public: 24th February 2003<br></br>Update released:
- 12th May 2004<br></br></p>
-</dd>
-<dd>
-<p>Affected: 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20,
- 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3,
- 1.3.2, 1.3.1, 1.3.0</p>
-</dd>
-<dd>
-<p><strong>low:</strong>  <strong><name name="CVE-2003-0987">mod_digest nonce
-  checking</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0987">CVE-2003-0987</a> </p>
-</dd>
-<dt>mod_digest does not properly verify the nonce of a client response by using</dt>
-<dt>a AuthNonce secret. This could allow a malicious user who is able to sniff</dt>
-<dt>network traffic to conduct a replay attack against a website using Digest</dt>
-<dt>protection. Note that mod_digest implements an older version of the MD5</dt>
-<dt>Digest Authentication specification which is known not to work with modern</dt>
-<dt>browsers. This issue does not affect mod_auth_digest.</dt>
-<dd>
-<p>Issue public: 18th December 2003<br></br>Update released:
- 12th May 2004<br></br></p>
-</dd>
-<dd>
-<p>Affected: 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20,
- 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3,
- 1.3.2, 1.3.1, 1.3.0</p>
-</dd>
-</dl>
-<h1 id="1.3.29">Fixed in Apache httpd 1.3.29</h1>
-<dl>
-<dd><strong>low:</strong>  <strong><name name="CVE-2003-0542">Local configuration regular
-  expression overflow</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0542">CVE-2003-0542</a> </dd>
-<dt>By using a regular expression with more than 9 captures a buffer overflow</dt>
-<dt>can occur in mod_alias or mod_rewrite. To exploit this an attacker would</dt>
-<dt>need to be able to create a carefully crafted configuration file (.htaccess</dt>
-<dt>or httpd.conf)</dt>
-<dd>
-<p>Reported to security team: 4th August 2003<br></br>Issue public:
- 27th October 2003<br></br>Update released:
- 27th October 2003<br></br></p>
-</dd>
-<dd>
-<p>Affected: 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19,
- 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2,
- 1.3.1, 1.3.0</p>
-</dd>
-</dl>
-<h1 id="1.3.28">Fixed in Apache httpd 1.3.28</h1>
-<dl>
-<dd><strong>important:</strong>  <strong><name name="CVE-2003-0460">RotateLogs DoS</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0460">CVE-2003-0460</a> </dd>
-<dt>The rotatelogs support program on Win32 and OS/2 would quit logging and</dt>
-<dt>exit if it received special control characters such as 0x1A.</dt>
-<dd>
-<p>Reported to security team: 4th July 2003<br></br>Issue public:
- 18th July 2003<br></br>Update released: 18th July 2003<br></br></p>
-</dd>
-<dd>
-<p>Affected: 1.3.27, 1.3.26?, 1.3.24?, 1.3.22?, 1.3.20?, 1.3.19?,
- 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?,
- 1.3.2?, 1.3.1?, 1.3.0?</p>
-</dd>
-</dl>
-<h1 id="1.3.27">Fixed in Apache httpd 1.3.27</h1>
-<dl>
-<dd><strong>important:</strong>  <strong><name name="CVE-2002-0843">Buffer overflows in ab
-  utility</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0843">CVE-2002-0843</a> </dd>
-<dt>Buffer overflows in the benchmarking utility ab could be exploited if ab is</dt>
-<dt>run against a malicious server</dt>
-<dd>
-<p>Reported to security team: 23rd September 2002<br></br>Issue public:
- 3rd October 2002<br></br>Update released:
- 3rd October 2002<br></br></p>
-</dd>
-<dd>
-<p>Affected: 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14,
- 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0</p>
-</dd>
-<dd>
-<p><strong>important:</strong>  <strong><name name="CVE-2002-0839">Shared memory
-  permissions lead to local privilege escalation</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0839">CVE-2002-0839</a> </p>
-</dd>
-<dt>The permissions of the shared memory used for the scoreboard allows an</dt>
-<dt>attacker who can execute under the Apache UID to send a signal to any</dt>
-<dt>process as root or cause a local denial of service attack.</dt>
-<dd>
-<p>Reported to security team: 11th November 2001<br></br>Issue public:
- 3rd October 2002<br></br>Update released:
- 3rd October 2002<br></br></p>
-</dd>
-<dd>
-<p>Affected: 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14,
- 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0</p>
-</dd>
-<dd>
-<p><strong>low:</strong>  <strong><name name="CVE-2002-0840">Error page XSS using wildcard
-  DNS</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0840">CVE-2002-0840</a> </p>
-</dd>
-<dt>Cross-site scripting (XSS) vulnerability in the default error page of</dt>
-<dt>Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is</dt>
-<dt>"Off" and support for wildcard DNS is present, allows remote attackers to</dt>
-<dt>execute script as other web page visitors via the Host: header.</dt>
-<dd>
-<p>Reported to security team: 20th September 2002<br></br>Issue public:
- 2nd October 2002<br></br>Update released:
- 3rd October 2002<br></br></p>
-</dd>
-<dd>
-<p>Affected: 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14,
- 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0</p>
-</dd>
-</dl>
-<h1 id="1.3.26">Fixed in Apache httpd 1.3.26</h1>
-<dl>
-<dd><strong>critical:</strong>  <strong><name name="CVE-2002-0392">Apache Chunked encoding
-  vulnerability</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0392">CVE-2002-0392</a> </dd>
-<dt>Requests to all versions of Apache 1.3 can cause various effects ranging</dt>
-<dt>from a relatively harmless increase in system resources through to denial</dt>
-<dt>of service attacks and in some cases the ability to be remotely exploited.</dt>
-<dd>
-<p>Reported to security team: 27th May 2002<br></br>Issue public:
- 17th June 2002<br></br>Update released: 18th June 2002<br></br></p>
-</dd>
-<dd>
-<p>Affected: 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12,
- 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0</p>
-</dd>
-<dd>
-<p><strong>low:</strong>  <strong><name name="CVE-2003-0083">Filtered escape
-  sequences</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0083">CVE-2003-0083</a> </p>
-</dd>
-<dt>Apache does not filter terminal escape sequences from its access logs,</dt>
-<dt>which could make it easier for attackers to insert those sequences into</dt>
-<dt>terminal emulators containing vulnerabilities related to escape sequences,</dt>
-<dd>
-<p>Issue public: 24th February 2003<br></br>Update released:
- 18th June 2002<br></br></p>
-</dd>
-<dd>
-<p>Affected: 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12,
- 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0</p>
-</dd>
-</dl>
-<h1 id="1.3.24">Fixed in Apache httpd 1.3.24</h1>
-<dl>
-<dd><strong>critical:</strong>  <strong><name name="CVE-2002-0061">Win32 Apache Remote
-  command execution</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0061">CVE-2002-0061</a> </dd>
-<dt>Apache for Win32 before 1.3.24 and 2.0.34-beta allows remote attackers to</dt>
-<dt>execute arbitrary commands via parameters passed to batch file CGI scripts.</dt>
-<dd>
-<p>Update released: 22nd March 2002<br></br></p>
-</dd>
-<dd>
-<p>Affected: 1.3.22, 1.3.20?, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?,
- 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?</p>
-</dd>
-</dl>
-<h1 id="1.3.22">Fixed in Apache httpd 1.3.22</h1>
-<dl>
-<dd><strong>important:</strong>  <strong><name name="CVE-2001-0729">Requests can cause
-  directory listing to be displayed</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0729">CVE-2001-0729</a> </dd>
-<dt>A vulnerability was found in the Win32 port of Apache 1.3.20. A client</dt>
-<dt>submitting a very long URI could cause a directory listing to be returned</dt>
-<dt>rather than the default index page.</dt>
-<dd>
-<p>Reported to security team: 18th September 2001<br></br>Issue public:
- 28th September 2001<br></br>Update released:
- 12th October 2001<br></br></p>
-</dd>
-<dd>
-<p>Affected: 1.3.20</p>
-</dd>
-<dd>
-<p><strong>important:</strong>  <strong><name name="CVE-2001-0731">Multiviews can cause a
-  directory listing to be displayed</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0731">CVE-2001-0731</a> </p>
-</dd>
-<dt>A vulnerability was found when<directive>Multiviews</directive>are used to</dt>
-<dt>negotiate the directory index. In some configurations, requesting a URI</dt>
-<dt>with a<samp>QUERY_STRING</samp>of<samp>M=D</samp>could return a directory</dt>
-<dt>listing rather than the expected index page.</dt>
-<dd>
-<p>Issue public: 9th July 2001<br></br>Update released:
- 12th October 2001<br></br></p>
-</dd>
-<dd>
-<p>Affected: 1.3.20, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?,
- 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?</p>
-</dd>
-<dd>
-<p><strong>moderate:</strong>  <strong><name name="CVE-2001-0730">split-logfile can cause
-  arbitrary log files to be written to</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0730">CVE-2001-0730</a> </p>
-</dd>
-<dt>A vulnerability was found in the<samp>split-logfile</samp>support program.</dt>
-<dt>A request with a specially crafted<samp>Host:</samp>header could allow any</dt>
-<dt>file with a<samp>.log</samp>extension on the system to be written to.</dt>
-<dd>
-<p>Issue public: 28th September 2001<br></br>Update released:
- 12th October 2001<br></br></p>
-</dd>
-<dd>
-<p>Affected: 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9,
- 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0</p>
-</dd>
-</dl>
-<h1 id="1.3.20">Fixed in Apache httpd 1.3.20</h1>
-<dl>
-<dd><strong>important:</strong>  <strong><name name="CVE-2001-1342">Denial of service attack
-  on Win32 and OS2</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1342">CVE-2001-1342</a> </dd>
-<dt>A vulnerability was found in the Win32 and OS2 ports of Apache 1.3. A</dt>
-<dt>client submitting a carefully constructed URI could cause a General</dt>
-<dt>Protection Fault in a child process, bringing up a message box which would</dt>
-<dt>have to be cleared by the operator to resume operation. This vulnerability</dt>
-<dt>introduced no identified means to compromise the server other than</dt>
-<dt>introducing a possible denial of service.</dt>
-<dd>
-<p>Update released: 22nd May 2001<br></br></p>
-</dd>
-<dd>
-<p>Affected: 1.3.20, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?,
- 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?</p>
-</dd>
-</dl>
-<h1 id="1.3.19">Fixed in Apache httpd 1.3.19</h1>
-<dl>
-<dd><strong>important:</strong>  <strong><name name="CVE-2001-0925">Requests can cause
-  directory listing to be displayed</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0925">CVE-2001-0925</a> </dd>
-<dt>The default installation can</dt>
-<dt>lead<samp>mod_negotiation</samp>and<samp>mod_dir</samp>or<samp>mod_autoindex</samp>to</dt>
-<dt>display a directory listing instead of the multiview index.html file if a</dt>
-<dt>very long path was created artificially by using many slashes.</dt>
-<dd>
-<p>Update released: 28th February 2001<br></br></p>
-</dd>
-<dd>
-<p>Affected: 1.3.17, 1.3.14, 1.3.12, 1.3.11</p>
-</dd>
-</dl>
-<h1 id="1.3.14">Fixed in Apache httpd 1.3.14</h1>
-<dl>
-<dd><strong>important:</strong>  <strong><name name="CVE-2000-0913">Rewrite rules that
-  include references allow access to any file</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0913">CVE-2000-0913</a> </dd>
-<dt>The Rewrite module,<samp>mod_rewrite</samp>, can allow access to any file</dt>
-<dt>on the web server. The vulnerability occurs only with certain specific</dt>
-<dt>cases of using regular expression references</dt>
-<dt>in<samp>RewriteRule</samp>directives: If the destination of</dt>
-<dt>a<samp>RewriteRule</samp>contains regular expression references then an</dt>
-<dt>attacker will be able to access any file on the server.</dt>
-<dd>
-<p>Issue public: 29th September 2000<br></br>Update released:
- 13th October 2000<br></br></p>
-</dd>
-<dd>
-<p>Affected: 1.3.12, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?,
- 1.3.1?, 1.3.0?</p>
-</dd>
-<dd>
-<p><strong>important:</strong>  <strong><name name="CVE-2000-1204">Mass virtual hosting can
-  display CGI source</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1204">CVE-2000-1204</a> </p>
-</dd>
-<dt>A security problem for users of the mass virtual hosting</dt>
-<dt>module,<samp>mod_vhost_alias</samp>, causes the source to a CGI to be sent</dt>
-<dt>if the<samp>cgi-bin</samp>directory is under the document root. However, it</dt>
-<dt>is not normal to have your cgi-bin directory under a document root.</dt>
-<dd>
-<p>Update released: 13th October 2000<br></br></p>
-</dd>
-<dd>
-<p>Affected: 1.3.12, 1.3.11, 1.3.9</p>
-</dd>
-<dd>
-<p><strong>moderate:</strong>  <strong><name name="CVE-2000-0505">Requests can cause
-  directory listing to be displayed on NT</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0505">CVE-2000-0505</a> </p>
-</dd>
-<dt>A security hole on Apache for Windows allows a user to view the listing of</dt>
-<dt>a directory instead of the default HTML page by sending a carefully</dt>
-<dt>constructed request.</dt>
-<dd>
-<p>Update released: 13th October 2000<br></br></p>
-</dd>
-<dd>
-<p>Affected: 1.3.12, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?,
- 1.3.1?, 1.3.0?</p>
-</dd>
-</dl>
-<h1 id="1.3.12">Fixed in Apache httpd 1.3.12</h1>
-<dl>
-<dd><strong>important:</strong>  <strong><name name="CVE-2000-1205">Cross-site scripting can
-  reveal private session information</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1205">CVE-2000-1205</a> </dd>
-<dt>Apache was vulnerable to cross site scripting issues. It was shown that</dt>
-<dt>malicious HTML tags can be embedded in client web requests if the server or</dt>
-<dt>script handling the request does not carefully encode all information</dt>
-<dt>displayed to the user. Using these vulnerabilities attackers could, for</dt>
-<dt>example, obtain copies of your private cookies used to authenticate you to</dt>
-<dt>other sites.</dt>
-<dd>
-<p>Update released: 25th February 2000<br></br></p>
-</dd>
-<dd>
-<p>Affected: 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0</p>
-</dd>
-</dl>
-<h1 id="1.3.11">Fixed in Apache httpd 1.3.11</h1>
-<dl>
-<dd><strong>moderate:</strong>  <strong><name name="CVE-2000-1206">Mass virtual hosting
-  security issue</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1206">CVE-2000-1206</a> </dd>
-<dt>A security problem can occur for sites using mass name-based virtual</dt>
-<dt>hosting (using the new<samp>mod_vhost_alias</samp>module) or with</dt>
-<dt>special<samp>mod_rewrite</samp>rules.</dt>
-<dd>
-<p>Update released: 21st January 2000<br></br></p>
-</dd>
-<dd>
-<p>Affected: 1.3.9, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?</p>
-</dd>
-</dl>
-<h1 id="1.3.4">Fixed in Apache httpd 1.3.4</h1>
-<dl>
-<dd><strong>important:</strong>  <strong><name name="">Denial of service attack on
-  Win32</name></strong> </dd>
-<dt>There have been a number of important security fixes to Apache on Windows.</dt>
-<dt>The most important is that there is much better protection against people</dt>
-<dt>trying to access special DOS device names (such as "nul").</dt>
-<dd>
-<p>Update released: 11th January 1999<br></br></p>
-</dd>
-<dd>
-<p>Affected: 1.3.3, 1.3.2, 1.3.1, 1.3.0</p>
-</dd>
-</dl>
-<h1 id="1.3.2">Fixed in Apache httpd 1.3.2</h1>
-<dl>
-<dd><strong>important:</strong>  <strong><name name="CVE-1999-1199">Multiple header Denial
-  of Service vulnerability</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1199">CVE-1999-1199</a> </dd>
-<dt>A serious problem exists when a client sends a large number of headers with</dt>
-<dt>the same header name. Apache uses up memory faster than the amount of</dt>
-<dt>memory required to simply store the received data itself. That is, memory</dt>
-<dt>use increases faster and faster as more headers are received, rather than</dt>
-<dt>increasing at a constant rate. This makes a denial of service attack based</dt>
-<dt>on this method more effective than methods which cause Apache to use memory</dt>
-<dt>at a constant rate, since the attacker has to send less data.</dt>
-<dd>
-<p>Update released: 23rd September 1998<br></br></p>
-</dd>
-<dd>
-<p>Affected: 1.3.1, 1.3.0</p>
-</dd>
-<dd>
-<p><strong>important:</strong>  <strong><name name="">Denial of service attacks</name></strong> 
-Apache 1.3.2 has better protection against denial of service attacks. These
-are when people make excessive requests to the server to try and prevent
-other people using it. In 1.3.2 there are several new directives which can
-limit the size of requests (these directives all start with the
-word<SAMP>Limit</SAMP>).</p>
-</dd>
-<dd>
-<p>Update released: 23rd September 1998<br></br></p>
-</dd>
-<dd>
-<p>Affected: 1.3.1, 1.3.0</p>
-</dd>
+            <h1 id="top">Apache httpd 1.3 vulnerabilities</h1><p>This page lists all security vulnerabilities fixed in released
+versions of Apache httpd 1.3.  Each
+vulnerability is given a security <a href="/security/impact_levels.html">impact rating</a> by the Apache
+security team - please note that this rating may well vary from
+platform to platform.  We also list the versions of Apache httpd the
+flaw is known to affect, and where a flaw has not been verified list
+the version with a question mark.  </p><p> Please note that if a vulnerability is shown below as being fixed
+in a "-dev" release then this means that a fix has been applied to
+the development source tree and will be part of an upcoming full release.</p><p> This page is created from a database of vulnerabilities originally
+populated by Apache Week.  Please send comments or corrections for
+these vulnerabilities to the <a href="/security_report.html">Security
+Team</a>.  </p><h1 id="1.3-never">
+Not fixed in Apache httpd 1.3</h1><dl>
+  <dd>
+    <b>moderate: </b>
+    <b>
+      <name name="CVE-2011-3368">mod_proxy reverse proxy exposure</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368">CVE-2011-3368</a>
+    <p>
+An exposure was found when using mod_proxy in reverse proxy mode.
+In certain configurations using RewriteRule with proxy flag,
+a remote attacker could cause the reverse proxy to
+connect to an arbitrary server, possibly disclosing sensitive
+information from internal web servers not directly accessible to
+attacker.</p>
+    <p>No update of 1.3 will be released.  Patches will be published to
+<a href="http://archive.apache.org/dist/httpd/patches/apply_to_1.3.42/">http://archive.apache.org/dist/httpd/patches/apply_to_1.3.42/</a></p>
+  </dd>
+  <dd>
+    <p>Acknowledgements: 
+This issue was reported by Context Information Security Ltd
+</p>
+  </dd>
+  <dd>
+  Reported to security team: 16th September 2011<br/>
+  Issue public: 5th October 2011<br/></dd>
+  <dd/>
+  <dd>
+      Affects: 
+    1.3.42, 1.3.41, 1.3.39, 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2<p/></dd>
+</dl><h1 id="1.3.42">
+Fixed in Apache httpd 1.3.42</h1><dl>
+  <dd>
+    <b>moderate: </b>
+    <b>
+      <name name="CVE-2010-0010">mod_proxy overflow on 64-bit systems</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0010">CVE-2010-0010</a>
+    <p>
+An incorrect conversion between numeric types flaw was found in the
+mod_proxy module which affects some 64-bit architecture systems.  A
+malicious HTTP server to which requests are being proxied could use
+this flaw to trigger a heap buffer overflow in an httpd child process
+via a carefully crafted response.
+</p>
+  </dd>
+  <dd>
+  Reported to security team: 30th December 2009<br/>
+  Issue public: 7th December 2010<br/></dd>
+  <dd>
+  Update Released: 3rd February 2010<br/></dd>
+  <dd>
+      Affects: 
+    1.3.41, 1.3.39, 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2<p/></dd>
+</dl><h1 id="1.3.41">
+Fixed in Apache httpd 1.3.41</h1><dl>
+  <dd>
+    <b>moderate: </b>
+    <b>
+      <name name="CVE-2007-6388">mod_status XSS</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388">CVE-2007-6388</a>
+    <p>
+A flaw was found in the mod_status module. On sites where mod_status is
+enabled and the status pages were publicly accessible, a cross-site
+scripting attack is possible.
+Note that the server-status page is not enabled by default and it is best practice to not make this publicly available.</p>
+  </dd>
+  <dd>
+  Reported to security team: 15th December 2007<br/>
+  Issue public: 2nd January 2008<br/></dd>
+  <dd>
+  Update Released: 19th January 2008<br/></dd>
+  <dd>
+      Affects: 
+    1.3.39, 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2<p/></dd>
+  <dd>
+    <b>moderate: </b>
+    <b>
+      <name name="CVE-2007-5000">mod_imap XSS</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000">CVE-2007-5000</a>
+    <p>
+A flaw was found in the mod_imap module. On sites where
+mod_imap is enabled and an imagemap file is publicly available, a
+cross-site scripting attack is possible.</p>
+  </dd>
+  <dd>
+  Reported to security team: 23rd October 2007<br/>
+  Issue public: 11th December 2007<br/></dd>
+  <dd>
+  Update Released: 19th January 2008<br/></dd>
+  <dd>
+      Affects: 
+    1.3.39, 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/></dd>
+</dl><h1 id="1.3.39">
+Fixed in Apache httpd 1.3.39</h1><dl>
+  <dd>
+    <b>moderate: </b>
+    <b>
+      <name name="CVE-2006-5752">mod_status cross-site scripting</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752">CVE-2006-5752</a>
+    <p>
+A flaw was found in the mod_status module. On sites where the
+server-status page is publicly accessible and ExtendedStatus is
+enabled this could lead to a cross-site scripting attack.
+Note that the server-status
+page is not enabled by default and it is best practice to not make
+this publicly available.</p>
+  </dd>
+  <dd>
+  Reported to security team: 19th October 2006<br/>
+  Issue public: 20th June 2007<br/></dd>
+  <dd>
+  Update Released: 7th September 2007<br/></dd>
+  <dd>
+      Affects: 
+    1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2<p/></dd>
+  <dd>
+    <b>moderate: </b>
+    <b>
+      <name name="CVE-2007-3304">Signals to arbitrary processes</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304">CVE-2007-3304</a>
+    <p>The Apache HTTP server did not verify that a process
+was an Apache child process before sending it signals. A local
+attacker with the ability to run scripts on the HTTP server could
+manipulate the scoreboard and cause arbitrary processes to be
+terminated which could lead to a denial of service.</p>
+  </dd>
+  <dd>
+  Reported to security team: 15th May 2006<br/>
+  Issue public: 19th June 2007<br/></dd>
+  <dd>
+  Update Released: 7th September 2007<br/></dd>
+  <dd>
+      Affects: 
+    1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/></dd>
+</dl><h1 id="1.3.37">
+Fixed in Apache httpd 1.3.37</h1><dl>
+  <dd>
+    <b>important: </b>
+    <b>
+      <name name="CVE-2006-3747">mod_rewrite off-by-one error</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3747">CVE-2006-3747</a>
+    <p>
+An off-by-one flaw exists in the Rewrite module, mod_rewrite.
+Depending on the manner in which Apache httpd was compiled, this
+software defect may result in a vulnerability which, in combination
+with certain types of Rewrite rules in the web server configuration
+files, could be triggered remotely.  For vulnerable builds, the nature
+of the vulnerability can be denial of service (crashing of web server
+processes) or potentially allow arbitrary code execution.
+</p>
+  </dd>
+  <dd>
+  Reported to security team: 21st July 2006<br/>
+  Issue public: 27th July 2006<br/></dd>
+  <dd>
+  Update Released: 27th July 2006<br/></dd>
+  <dd>
+      Affects: 
+    1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28<p/></dd>
+</dl><h1 id="1.3.35">
+Fixed in Apache httpd 1.3.35</h1><dl>
+  <dd>
+    <b>moderate: </b>
+    <b>
+      <name name="CVE-2006-3918">Expect header Cross-Site Scripting</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3918">CVE-2006-3918</a>
+    <p>
+A flaw in the handling of invalid Expect headers.  If an attacker can
+influence the Expect header that a victim sends to a target site they
+could perform a cross-site scripting attack.  It is known that 
+some versions of Flash can set an arbitrary Expect header which can 
+trigger this flaw.  Not marked as a security issue for 2.0 or
+2.2 as the cross-site scripting is only returned to the victim after
+the server times out a connection.
+</p>
+  </dd>
+  <dd>
+  Issue public: 8th May 2006<br/></dd>
+  <dd>
+  Update Released: 1st May 2006<br/></dd>
+  <dd>
+      Affects: 
+    1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3<p/></dd>
+  <dd>
+    <b>moderate: </b>
+    <b>
+      <name name="CVE-2005-3352">mod_imap Referer Cross-Site Scripting</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352">CVE-2005-3352</a>
+    <p>
+A flaw in mod_imap when using the Referer directive with image maps.
+In certain site configurations a remote attacker could perform a cross-site
+scripting attack if a victim can be forced to visit a malicious 
+URL using certain web browsers.  
+</p>
+  </dd>
+  <dd>
+  Reported to security team: 1st November 2005<br/>
+  Issue public: 12th December 2005<br/></dd>
+  <dd>
+  Update Released: 1st May 2006<br/></dd>
+  <dd>
+      Affects: 
+    1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/></dd>
+</dl><h1 id="1.3.33">
+Fixed in Apache httpd 1.3.33</h1><dl>
+  <dd>
+    <b>moderate: </b>
+    <b>
+      <name name="CVE-2004-0940">mod_include overflow</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0940">CVE-2004-0940</a>
+    <p>
+A buffer overflow in mod_include could allow a local user who
+is authorised to create server side include (SSI) files to gain
+the privileges of a httpd child.
+</p>
+  </dd>
+  <dd>
+  Issue public: 21st October 2004<br/></dd>
+  <dd>
+  Update Released: 28th October 2004<br/></dd>
+  <dd>
+      Affects: 
+    1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/></dd>
+</dl><h1 id="1.3.32">
+Fixed in Apache httpd 1.3.32</h1><dl>
+  <dd>
+    <b>moderate: </b>
+    <b>
+      <name name="CVE-2004-0492">mod_proxy buffer overflow</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0492">CVE-2004-0492</a>
+    <p>
+A buffer overflow was found in the Apache proxy module, mod_proxy, which
+can be triggered by receiving an invalid Content-Length header. In order
+to exploit this issue an attacker would need to get an Apache installation
+that was configured as a proxy to connect to a malicious site. This would
+cause the Apache child processing the request to crash, although this does
+not represent a significant Denial of Service attack as requests will
+continue to be handled by other Apache child processes.  This issue may
+lead to remote arbitrary code execution on some BSD platforms.
+</p>
+  </dd>
+  <dd>
+  Reported to security team: 8th June 2003<br/>
+  Issue public: 10th June 2003<br/></dd>
+  <dd>
+  Update Released: 20th October 2004<br/></dd>
+  <dd>
+      Affects: 
+    1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26<p/></dd>
+</dl><h1 id="1.3.31">
+Fixed in Apache httpd 1.3.31</h1><dl>
+  <dd>
+    <b>important: </b>
+    <b>
+      <name name="CVE-2004-0174">listening socket starvation</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0174">CVE-2004-0174</a>
+    <p>
+A starvation issue on listening sockets occurs when a short-lived
+connection on a rarely-accessed listening socket will cause a child to
+hold the accept mutex and block out new connections until another
+connection arrives on that rarely-accessed listening socket.  This
+issue is known to affect some versions of AIX, Solaris, and Tru64; it
+is known to not affect FreeBSD or Linux.
+
+</p>
+  </dd>
+  <dd>
+  Reported to security team: 25th February 2004<br/>
+  Issue public: 18th March 2004<br/></dd>
+  <dd>
+  Update Released: 12th May 2004<br/></dd>
+  <dd>
+      Affects: 
+    1.3.29, 1.3.28?, 1.3.27?, 1.3.26?, 1.3.24?, 1.3.22?, 1.3.20?, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p/></dd>
+  <dd>
+    <b>important: </b>
+    <b>
+      <name name="CVE-2003-0993">Allow/Deny parsing on big-endian 64-bit platforms</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0993">CVE-2003-0993</a>
+    <p>
+A bug in the parsing of Allow/Deny rules using IP addresses
+without a netmask on big-endian 64-bit platforms causes the rules
+to fail to match.
+</p>
+  </dd>
+  <dd>
+  Issue public: 15th October 2003<br/></dd>
+  <dd>
+  Update Released: 12th May 2004<br/></dd>
+  <dd>
+      Affects: 
+    1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/></dd>
+  <dd>
+    <b>low: </b>
+    <b>
+      <name name="CVE-2003-0020">Error log escape filtering</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0020">CVE-2003-0020</a>
+    <p>
+Apache does not filter terminal escape sequences from error logs,
+which could make it easier for attackers to insert those sequences
+into terminal emulators containing vulnerabilities related to escape
+sequences.
+</p>
+  </dd>
+  <dd>
+  Issue public: 24th February 2003<br/></dd>
+  <dd>
+  Update Released: 12th May 2004<br/></dd>
+  <dd>
+      Affects: 
+    1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/></dd>
+  <dd>
+    <b>low: </b>
+    <b>
+      <name name="CVE-2003-0987">mod_digest nonce checking</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0987">CVE-2003-0987</a>
+    <p>
+
+mod_digest does not properly verify the nonce of a client response by
+using a AuthNonce secret.  This could allow a malicious user who is
+able to sniff network traffic to conduct a replay attack against a
+website using Digest protection.  Note that mod_digest implements an
+older version of the MD5 Digest Authentication specification which
+is known not to work with modern browsers.  This issue does not affect
+mod_auth_digest.
+
+</p>
+  </dd>
+  <dd>
+  Issue public: 18th December 2003<br/></dd>
+  <dd>
+  Update Released: 12th May 2004<br/></dd>
+  <dd>
+      Affects: 
+    1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/></dd>
+</dl><h1 id="1.3.29">
+Fixed in Apache httpd 1.3.29</h1><dl>
+  <dd>
+    <b>low: </b>
+    <b>
+      <name name="CVE-2003-0542">Local configuration regular expression overflow</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0542">CVE-2003-0542</a>
+    <p>
+By using a regular expression with more than 9 captures a buffer
+overflow can occur in mod_alias or mod_rewrite.  To exploit this an
+attacker would need to be able to create a carefully crafted configuration
+file (.htaccess or httpd.conf)
+</p>
+  </dd>
+  <dd>
+  Reported to security team: 4th August 2003<br/>
+  Issue public: 27th October 2003<br/></dd>
+  <dd>
+  Update Released: 27th October 2003<br/></dd>
+  <dd>
+      Affects: 
+    1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/></dd>
+</dl><h1 id="1.3.28">
+Fixed in Apache httpd 1.3.28</h1><dl>
+  <dd>
+    <b>important: </b>
+    <b>
+      <name name="CVE-2003-0460">RotateLogs DoS</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0460">CVE-2003-0460</a>
+    <p>The rotatelogs support program on Win32 and OS/2 would quit logging
+and exit if it received special control characters such as 0x1A.
+</p>
+  </dd>
+  <dd>
+  Reported to security team: 4th July 2003<br/>
+  Issue public: 18th July 2003<br/></dd>
+  <dd>
+  Update Released: 18th July 2003<br/></dd>
+  <dd>
+      Affects: 
+    1.3.27, 1.3.26?, 1.3.24?, 1.3.22?, 1.3.20?, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p/></dd>
+</dl><h1 id="1.3.27">
+Fixed in Apache httpd 1.3.27</h1><dl>
+  <dd>
+    <b>important: </b>
+    <b>
+      <name name="CVE-2002-0843">Buffer overflows in ab utility</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0843">CVE-2002-0843</a>
+    <p>Buffer overflows in the benchmarking utility ab could be exploited if
+ab is run against a malicious server
+</p>
+  </dd>
+  <dd>
+  Reported to security team: 23rd September 2002<br/>
+  Issue public: 3rd October 2002<br/></dd>
+  <dd>
+  Update Released: 3rd October 2002<br/></dd>
+  <dd>
+      Affects: 
+    1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/></dd>
+  <dd>
+    <b>important: </b>
+    <b>
+      <name name="CVE-2002-0839">Shared memory permissions lead to local privilege escalation</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0839">CVE-2002-0839</a>
+    <p>The permissions of the shared memory used for the scoreboard
+allows an attacker who can execute under
+the Apache UID to send a signal to any process as root or cause a local 
+denial of service attack.
+</p>
+  </dd>
+  <dd>
+  Reported to security team: 11th November 2001<br/>
+  Issue public: 3rd October 2002<br/></dd>
+  <dd>
+  Update Released: 3rd October 2002<br/></dd>
+  <dd>
+      Affects: 
+    1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/></dd>
+  <dd>
+    <b>low: </b>
+    <b>
+      <name name="CVE-2002-0840">Error page XSS using wildcard DNS</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0840">CVE-2002-0840</a>
+    <p>Cross-site scripting (XSS) vulnerability in the default error page of
+Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when
+UseCanonicalName is "Off" and support for wildcard DNS is present,
+allows remote attackers to execute script as other web page visitors
+via the Host: header.</p>
+  </dd>
+  <dd>
+  Reported to security team: 20th September 2002<br/>
+  Issue public: 2nd October 2002<br/></dd>
+  <dd>
+  Update Released: 3rd October 2002<br/></dd>
+  <dd>
+      Affects: 
+    1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/></dd>
+</dl><h1 id="1.3.26">
+Fixed in Apache httpd 1.3.26</h1><dl>
+  <dd>
+    <b>critical: </b>
+    <b>
+      <name name="CVE-2002-0392">Apache Chunked encoding vulnerability</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0392">CVE-2002-0392</a>
+    <p>Requests to all versions of Apache 1.3 can cause various effects
+ranging from a relatively harmless increase in
+system resources through to denial of service attacks and in some
+cases the ability to be remotely exploited.</p>
+  </dd>
+  <dd>
+  Reported to security team: 27th May 2002<br/>
+  Issue public: 17th June 2002<br/></dd>
+  <dd>
+  Update Released: 18th June 2002<br/></dd>
+  <dd>
+      Affects: 
+    1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/></dd>
+  <dd>
+    <b>low: </b>
+    <b>
+      <name name="CVE-2003-0083">Filtered escape sequences</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0083">CVE-2003-0083</a>
+    <p>
+Apache does not filter terminal escape sequences from its
+access logs, which could make it easier for attackers to insert those
+sequences into terminal emulators containing vulnerabilities related
+to escape sequences,
+</p>
+  </dd>
+  <dd>
+  Issue public: 24th February 2003<br/></dd>
+  <dd>
+  Update Released: 18th June 2002<br/></dd>
+  <dd>
+      Affects: 
+    1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/></dd>
+</dl><h1 id="1.3.24">
+Fixed in Apache httpd 1.3.24</h1><dl>
+  <dd>
+    <b>critical: </b>
+    <b>
+      <name name="CVE-2002-0061">Win32 Apache Remote command execution</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0061">CVE-2002-0061</a>
+    <p>Apache for Win32 before 1.3.24 and 2.0.34-beta allows remote 
+attackers to execute arbitrary commands via parameters passed
+to batch file CGI scripts.</p>
+  </dd>
+  <dd/>
+  <dd>
+  Update Released: 22nd March 2002<br/></dd>
+  <dd>
+      Affects: 
+    1.3.22, 1.3.20?, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p/></dd>
+</dl><h1 id="1.3.22">
+Fixed in Apache httpd 1.3.22</h1><dl>
+  <dd>
+    <b>important: </b>
+    <b>
+      <name name="CVE-2001-0729">Requests can cause directory listing to be displayed</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0729">CVE-2001-0729</a>
+    <p>A vulnerability was found in the Win32 port of
+Apache 1.3.20.  A client submitting a very long URI
+could cause a directory listing to be returned rather than
+the default index page. </p>
+  </dd>
+  <dd>
+  Reported to security team: 18th September 2001<br/>
+  Issue public: 28th September 2001<br/></dd>
+  <dd>
+  Update Released: 12th October 2001<br/></dd>
+  <dd>
+      Affects: 
+    1.3.20<p/></dd>
+  <dd>
+    <b>important: </b>
+    <b>
+      <name name="CVE-2001-0731">Multiviews can cause a directory listing to be displayed</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0731">CVE-2001-0731</a>
+    <p>A vulnerability was found when <directive>Multiviews</directive> 
+    are used to negotiate the directory index.  In some
+    configurations, requesting a URI with a <samp>QUERY_STRING</samp> of 
+    <samp>M=D</samp> could
+    return a directory listing rather than the expected index page.</p>
+  </dd>
+  <dd>
+  Issue public: 9th July 2001<br/></dd>
+  <dd>
+  Update Released: 12th October 2001<br/></dd>
+  <dd>
+      Affects: 
+    1.3.20, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p/></dd>
+  <dd>
+    <b>moderate: </b>
+    <b>
+      <name name="CVE-2001-0730">split-logfile can cause arbitrary log files to be written to</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0730">CVE-2001-0730</a>
+    <p>A vulnerability was found in the <samp>split-logfile</samp> support
+    program.  A request with a specially crafted <samp>Host:</samp>
+    header could allow any file with a <samp>.log</samp> extension on 
+    the system to be written to. </p>
+  </dd>
+  <dd>
+  Issue public: 28th September 2001<br/></dd>
+  <dd>
+  Update Released: 12th October 2001<br/></dd>
+  <dd>
+      Affects: 
+    1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/></dd>
+</dl><h1 id="1.3.20">
+Fixed in Apache httpd 1.3.20</h1><dl>
+  <dd>
+    <b>important: </b>
+    <b>
+      <name name="CVE-2001-1342">Denial of service attack on Win32 and OS2</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1342">CVE-2001-1342</a>
+    <p>A vulnerability was found in the Win32 and OS2 ports of Apache 1.3. A
+  client submitting a carefully constructed URI could cause a General
+  Protection Fault in a child process, bringing up a message box which
+  would have to be cleared by the operator to resume operation. This
+  vulnerability introduced no identified means to compromise the server
+  other than introducing a possible denial of service. </p>
+  </dd>
+  <dd/>
+  <dd>
+  Update Released: 22nd May 2001<br/></dd>
+  <dd>
+      Affects: 
+    1.3.20, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p/></dd>
+</dl><h1 id="1.3.19">
+Fixed in Apache httpd 1.3.19</h1><dl>
+  <dd>
+    <b>important: </b>
+    <b>
+      <name name="CVE-2001-0925">Requests can cause directory listing to be displayed</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0925">CVE-2001-0925</a>
+    <p>The default installation can lead <samp>mod_negotiation</samp> and 
+    <samp>mod_dir</samp> or <samp>mod_autoindex</samp> to display a 
+    directory listing instead of the multiview index.html file if a 
+    very long path was created artificially by using many slashes.  </p>
+  </dd>
+  <dd/>
+  <dd>
+  Update Released: 28th February 2001<br/></dd>
+  <dd>
+      Affects: 
+    1.3.17, 1.3.14, 1.3.12, 1.3.11<p/></dd>
+</dl><h1 id="1.3.14">
+Fixed in Apache httpd 1.3.14</h1><dl>
+  <dd>
+    <b>important: </b>
+    <b>
+      <name name="CVE-2000-0913">Rewrite rules that include references allow access to any file</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0913">CVE-2000-0913</a>
+    <p>The Rewrite module, <samp>mod_rewrite</samp>, can allow access to
+    any file on the web server.  The vulnerability occurs only with
+    certain specific cases of using regular expression references in
+    <samp>RewriteRule</samp> directives:  If the destination
+    of a <samp>RewriteRule</samp> contains regular expression references
+    then an attacker will be able to access any file on the server.</p>
+  </dd>
+  <dd>
+  Issue public: 29th September 2000<br/></dd>
+  <dd>
+  Update Released: 13th October 2000<br/></dd>
+  <dd>
+      Affects: 
+    1.3.12, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p/></dd>
+  <dd>
+    <b>important: </b>
+    <b>
+      <name name="CVE-2000-1204">Mass virtual hosting can display CGI source</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1204">CVE-2000-1204</a>
+    <p>A security problem for users of the mass virtual hosting module, 
+    <samp>mod_vhost_alias</samp>, causes
+    the source to a CGI to be sent if the <samp>cgi-bin</samp> directory is 
+    under the document root.  However, it is not normal to have your 
+    cgi-bin directory under a document root.</p>
+  </dd>
+  <dd/>
+  <dd>
+  Update Released: 13th October 2000<br/></dd>
+  <dd>
+      Affects: 
+    1.3.12, 1.3.11, 1.3.9<p/></dd>
+  <dd>
+    <b>moderate: </b>
+    <b>
+      <name name="CVE-2000-0505">Requests can cause directory listing to be displayed on NT</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0505">CVE-2000-0505</a>
+    <p>A security hole on Apache for Windows allows a user to 
+    view the listing of a 
+    directory instead of the default HTML page by sending a carefully 
+    constructed request.</p>
+  </dd>
+  <dd/>
+  <dd>
+  Update Released: 13th October 2000<br/></dd>
+  <dd>
+      Affects: 
+    1.3.12, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p/></dd>
+</dl><h1 id="1.3.12">
+Fixed in Apache httpd 1.3.12</h1><dl>
+  <dd>
+    <b>important: </b>
+    <b>
+      <name name="CVE-2000-1205">Cross-site scripting can reveal private session information</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1205">CVE-2000-1205</a>
+    <p>Apache was vulnerable to cross site scripting issues.
+    It was shown that malicious HTML tags can be embedded in client web 
+    requests if the server or script handling the request does not 
+    carefully encode all information displayed to 
+    the user.  Using these vulnerabilities attackers could, for 
+    example, obtain copies of your private 
+    cookies used to authenticate
+    you to other sites.</p>
+  </dd>
+  <dd/>
+  <dd>
+  Update Released: 25th February 2000<br/></dd>
+  <dd>
+      Affects: 
+    1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/></dd>
+</dl><h1 id="1.3.11">
+Fixed in Apache httpd 1.3.11</h1><dl>
+  <dd>
+    <b>moderate: </b>
+    <b>
+      <name name="CVE-2000-1206">Mass virtual hosting security issue</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1206">CVE-2000-1206</a>
+    <p>A security problem can occur for sites using mass name-based virtual 
+hosting (using
+the new <samp>mod_vhost_alias</samp> module) or with special 
+<samp>mod_rewrite</samp> rules.
+
+<!-- Makes sure vhost alias can only be alnum, - or . -->
+
+</p>
+  </dd>
+  <dd/>
+  <dd>
+  Update Released: 21st January 2000<br/></dd>
+  <dd>
+      Affects: 
+    1.3.9, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p/></dd>
+</dl><h1 id="1.3.4">
+Fixed in Apache httpd 1.3.4</h1><dl>
+  <dd>
+    <b>important: </b>
+    <b>
+      <name name="">Denial of service attack on Win32</name>
+    </b>
+    <p>There have been a number of important security fixes to Apache on
+Windows. The most important is that there is much better protection
+against people trying to access special DOS device names (such as
+"nul"). </p>
+  </dd>
+  <dd/>
+  <dd>
+  Update Released: 11th January 1999<br/></dd>
+  <dd>
+      Affects: 
+    1.3.3, 1.3.2, 1.3.1, 1.3.0<p/></dd>
+</dl><h1 id="1.3.2">
+Fixed in Apache httpd 1.3.2</h1><dl>
+  <dd>
+    <b>important: </b>
+    <b>
+      <name name="CVE-1999-1199">Multiple header Denial of Service vulnerability</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1199">CVE-1999-1199</a>
+    <p>A serious problem exists when a client
+sends a large number of headers with the same header name. Apache uses
+up memory faster than the amount of memory required to simply store
+the received data itself. That is, memory use increases faster and
+faster as more headers are received, rather than increasing at a
+constant rate. This makes a denial of service attack based on this
+method more effective than methods which cause Apache to use memory at
+a constant rate, since the attacker has to send less data.</p>
+  </dd>
+  <dd/>
+  <dd>
+  Update Released: 23rd September 1998<br/></dd>
+  <dd>
+      Affects: 
+    1.3.1, 1.3.0<p/></dd>
+  <dd>
+    <b>important: </b>
+    <b>
+      <name name="">Denial of service attacks</name>
+    </b>
+    <p>Apache 1.3.2 has
+better protection against denial of service attacks. These are when
+people make excessive requests to the server to try and prevent other
+people using it. In 1.3.2 there are several new directives which can
+limit the size of requests (these directives all start with the word
+<SAMP>Limit</SAMP>).
+</p>
+  </dd>
+  <dd/>
+  <dd>
+  Update Released: 23rd September 1998<br/></dd>
+  <dd>
+      Affects: 
+    1.3.1, 1.3.0<p/></dd>
 </dl>
-            
+
 
             <!-- FOOTER -->
             <div id="footer">



Mime
View raw message