httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r826582 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/ security/vulnerabilities-httpd.page/
Date Sat, 21 Jul 2012 21:16:46 GMT
Modified: websites/staging/httpd/trunk/content/security/vulnerabilities_20.html
==============================================================================
--- websites/staging/httpd/trunk/content/security/vulnerabilities_20.html (original)
+++ websites/staging/httpd/trunk/content/security/vulnerabilities_20.html Sat Jul 21 21:16:45 2012
@@ -5,7 +5,7 @@
         <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
         <link href="/css/apsite.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
         <meta name="author" content="Documentation Group" /><meta name="email" content="docs@httpd.apache.org" />
-        <title>Apache httpd 2.0 vulnerabilities - The Apache HTTP Server Project</title>
+        <title>httpd 2.0 vulnerabilities - The Apache HTTP Server Project</title>
     </head>
     <body>
         
@@ -72,1208 +72,1447 @@
 
         <!-- RIGHT SIDE INFORMATION -->
         <div id="apcontents">
-            
-            <h1 id="top">Apache httpd 2.0 vulnerabilities</h1>
-<p>This page lists all security vulnerabilities fixed in released versions of
-Apache httpd 2.0. Each vulnerability is given a security <a href="/security/impact_levels.html">impact
-rating</a> by the Apache security team - please
-note that this rating may well vary from platform to platform. We also list
-the versions of Apache httpd the flaw is known to affect, and where a flaw
-has not been verified list the version with a question mark.</p>
-<p>Please note that if a vulnerability is shown below as being fixed in a
-"-dev" release then this means that a fix has been applied to the
-development source tree and will be part of an upcoming full release.</p>
-<p>This page is created from a database of vulnerabilities originally
-populated by Apache Week. Please send comments or corrections for these
-vulnerabilities to the <a href="/security_report.html">Security Team</a>.</p>
-<h1 id="2.0.65-dev">Fixed in Apache httpd 2.0.65-dev</h1>
-<dl>
-<dd><strong>important:</strong>  <strong><name name="CVE-2011-3192">Range header remote
-  DoS</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192">CVE-2011-3192</a> </dd>
-</dl>
-<p>A flaw was found in the way the Apache HTTP Server handled Range HTTP
-headers. A remote attacker could use this flaw to cause httpd to use an
-excessive amount of memory and CPU time via HTTP requests with a
-specially-crafted Range header. This could be used in a denial of service
-attack.</p>
-<dl>
-<dt>Advisory: <a href="CVE-2011-3192.txt">CVE-2011-3192.txt</a> </dt>
-<dd>
-<p>Issue public: 20th August 2011<br></br>Update released:
- 30th August 2011<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.64, 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54,
- 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46,
- 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
-</dd>
-<dd>
-<p><strong>moderate:</strong>  <strong><name name="CVE-2011-3368">mod_proxy reverse proxy
-  exposure</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368">CVE-2011-3368</a> </p>
-</dd>
-</dl>
-<p>An exposure was found when using mod_proxy in reverse proxy mode. In
-certain configurations using RewriteRule with proxy flag or ProxyPassMatch,
-a remote attacker could cause the reverse proxy to connect to an arbitrary
-server, possibly disclosing sensitive information from internal web servers
-not directly accessible to attacker.</p>
-<dl>
-<dt>Acknowledgements: This issue was reported by Context Information Security</dt>
-<dt>Ltd</dt>
-<dd>
-<p>Reported to security team: 16th September 2011<br></br>Issue public:
- 5th October 2011<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.64, 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54,
- 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46,
- 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
-</dd>
-<dd>
-<p><strong>moderate:</strong>  <strong><name name="CVE-2011-0419">apr_fnmatch flaw leads to
-  mod_autoindex remote DoS</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0419">CVE-2011-0419</a> </p>
-</dd>
-</dl>
-<p>A flaw was found in the apr_fnmatch() function of the bundled APR library.
-Where mod_autoindex is enabled, and a directory indexed by mod_autoindex
-contained files with sufficiently long names, a remote attacker could send
-a carefully crafted request which would cause excessive CPU usage. This
-could be used in a denial of service attack.</p>
-<p>Workaround: Setting the 'IgnoreClient' option to the 'IndexOptions'
+            <h1 id="top">Apache httpd 2.0 vulnerabilities</h1><p>This page lists all security vulnerabilities fixed in released
+versions of Apache httpd 2.0.  Each
+vulnerability is given a security <a href="/security/impact_levels.html">impact rating</a> by the Apache
+security team - please note that this rating may well vary from
+platform to platform.  We also list the versions of Apache httpd the
+flaw is known to affect, and where a flaw has not been verified list
+the version with a question mark.  </p><p> Please note that if a vulnerability is shown below as being fixed
+in a "-dev" release then this means that a fix has been applied to
+the development source tree and will be part of an upcoming full release.</p><p> This page is created from a database of vulnerabilities originally
+populated by Apache Week.  Please send comments or corrections for
+these vulnerabilities to the <a href="/security_report.html">Security
+Team</a>.  </p><h1 id="2.0.65-dev">
+Fixed in Apache httpd 2.0.65-dev</h1><dl>
+  <dd>
+    <b>important: </b>
+    <b>
+      <name name="CVE-2011-3192">Range header remote DoS</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192">CVE-2011-3192</a>
+    <p>
+A flaw was found in the way the Apache HTTP Server handled Range HTTP
+headers. A remote attacker could use this flaw to cause httpd to use
+an excessive amount of memory and CPU time via HTTP requests with a
+specially-crafted Range header.  This could be used in a denial of
+service attack.  </p>
+    <p>
+Advisory: <a href="CVE-2011-3192.txt">CVE-2011-3192.txt</a>
+</p>
+  </dd>
+  <dd>
+  Issue public: 20th August 2011<br/></dd>
+  <dd>
+  Update Released: 30th August 2011<br/></dd>
+  <dd>
+      Affects: 
+    2.0.64, 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
+  <dd>
+    <b>moderate: </b>
+    <b>
+      <name name="CVE-2011-3368">mod_proxy reverse proxy exposure</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368">CVE-2011-3368</a>
+    <p>
+An exposure was found when using mod_proxy in reverse proxy mode.
+In certain configurations using RewriteRule with proxy flag or
+ProxyPassMatch, a remote attacker could cause the reverse proxy to
+connect to an arbitrary server, possibly disclosing sensitive
+information from internal web servers not directly accessible to
+attacker.</p>
+  </dd>
+  <dd>
+    <p>Acknowledgements: 
+This issue was reported by Context Information Security Ltd
+</p>
+  </dd>
+  <dd>
+  Reported to security team: 16th September 2011<br/>
+  Issue public: 5th October 2011<br/></dd>
+  <dd/>
+  <dd>
+      Affects: 
+    2.0.64, 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
+  <dd>
+    <b>moderate: </b>
+    <b>
+      <name name="CVE-2011-0419">apr_fnmatch flaw leads to mod_autoindex remote DoS</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0419">CVE-2011-0419</a>
+    <p>
+A flaw was found in the apr_fnmatch() function of the bundled APR
+library.  Where mod_autoindex is enabled, and a directory indexed by
+mod_autoindex contained files with sufficiently long names, a
+remote attacker could send a carefully crafted request which would
+cause excessive CPU usage.  This could be used in a denial of service
+attack.
+</p>
+    <p>
+Workaround: Setting the 'IgnoreClient' option to the 'IndexOptions'
 directive disables processing of the client-supplied request query
-arguments, preventing this attack.</p>
-<p>Resolution: Update APR to release 0.9.20 (to be bundled with httpd 2.0.65)</p>
-<dl>
-<dt>Acknowledgements: This issue was reported by Maksymilian Arciemowicz</dt>
-<dd>
-<p>Reported to security team: 2nd March 2011<br></br>Issue public:
- 10th May 2011<br></br>Update released: 21st May 2011<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.64, 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54,
- 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46,
- 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
-</dd>
-</dl>
-<h1 id="2.0.64">Fixed in Apache httpd 2.0.64</h1>
-<dl>
-<dd><strong>important:</strong>  <strong><name name="CVE-2010-0425">mod_isapi module unload
-  flaw</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0425">CVE-2010-0425</a> </dd>
-</dl>
-<p>A flaw was found with within mod_isapi which would attempt to unload the
-ISAPI dll when it encountered various error states. This could leave the
-callbacks in an undefined state and result in a segfault. On Windows
-platforms using mod_isapi, a remote attacker could send a malicious request
-to trigger this issue, and as win32 MPM runs only one process, this would
-result in a denial of service, and potentially allow arbitrary code
-execution.</p>
-<dl>
-<dt>Acknowledgements: We would like to thank Brett Gervasoni of Sense of</dt>
-<dt>Security for reporting and proposing a patch fix for this issue.</dt>
-<dd>
-<p>Reported to security team: 9th February 2010<br></br>Issue public:
- 2nd March 2010<br></br>Update released: 19th October 2010<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53,
- 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45,
- 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37</p>
-</dd>
-<dd>
-<p><strong>low:</strong>  <strong><name name="CVE-2009-3720">expat DoS</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720">CVE-2009-3720</a> </p>
-</dd>
-<dt>A buffer over-read flaw was found in the bundled expat library. An attacker</dt>
-<dt>who is able to get Apache to parse an untrused XML document (for example</dt>
-<dt>through mod_dav) may be able to cause a crash. This crash would only be a</dt>
-<dt>denial of service if using the worker MPM.</dt>
-<dd>
-<p>Reported to security team: 21st August 2009<br></br>Issue public:
- 17th January 2009<br></br>Update released:
- 19th October 2010<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53,
- 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45,
- 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
-</dd>
-<dd>
-<p><strong>low:</strong>  <strong><name name="CVE-2009-3560">expat DoS</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560">CVE-2009-3560</a> </p>
-</dd>
-<dt>A buffer over-read flaw was found in the bundled expat library. An attacker</dt>
-<dt>who is able to get Apache to parse an untrused XML document (for example</dt>
-<dt>through mod_dav) may be able to cause a crash. This crash would only be a</dt>
-<dt>denial of service if using the worker MPM.</dt>
-<dd>
-<p>Issue public: 2nd December 2009<br></br>Update released:
- 19th October 2010<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53,
- 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45,
- 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
-</dd>
-<dd>
-<p><strong>low:</strong>  <strong><name name="CVE-2010-1623">apr_bridage_split_line
-  DoS</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1623">CVE-2010-1623</a> </p>
-</dd>
-<dt>A flaw was found in the apr_brigade_split_line() function of the bundled</dt>
-<dt>APR-util library, used to process non-SSL requests. A remote attacker could</dt>
-<dt>send requests, carefully crafting the timing of individual bytes, which</dt>
-<dt>would slowly consume memory, potentially leading to a denial of service.</dt>
-<dd>
-<p>Reported to security team: 3rd March 2010<br></br>Issue public:
- 1st October 2010<br></br>Update released:
- 19th October 2010<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53,
- 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45,
- 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
-</dd>
-<dd>
-<p><strong>low:</strong>  <strong><name name="CVE-2010-1452">mod_dav DoS</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1452">CVE-2010-1452</a> </p>
-</dd>
-</dl>
-<p>A flaw was found in the handling of requests by mod_dav. A malicious remote
-attacker could send a carefully crafted request and cause a httpd child
-process to crash. This crash would only be a denial of service if using the
-worker MPM. This issue is further mitigated as mod_dav is only affected by
-requests that are most likely to be authenticated.</p>
-<dl>
-<dt>Acknowledgements: This issue was reported by Mark Drayton.</dt>
-<dd>
-<p>Reported to security team: 4th May 2010<br></br>Issue public:
- 25th July 2010<br></br>Update released: 19th October 2010<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53,
- 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45,
- 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
-</dd>
-<dd>
-<p><strong>low:</strong>  <strong><name name="CVE-2009-2412">APR apr_palloc heap
-  overflow</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412">CVE-2009-2412</a> </p>
-</dd>
-<dt>A flaw in apr_palloc() in the bundled copy of APR could cause heap</dt>
-<dt>overflows in programs that try to apr_palloc() a user controlled size. The</dt>
-<dt>Apache HTTP Server itself does not pass unsanitized user-provided sizes to</dt>
-<dt>this function, so it could only be triggered through some other application</dt>
-<dt>which uses apr_palloc() in a vulnerable way.</dt>
-<dd>
-<p>Reported to security team: 27th July 2009<br></br>Issue public:
- 4th August 2009<br></br>Update released:
- 19th October 2010<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53,
- 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45,
- 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
-</dd>
-<dd>
-<p><strong>low:</strong>  <strong><name name="CVE-2009-1891">mod_deflate DoS</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891">CVE-2009-1891</a> </p>
-</dd>
-<dt>A denial of service flaw was found in the mod_deflate module. This module</dt>
-<dt>continued to compress large files until compression was complete, even if</dt>
-<dt>the network connection that requested the content was closed before</dt>
-<dt>compression completed. This would cause mod_deflate to consume large</dt>
-<dt>amounts of CPU if mod_deflate was enabled for a large file.</dt>
-<dd>
-<p>Issue public: 26th June 2009<br></br>Update released:
- 19th October 2010<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53,
- 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45,
- 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
-</dd>
-<dd>
-<p><strong>low:</strong>  <strong><name name="CVE-2009-3095">mod_proxy_ftp FTP command
-  injection</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095">CVE-2009-3095</a> </p>
-</dd>
-<dt>A flaw was found in the mod_proxy_ftp module. In a reverse proxy</dt>
-<dt>configuration, a remote attacker could use this flaw to bypass intended</dt>
-<dt>access restrictions by creating a carefully-crafted HTTP Authorization</dt>
-<dt>header, allowing the attacker to send arbitrary commands to the FTP server.</dt>
-<dd>
-<p>Reported to security team: 3rd September 2009<br></br>Issue public:
- 3rd August 2009<br></br>Update released:
- 19th October 2010<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53,
- 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45,
- 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
-</dd>
-<dd>
-<p><strong>low:</strong>  <strong><name name="CVE-2009-3094">mod_proxy_ftp DoS</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094">CVE-2009-3094</a> </p>
-</dd>
-<dt>A NULL pointer dereference flaw was found in the mod_proxy_ftp module. A</dt>
-<dt>malicious FTP server to which requests are being proxied could use this</dt>
-<dt>flaw to crash an httpd child process via a malformed reply to the EPSV or</dt>
-<dt>PASV commands, resulting in a limited denial of service.</dt>
-<dd>
-<p>Reported to security team: 4th September 2009<br></br>Issue public:
- 2nd August 2009<br></br>Update released:
- 19th October 2010<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53,
- 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45,
- 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
-</dd>
-<dd>
-<p><strong>low:</strong>  <strong><name name="CVE-2010-0434">Subrequest handling of request
-  headers (mod_headers)</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0434">CVE-2010-0434</a> </p>
-</dd>
-</dl>
-<p>A flaw in the core subrequest process code was fixed, to always provide a
-shallow copy of the headers_in array to the subrequest, instead of a
-pointer to the parent request's array as it had for requests without
-request bodies. This meant all modules such as mod_headers which may
-manipulate the input headers for a subrequest would poison the parent
-request in two ways, one by modifying the parent request, which might not
-be intended, and second by leaving pointers to modified header fields in
-memory allocated to the subrequest scope, which could be freed before the
-main request processing was finished, resulting in a segfault or in
-revealing data from another request on threaded servers, such as the worker
-or winnt MPMs.</p>
-<dl>
-<dt>Acknowledgements: We would like to thank Philip Pickett of VMware for</dt>
-<dt>reporting and proposing a fix for this issue.</dt>
-<dd>
-<p>Issue public: 9th December 2009<br></br>Update released:
- 19th October 2010<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53,
- 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45,
- 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
-</dd>
-<dd>
-<p><strong>low:</strong>  <strong><name name="CVE-2008-2939">mod_proxy_ftp globbing
-  XSS</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939">CVE-2008-2939</a> </p>
-</dd>
-<dt>A flaw was found in the handling of wildcards in the path of a FTP URL with</dt>
-<dt>mod_proxy_ftp. If mod_proxy_ftp is enabled to support FTP-over-HTTP,</dt>
-<dt>requests containing globbing characters could lead to cross-site scripting</dt>
-<dt>(XSS) attacks.</dt>
-<dd>
-<p>Reported to security team: 28th July 2008<br></br>Issue public:
- 5th August 2008<br></br>Update released:
- 19th October 2010<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53,
- 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45,
- 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
-</dd>
-<dd>
-<p><strong>moderate:</strong>  <strong><name name="CVE-2008-2364">mod_proxy_http
-  DoS</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364">CVE-2008-2364</a> </p>
-</dd>
-<dt>A flaw was found in the handling of excessive interim responses from an</dt>
-<dt>origin server when using mod_proxy_http. A remote attacker could cause a</dt>
-<dt>denial of service or high memory usage.</dt>
-<dd>
-<p>Reported to security team: 29th May 2008<br></br>Issue public:
- 10th June 2008<br></br>Update released: 19th October 2010<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53,
- 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45,
- 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
-</dd>
-</dl>
-<h1 id="2.0.63">Fixed in Apache httpd 2.0.63</h1>
-<dl>
-<dd><strong>low:</strong>  <strong><name name="CVE-2008-0005">mod_proxy_ftp UTF-7
-  XSS</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005">CVE-2008-0005</a> </dd>
-<dt>A workaround was added in the mod_proxy_ftp module. On sites where</dt>
-<dt>mod_proxy_ftp is enabled and a forward proxy is configured, a cross-site</dt>
-<dt>scripting attack is possible against Web browsers which do not correctly</dt>
-<dt>derive the response character set following the rules in RFC 2616.</dt>
-<dd>
-<p>Reported to security team: 15th December 2007<br></br>Issue public:
- 8th January 2008<br></br>Update released:
- 19th January 2008<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52,
- 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44,
- 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
-</dd>
-<dd>
-<p><strong>moderate:</strong>  <strong><name name="CVE-2007-6388">mod_status XSS</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388">CVE-2007-6388</a> </p>
-</dd>
-<dt>A flaw was found in the mod_status module. On sites where mod_status is</dt>
-<dt>enabled and the status pages were publicly accessible, a cross-site</dt>
-<dt>scripting attack is possible. Note that the server-status page is not</dt>
-<dt>enabled by default and it is best practice to not make this publicly</dt>
-<dt>available.</dt>
-<dd>
-<p>Reported to security team: 15th December 2007<br></br>Issue public:
- 2nd January 2008<br></br>Update released:
- 19th January 2008<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52,
- 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44,
- 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
-</dd>
-<dd>
-<p><strong>moderate:</strong>  <strong><name name="CVE-2007-5000">mod_imap XSS</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000">CVE-2007-5000</a> </p>
-</dd>
-<dt>A flaw was found in the mod_imap module. On sites where mod_imap is enabled</dt>
-<dt>and an imagemap file is publicly available, a cross-site scripting attack</dt>
-<dt>is possible.</dt>
-<dd>
-<p>Reported to security team: 23rd October 2007<br></br>Issue public:
- 11th December 2007<br></br>Update released:
- 19th January 2008<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52,
- 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44,
- 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
-</dd>
-</dl>
-<h1 id="2.0.61">Fixed in Apache httpd 2.0.61</h1>
-<dl>
-<dd><strong>moderate:</strong>  <strong><name name="CVE-2007-3847">mod_proxy crash</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847">CVE-2007-3847</a> </dd>
-<dt>A flaw was found in the Apache HTTP Server mod_proxy module. On sites where</dt>
-<dt>a reverse proxy is configured, a remote attacker could send a carefully</dt>
-<dt>crafted request that would cause the Apache child process handling that</dt>
-<dt>request to crash. On sites where a forward proxy is configured, an attacker</dt>
-<dt>could cause a similar crash if a user could be persuaded to visit a</dt>
-<dt>malicious site using the proxy. This could lead to a denial of service if</dt>
-<dt>using a threaded Multi-Processing Module.</dt>
-<dd>
-<p>Issue public: 10th December 2006<br></br>Update released:
- 7th September 2007<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51,
- 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43,
- 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
-</dd>
-<dd>
-<p><strong>moderate:</strong>  <strong><name name="CVE-2006-5752">mod_status cross-site
-  scripting</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752">CVE-2006-5752</a> </p>
-</dd>
-<dt>A flaw was found in the mod_status module. On sites where the server-status</dt>
-<dt>page is publicly accessible and ExtendedStatus is enabled this could lead</dt>
-<dt>to a cross-site scripting attack. Note that the server-status page is not</dt>
-<dt>enabled by default and it is best practice to not make this publicly</dt>
-<dt>available.</dt>
-<dd>
-<p>Reported to security team: 19th October 2006<br></br>Issue public:
- 20th June 2007<br></br>Update released:
- 7th September 2007<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51,
- 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43,
- 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
-</dd>
-<dd>
-<p><strong>moderate:</strong>  <strong><name name="CVE-2007-3304">Signals to arbitrary
-  processes</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304">CVE-2007-3304</a> </p>
-</dd>
-<dt>The Apache HTTP server did not verify that a process was an Apache child</dt>
-<dt>process before sending it signals. A local attacker with the ability to run</dt>
-<dt>scripts on the HTTP server could manipulate the scoreboard and cause</dt>
-<dt>arbitrary processes to be terminated which could lead to a denial of</dt>
-<dt>service.</dt>
-<dd>
-<p>Reported to security team: 15th May 2006<br></br>Issue public:
- 19th June 2007<br></br>Update released:
- 7th September 2007<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51,
- 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43,
- 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
-</dd>
-<dd>
-<p><strong>moderate:</strong>  <strong><name name="CVE-2007-1863">mod_cache proxy
-  DoS</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863">CVE-2007-1863</a> </p>
-</dd>
-<dt>A bug was found in the mod_cache module. On sites where caching is enabled,</dt>
-<dt>a remote attacker could send a carefully crafted request that would cause</dt>
-<dt>the Apache child process handling that request to crash. This could lead to</dt>
-<dt>a denial of service if using a threaded Multi-Processing Module.</dt>
-<dd>
-<p>Reported to security team: 2nd May 2007<br></br>Issue public:
- 18th June 2007<br></br>Update released:
- 7th September 2007<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51,
- 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43,
- 2.0.42, 2.0.40, 2.0.39, 2.0.37</p>
-</dd>
-</dl>
-<h1 id="2.0.59">Fixed in Apache httpd 2.0.59</h1>
-<dl>
-<dd><strong>important:</strong>  <strong><name name="CVE-2006-3747">mod_rewrite off-by-one
-  error</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3747">CVE-2006-3747</a> </dd>
-<dt>An off-by-one flaw exists in the Rewrite module, mod_rewrite. Depending on</dt>
-<dt>the manner in which Apache httpd was compiled, this software defect may</dt>
-<dt>result in a vulnerability which, in combination with certain types of</dt>
-<dt>Rewrite rules in the web server configuration files, could be triggered</dt>
-<dt>remotely. For vulnerable builds, the nature of the vulnerability can be</dt>
-<dt>denial of service (crashing of web server processes) or potentially allow</dt>
-<dt>arbitrary code execution.</dt>
-<dd>
-<p>Reported to security team: 21st July 2006<br></br>Issue public:
- 27th July 2006<br></br>Update released: 27th July 2006<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50,
- 2.0.49, 2.0.48, 2.0.47, 2.0.46</p>
-</dd>
-</dl>
-<h1 id="2.0.58">Fixed in Apache httpd 2.0.58</h1>
-<dl>
-<dd><strong>low:</strong>  <strong><name name="CVE-2005-3357">mod_ssl access control
-  DoS</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3357">CVE-2005-3357</a> </dd>
-<dt>A NULL pointer dereference flaw in mod_ssl was discovered affecting server</dt>
-<dt>configurations where an SSL virtual host is configured with access control</dt>
-<dt>and a custom 400 error document. A remote attacker could send a carefully</dt>
-<dt>crafted request to trigger this issue which would lead to a crash. This</dt>
-<dt>crash would only be a denial of service if using the worker MPM.</dt>
-<dd>
-<p>Reported to security team: 5th December 2005<br></br>Issue public:
- 12th December 2005<br></br>Update released: 1st May 2006<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49,
- 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40,
- 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
-</dd>
-<dd>
-<p><strong>moderate:</strong>  <strong><name name="CVE-2005-3352">mod_imap Referer
-  Cross-Site Scripting</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352">CVE-2005-3352</a> </p>
-</dd>
-<dt>A flaw in mod_imap when using the Referer directive with image maps. In</dt>
-<dt>certain site configurations a remote attacker could perform a cross-site</dt>
-<dt>scripting attack if a victim can be forced to visit a malicious URL using</dt>
-<dt>certain web browsers.</dt>
-<dd>
-<p>Reported to security team: 1st November 2005<br></br>Issue public:
- 12th December 2005<br></br>Update released: 1st May 2006<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49,
- 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40,
- 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
-</dd>
-</dl>
-<h1 id="2.0.55">Fixed in Apache httpd 2.0.55</h1>
-<dl>
-<dd><strong>important:</strong>  <strong><name name="CVE-2005-2700">SSLVerifyClient
-  bypass</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2700">CVE-2005-2700</a> </dd>
-<dt>A flaw in the mod_ssl handling of the "SSLVerifyClient" directive. This</dt>
-<dt>flaw would occur if a virtual host has been configured using</dt>
-<dt>"SSLVerifyClient optional" and further a directive "SSLVerifyClient</dt>
-<dt>required" is set for a specific location. For servers configured in this</dt>
-<dt>fashion, an attacker may be able to access resources that should otherwise</dt>
-<dt>be protected, by not supplying a client certificate when connecting.</dt>
-<dd>
-<p>Issue public: 30th August 2005<br></br>Update released:
- 14th October 2005<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48,
- 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39,
- 2.0.37, 2.0.36, 2.0.35</p>
-</dd>
-<dd>
-<p><strong>low:</strong>  <strong><name name="CVE-2005-2970">Worker MPM memory
-  leak</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2970">CVE-2005-2970</a> </p>
-</dd>
-<dt>A memory leak in the worker MPM would allow remote attackers to cause a</dt>
-<dt>denial of service (memory consumption) via aborted connections, which</dt>
-<dt>prevents the memory for the transaction pool from being reused for other</dt>
-<dt>connections. This issue was downgraded in severity to low (from moderate)</dt>
-<dt>as sucessful exploitation of the race condition would be difficult.</dt>
-<dd>
-<p>Update released: 14th October 2005<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48,
- 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39,
- 2.0.37, 2.0.36</p>
-</dd>
-<dd>
-<p><strong>low:</strong>  <strong><name name="CVE-2005-2491">PCRE overflow</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2491">CVE-2005-2491</a> </p>
-</dd>
-<dt>An integer overflow flaw was found in PCRE, a Perl-compatible regular</dt>
-<dt>expression library included within httpd. A local user who has the ability</dt>
-<dt>to create.htaccess files could create a maliciously crafted regular</dt>
-<dt>expression in such as way that they could gain the privileges of a httpd</dt>
-<dt>child.</dt>
-<dd>
-<p>Issue public: 1st August 2005<br></br>Update released:
- 14th October 2005<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48,
- 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39,
- 2.0.37, 2.0.36, 2.0.35</p>
-</dd>
-<dd>
-<p><strong>low:</strong>  <strong><name name="CVE-2005-1268">Malicious CRL
-  off-by-one</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1268">CVE-2005-1268</a> </p>
-</dd>
-<dt>An off-by-one stack overflow was discovered in the mod_ssl CRL verification</dt>
-<dt>callback. In order to exploit this issue the Apache server would need to be</dt>
-<dt>configured to use a malicious certificate revocation list (CRL)</dt>
-<dd>
-<p>Issue public: 8th June 2005<br></br>Update released:
- 14th October 2005<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48,
- 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39,
- 2.0.37, 2.0.36, 2.0.35</p>
-</dd>
-<dd>
-<p><strong>moderate:</strong>  <strong><name name="CVE-2005-2728">Byterange filter
-  DoS</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2728">CVE-2005-2728</a> </p>
-</dd>
-<dt>A flaw in the byterange filter would cause some responses to be buffered</dt>
-<dt>into memory. If a server has a dynamic resource such as a CGI script or PHP</dt>
-<dt>script which generates a large amount of data, an attacker could send</dt>
-<dt>carefully crafted requests in order to consume resources, potentially</dt>
-<dt>leading to a Denial of Service.</dt>
-<dd>
-<p>Issue public: 7th July 2005<br></br>Update released:
- 14th October 2005<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48,
- 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39,
- 2.0.37, 2.0.36, 2.0.35</p>
-</dd>
-<dd>
-<p><strong>moderate:</strong>  <strong><name name="CVE-2005-2088">HTTP Request
-  Spoofing</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2088">CVE-2005-2088</a> </p>
-</dd>
-<dt>A flaw occured when using the Apache server as a HTTP proxy. A remote</dt>
-<dt>attacker could send a HTTP request with both a "Transfer-Encoding: chunked"</dt>
-<dt>header and a Content-Length header, causing Apache to incorrectly handle</dt>
-<dt>and forward the body of the request in a way that causes the receiving</dt>
-<dt>server to process it as a separate HTTP request. This could allow the</dt>
-<dt>bypass of web application firewall protection or lead to cross-site</dt>
-<dt>scripting (XSS) attacks.</dt>
-<dd>
-<p>Issue public: 11th June 2005<br></br>Update released:
- 14th October 2005<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48,
- 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39,
- 2.0.37, 2.0.36, 2.0.35</p>
-</dd>
-</dl>
-<h1 id="2.0.53">Fixed in Apache httpd 2.0.53</h1>
-<dl>
-<dd><strong>important:</strong>  <strong><name name="CVE-2004-0942">Memory consumption
-  DoS</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0942">CVE-2004-0942</a> </dd>
-<dt>An issue was discovered where the field length limit was not enforced for</dt>
-<dt>certain malicious requests. This could allow a remote attacker who is able</dt>
-<dt>to send large amounts of data to a server the ability to cause Apache</dt>
-<dt>children to consume proportional amounts of memory, leading to a denial of</dt>
-<dt>service.</dt>
-<dd>
-<p>Reported to security team: 28th October 2004<br></br>Issue public:
- 1st November 2004<br></br>Update released:
- 8th February 2005<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46,
- 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
-</dd>
-<dd>
-<p><strong>low:</strong>  <strong><name name="CVE-2004-1834">mod_disk_cache stores
-  sensitive headers</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1834">CVE-2004-1834</a> </p>
-</dd>
-<dt>The experimental mod_disk_cache module stored client authentication</dt>
-<dt>credentials for cached objects such as proxy authentication credentials and</dt>
-<dt>Basic Authentication passwords on disk.</dt>
-<dd>
-<p>Reported to security team: 2nd March 2004<br></br>Issue public:
- 20th March 2004<br></br>Update released:
- 8th February 2005<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46,
- 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
-</dd>
-<dd>
-<p><strong>moderate:</strong>  <strong><name name="CVE-2004-0885">SSLCipherSuite
-  bypass</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0885">CVE-2004-0885</a> </p>
-</dd>
-<dt>An issue has been discovered in the mod_ssl module when configured to use</dt>
-<dt>the "SSLCipherSuite" directive in directory or location context. If a</dt>
-<dt>particular location context has been configured to require a specific set</dt>
-<dt>of cipher suites, then a client will be able to access that location using</dt>
-<dt>any cipher suite allowed by the virtual host configuration.</dt>
-<dd>
-<p>Issue public: 1st October 2004<br></br>Update released:
- 8th February 2005<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46,
- 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
-</dd>
-</dl>
-<h1 id="2.0.52">Fixed in Apache httpd 2.0.52</h1>
-<dl>
-<dd><strong>important:</strong>  <strong><name name="CVE-2004-0811">Basic authentication
-  bypass</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0811">CVE-2004-0811</a> </dd>
-<dt>A flaw in Apache 2.0.51 (only) broke the merging of the Satisfy directive</dt>
-<dt>which could result in access being granted to resources despite any</dt>
-<dt>configured authentication</dt>
-<dd>
-<p>Issue public: 18th September 2004<br></br>Update released:
- 28th September 2004<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.51</p>
-</dd>
-</dl>
-<h1 id="2.0.51">Fixed in Apache httpd 2.0.51</h1>
-<dl>
-<dd><strong>critical:</strong>  <strong><name name="CVE-2004-0786">IPv6 URI parsing heap
-  overflow</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0786">CVE-2004-0786</a> </dd>
-<dt>Testing using the Codenomicon HTTP Test Tool performed by the Apache</dt>
-<dt>Software Foundation security group and Red Hat uncovered an input</dt>
-<dt>validation issue in the IPv6 URI parsing routines in the apr-util library.</dt>
-<dt>If a remote attacker sent a request including a carefully crafted URI, an</dt>
-<dt>httpd child process could be made to crash. One some BSD systems it is</dt>
-<dt>believed this flaw may be able to lead to remote code execution.</dt>
-<dd>
-<p>Reported to security team: 25th August 2004<br></br>Issue public:
- 15th September 2004<br></br>Update released:
- 15th September 2004<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44,
- 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
-</dd>
-<dd>
-<p><strong>important:</strong>  <strong><name name="CVE-2004-0748">SSL connection infinite
-  loop</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0748">CVE-2004-0748</a> </p>
-</dd>
-<dt>An issue was discovered in the mod_ssl module in Apache 2.0. A remote</dt>
-<dt>attacker who forces an SSL connection to be aborted in a particular state</dt>
-<dt>may cause an Apache child process to enter an infinite loop, consuming CPU</dt>
-<dt>resources.</dt>
-<dd>
-<p>Issue public: 7th July 2004<br></br>Update released:
- 15th September 2004<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.50, 2.0.49?, 2.0.48?, 2.0.47?, 2.0.46?, 2.0.45?,
- 2.0.44?, 2.0.43?, 2.0.42?, 2.0.40?, 2.0.39?, 2.0.37?, 2.0.36?, 2.0.35?</p>
-</dd>
-<dd>
-<p><strong>low:</strong>  <strong><name name="CVE-2004-0747">Environment variable expansion
-  flaw</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0747">CVE-2004-0747</a> </p>
-</dd>
-</dl>
-<p>A buffer overflow was found in the expansion of environment variables
-during configuration file parsing. This issue could allow a local user to
-gain the privileges of a httpd child if a server can be forced to parse a
-carefully crafted.htaccess file written by a local user.</p>
-<dl>
-<dt>Acknowledgements: We would like to thank the Swedish IT Incident Centre</dt>
-<dt>(SITIC) for reporting this issue.</dt>
-<dd>
-<p>Reported to security team: 5th August 2004<br></br>Issue public:
- 15th September 2004<br></br>Update released:
- 15th September 2004<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44,
- 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
-</dd>
-<dd>
-<p><strong>low:</strong>  <strong><name name="CVE-2004-0751">Malicious SSL proxy can cause
-  crash</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0751">CVE-2004-0751</a> </p>
-</dd>
-<dt>An issue was discovered in the mod_ssl module in Apache 2.0.44-2.0.50 which</dt>
-<dt>could be triggered if the server is configured to allow proxying to a</dt>
-<dt>remote SSL server. A malicious remote SSL server could force an httpd child</dt>
-<dt>process to crash by sending a carefully crafted response header. This issue</dt>
-<dt>is not believed to allow execution of arbitrary code and will only result</dt>
-<dt>in a denial of service where a threaded process model is in use.</dt>
-<dd>
-<p>Issue public: 7th July 2004<br></br>Update released:
- 15th September 2004<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44</p>
-</dd>
-<dd>
-<p><strong>low:</strong>  <strong><name name="CVE-2004-0809">WebDAV remote crash</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0809">CVE-2004-0809</a> </p>
-</dd>
-<dt>An issue was discovered in the mod_dav module which could be triggered for</dt>
-<dt>a location where WebDAV authoring access has been configured. A malicious</dt>
-<dt>remote client which is authorized to use the LOCK method could force an</dt>
-<dt>httpd child process to crash by sending a particular sequence of LOCK</dt>
-<dt>requests. This issue does not allow execution of arbitrary code. and will</dt>
-<dt>only result in a denial of service where a threaded process model is in</dt>
-<dt>use.</dt>
-<dd>
-<p>Issue public: 12th September 2004<br></br>Update released:
- 15th September 2004<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44,
- 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
-</dd>
-</dl>
-<h1 id="2.0.50">Fixed in Apache httpd 2.0.50</h1>
-<dl>
-<dd><strong>important:</strong>  <strong><name name="CVE-2004-0493">Header parsing memory
-  leak</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0493">CVE-2004-0493</a> </dd>
-<dt>A memory leak in parsing of HTTP headers which can be triggered remotely</dt>
-<dt>may allow a denial of service attack due to excessive memory consumption.</dt>
-<dd>
-<p>Reported to security team: 13th June 2004<br></br>Issue public:
- 1st July 2004<br></br>Update released: 1st July 2004<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.49, 2.0.48?, 2.0.47?, 2.0.46?, 2.0.45?, 2.0.44?,
- 2.0.43?, 2.0.42?, 2.0.40?, 2.0.39?, 2.0.37?, 2.0.36?, 2.0.35?</p>
-</dd>
-<dd>
-<p><strong>low:</strong>  <strong><name name="CVE-2004-0488">FakeBasicAuth
-  overflow</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0488">CVE-2004-0488</a> </p>
-</dd>
-<dt>A buffer overflow in the mod_ssl FakeBasicAuth code could be exploited by</dt>
-<dt>an attacker using a (trusted) client certificate with a subject DN field</dt>
-<dt>which exceeds 6K in length.</dt>
-<dd>
-<p>Issue public: 17th May 2004<br></br>Update released:
- 1st July 2004<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43,
- 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
-</dd>
-</dl>
-<h1 id="2.0.49">Fixed in Apache httpd 2.0.49</h1>
-<dl>
-<dd><strong>important:</strong>  <strong><name name="CVE-2004-0174">listening socket
-  starvation</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0174">CVE-2004-0174</a> </dd>
-<dt>A starvation issue on listening sockets occurs when a short-lived</dt>
-<dt>connection on a rarely-accessed listening socket will cause a child to hold</dt>
-<dt>the accept mutex and block out new connections until another connection</dt>
-<dt>arrives on that rarely-accessed listening socket. This issue is known to</dt>
-<dt>affect some versions of AIX, Solaris, and Tru64; it is known to not affect</dt>
-<dt>FreeBSD or Linux.</dt>
-<dd>
-<p>Reported to security team: 25th February 2004<br></br>Issue public:
- 18th March 2004<br></br>Update released: 19th March 2004<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42,
- 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
-</dd>
-<dd>
-<p><strong>important:</strong>  <strong><name name="CVE-2004-0113">mod_ssl memory
-  leak</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0113">CVE-2004-0113</a> </p>
-</dd>
-<dt>A memory leak in mod_ssl allows a remote denial of service attack against</dt>
-<dt>an SSL-enabled server by sending plain HTTP requests to the SSL port.</dt>
-<dd>
-<p>Issue public: 20th February 2004<br></br>Update released:
- 19th March 2004<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42,
- 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
-</dd>
-<dd>
-<p><strong>low:</strong>  <strong><name name="CVE-2003-0020">Error log escape
-  filtering</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0020">CVE-2003-0020</a> </p>
-</dd>
-<dt>Apache does not filter terminal escape sequences from error logs, which</dt>
-<dt>could make it easier for attackers to insert those sequences into terminal</dt>
-<dt>emulators containing vulnerabilities related to escape sequences.</dt>
-<dd>
-<p>Issue public: 24th February 2003<br></br>Update released:
- 19th March 2004<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42,
- 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
-</dd>
-</dl>
-<h1 id="2.0.48">Fixed in Apache httpd 2.0.48</h1>
-<dl>
-<dd><strong>low:</strong>  <strong><name name="CVE-2003-0542">Local configuration regular
-  expression overflow</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0542">CVE-2003-0542</a> </dd>
-<dt>By using a regular expression with more than 9 captures a buffer overflow</dt>
-<dt>can occur in mod_alias or mod_rewrite. To exploit this an attacker would</dt>
-<dt>need to be able to create a carefully crafted configuration file (.htaccess</dt>
-<dt>or httpd.conf)</dt>
-<dd>
-<p>Reported to security team: 4th August 2003<br></br>Issue public:
- 27th October 2003<br></br>Update released:
- 27th October 2003<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40,
- 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
-</dd>
-<dd>
-<p><strong>moderate:</strong>  <strong><name name="CVE-2003-0789">CGI output information
-  leak</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0789">CVE-2003-0789</a> </p>
-</dd>
-<dt>A bug in mod_cgid mishandling of CGI redirect paths can result in CGI</dt>
-<dt>output going to the wrong client when a threaded MPM is used.</dt>
-<dd>
-<p>Reported to security team: 3rd October 2003<br></br>Issue public:
- 27th October 2003<br></br>Update released:
- 27th October 2003<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40,
- 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
-</dd>
-</dl>
-<h1 id="2.0.47">Fixed in Apache httpd 2.0.47</h1>
-<dl>
-<dd><strong>important:</strong>  <strong><name name="CVE-2003-0253">Remote DoS with multiple
-  Listen directives</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0253">CVE-2003-0253</a> </dd>
-<dt>In a server with multiple listening sockets a certain error returned by</dt>
-<dt>accept() on a rarely access port can cause a temporary denial of service,</dt>
-<dt>due to a bug in the prefork MPM.</dt>
-<dd>
-<p>Reported to security team: 25th June 2003<br></br>Issue public:
- 9th July 2003<br></br>Update released: 9th July 2003<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39,
- 2.0.37, 2.0.36, 2.0.35</p>
-</dd>
-<dd>
-<p><strong>low:</strong>  <strong><name name="CVE-2003-0192">mod_ssl renegotiation
-  issue</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0192">CVE-2003-0192</a> </p>
-</dd>
-<dt>A bug in the optional renegotiation code in mod_ssl included with Apache</dt>
-<dt>httpd can cause cipher suite restrictions to be ignored. This is triggered</dt>
-<dt>if optional renegotiation is used (SSLOptions +OptRenegotiate) along with</dt>
-<dt>verification of client certificates and a change to the cipher suite over</dt>
-<dt>the renegotiation.</dt>
-<dd>
-<p>Reported to security team: 30th April 2003<br></br>Issue public:
- 9th July 2003<br></br>Update released: 9th July 2003<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39,
- 2.0.37, 2.0.36, 2.0.35</p>
-</dd>
-<dd>
-<p><strong>moderate:</strong>  <strong><name name="CVE-2003-0254">Remote DoS via IPv6 ftp
-  proxy</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0254">CVE-2003-0254</a> </p>
-</dd>
-<dt>When a client requests that proxy ftp connect to a ftp server with IPv6</dt>
-<dt>address, and the proxy is unable to create an IPv6 socket, an infinite loop</dt>
-<dt>occurs causing a remote Denial of Service.</dt>
-<dd>
-<p>Reported to security team: 25th June 2003<br></br>Issue public:
- 9th July 2003<br></br>Update released: 9th July 2003<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39,
- 2.0.37, 2.0.36, 2.0.35</p>
-</dd>
-</dl>
-<h1 id="2.0.46">Fixed in Apache httpd 2.0.46</h1>
-<dl>
-<dd>
-<p><strong>critical:</strong>  <strong><name name="CVE-2003-0245">APR remote crash</name></strong></p>
-<p><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0245">CVE-2003-0245</a> 
-A vulnerability in the apr_psprintf function in the Apache Portable Runtime
-(APR) library allows remote attackers to cause a denial of service (crash)
-and possibly execute arbitrary code via long strings, as demonstrated using
-XML objects to mod_dav, and possibly other vectors.</p>
-</dd>
-<dd>
-<p>Reported to security team: 9th April 2003<br></br>Issue public:
- 28th May 2003<br></br>Update released: 28th May 2003<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37</p>
-</dd>
-<dd>
-<p><strong>important:</strong>  <strong><name name="CVE-2003-0189">Basic Authentication
-  DoS</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0189">CVE-2003-0189</a> </p>
-</dd>
-<dt>A build system problem in Apache 2.0.40 through 2.0.45 allows remote</dt>
-<dt>attackers to cause a denial of access to authenticated content when a</dt>
-<dt>threaded server is used.</dt>
-<dd>
-<p>Reported to security team: 25th April 2003<br></br>Issue public:
- 28th May 2003<br></br>Update released: 28th May 2003<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40</p>
-</dd>
-<dd>
-<p><strong>important:</strong>  <strong><name name="CVE-2003-0134">OS2 device name
-  DoS</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0134">CVE-2003-0134</a> </p>
-</dd>
-<dt>Apache on OS2 up to and including Apache 2.0.45 have a Denial of Service</dt>
-<dt>vulnerability caused by device names.</dt>
-<dd>
-<p>Issue public: 31st March 2003<br></br>Update released:
- 28th May 2003<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.45, 2.0.44?, 2.0.43?, 2.0.42?, 2.0.40?, 2.0.39?,
- 2.0.37?, 2.0.36?, 2.0.35?</p>
-</dd>
-<dd>
-<p><strong>low:</strong>  <strong><name name="CVE-2003-0083">Filtered escape
-  sequences</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0083">CVE-2003-0083</a> </p>
-</dd>
-<dt>Apache did not filter terminal escape sequences from its access logs, which</dt>
-<dt>could make it easier for attackers to insert those sequences into terminal</dt>
-<dt>emulators containing vulnerabilities related to escape sequences.</dt>
-<dd>
-<p>Issue public: 24th February 2003<br></br>Update released:
- 2nd April 2004<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37,
- 2.0.36, 2.0.35</p>
-</dd>
-</dl>
-<h1 id="2.0.45">Fixed in Apache httpd 2.0.45</h1>
-<dl>
-<dd><strong>important:</strong>  <strong><name name="CVE-2003-0132">Line feed memory leak
-  DoS</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0132">CVE-2003-0132</a> </dd>
-<dt>Apache 2.0 versions before Apache 2.0.45 had a significant Denial of</dt>
-<dt>Service vulnerability. Remote attackers could cause a denial of service</dt>
-<dt>(memory consumption) via large chunks of linefeed characters, which causes</dt>
-<dt>Apache to allocate 80 bytes for each linefeed.</dt>
-<dd>
-<p>Issue public: 2nd April 2004<br></br>Update released:
- 2nd April 2004<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36,
- 2.0.35</p>
-</dd>
-</dl>
-<h1 id="2.0.44">Fixed in Apache httpd 2.0.44</h1>
-<dl>
-<dd><strong>critical:</strong>  <strong><name name="CVE-2003-0016">MS-DOS device name
-  filtering</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0016">CVE-2003-0016</a> </dd>
-<dt>On Windows platforms Apache did not correctly filter MS-DOS device names</dt>
-<dt>which could lead to denial of service attacks or remote code execution.</dt>
-<dd>
-<p>Reported to security team: 4th December 2002<br></br>Issue public:
- 20th January 2003<br></br>Update released:
- 20th January 2003<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.43, 2.0.42?, 2.0.40?, 2.0.39?, 2.0.37?, 2.0.36?, 2.0.35?</p>
-</dd>
-<dd>
-<p><strong>important:</strong>  <strong><name name="CVE-2003-0017">Apache can serve
-  unexpected files</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0017">CVE-2003-0017</a> </p>
-</dd>
-<dt>On Windows platforms Apache could be forced to serve unexpected files by</dt>
-<dt>appending illegal characters such as '&lt;' to the request URL</dt>
-<dd>
-<p>Reported to security team: 15th November 2002<br></br>Issue public:
- 20th January 2003<br></br>Update released:
- 20th January 2003<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.43, 2.0.42?, 2.0.40?, 2.0.39?, 2.0.37?, 2.0.36?, 2.0.35?</p>
-</dd>
-</dl>
-<h1 id="2.0.43">Fixed in Apache httpd 2.0.43</h1>
-<dl>
-<dd><strong>low:</strong>  <strong><name name="CVE-2002-0840">Error page XSS using wildcard
-  DNS</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0840">CVE-2002-0840</a> </dd>
-<dt>Cross-site scripting (XSS) vulnerability in the default error page of</dt>
-<dt>Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is</dt>
-<dt>"Off" and support for wildcard DNS is present, allows remote attackers to</dt>
-<dt>execute script as other web page visitors via the Host: header.</dt>
-<dd>
-<p>Reported to security team: 20th September 2002<br></br>Issue public:
- 2nd October 2002<br></br>Update released:
- 3rd October 2002<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
-</dd>
-<dd>
-<p><strong>moderate:</strong>  <strong><name name="CVE-2002-1156">CGI scripts source
-  revealed using WebDAV</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1156">CVE-2002-1156</a> </p>
-</dd>
-<dt>In Apache 2.0.42 only, for a location where both WebDAV and CGI were</dt>
-<dt>enabled, a POST request to a CGI script would reveal the CGI source to a</dt>
-<dt>remote user.</dt>
-<dd>
-<p>Update released: 3rd October 2002<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.42</p>
-</dd>
-</dl>
-<h1 id="2.0.42">Fixed in Apache httpd 2.0.42</h1>
-<dl>
-<dd><strong>moderate:</strong>  <strong><name name="CVE-2002-1593">mod_dav crash</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1593">CVE-2002-1593</a> </dd>
-<dt>A flaw was found in handling of versioning hooks in mod_dav. An attacker</dt>
-<dt>could send a carefully crafted request in such a way to cause the child</dt>
-<dt>process handling the connection to crash. This issue will only result in a</dt>
-<dt>denial of service where a threaded process model is in use.</dt>
-<dd>
-<p>Issue public: 19th September 2002<br></br>Update released:
- 24th September 2002<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
-</dd>
-</dl>
-<h1 id="2.0.40">Fixed in Apache httpd 2.0.40</h1>
-<dl>
-<dd><strong>important:</strong>  <strong><name name="CVE-2002-0661">Path
-  vulnerability</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0661">CVE-2002-0661</a> </dd>
-<dt>Certain URIs would bypass security and allow users to invoke or access any</dt>
-<dt>file depending on the system configuration. Affects Windows, OS2, Netware</dt>
-<dt>and Cygwin platforms only.</dt>
-<dd>
-<p>Reported to security team: 7th August 2002<br></br>Issue public:
- 9th August 2002<br></br>Update released: 9th August 2002<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.39, 2.0.37, 2.0.36, 2.0.35</p>
-</dd>
-<dd>
-<p><strong>low:</strong>  <strong><name name="CVE-2002-0654">Path revealing
-  exposures</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0654">CVE-2002-0654</a> </p>
-</dd>
-<dt>A path-revealing exposure was present in multiview type map negotiation</dt>
-<dt>(such as the default error documents) where a module would report the full</dt>
-<dt>path of the typemapped.var file when multiple documents or no documents</dt>
-<dt>could be served. Additionally a path-revealing exposure in cgi/cgid when</dt>
-<dt>Apache fails to invoke a script. The modules would report "couldn't create</dt>
-<dt>child process /path-to-script/script.pl" revealing the full path of the</dt>
-<dt>script.</dt>
-<dd>
-<p>Reported to security team: 5th July 2002<br></br>Issue public:
- 9th August 2002<br></br>Update released: 9th August 2002<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.39, 2.0.37?, 2.0.36?, 2.0.35?</p>
-</dd>
-</dl>
-<h1 id="2.0.37">Fixed in Apache httpd 2.0.37</h1>
-<dl>
-<dd><strong>critical:</strong>  <strong><name name="CVE-2002-0392">Apache Chunked encoding
-  vulnerability</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0392">CVE-2002-0392</a> </dd>
-<dt>Malicious requests can cause various effects ranging from a relatively</dt>
-<dt>harmless increase in system resources through to denial of service attacks</dt>
-<dt>and in some cases the ability to execute arbitrary remote code.</dt>
-<dd>
-<p>Reported to security team: 27th May 2002<br></br>Issue public:
- 17th June 2002<br></br>Update released: 18th June 2002<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.36, 2.0.35</p>
-</dd>
-</dl>
-<h1 id="2.0.36">Fixed in Apache httpd 2.0.36</h1>
-<dl>
-<dd><strong>low:</strong>  <strong><name name="CVE-2002-1592">Warning messages could be
-  displayed to users</name></strong> 
-  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1592">CVE-2002-1592</a> </dd>
-<dt>In some cases warning messages could get returned to end users in addition</dt>
-<dt>to being recorded in the error log. This could reveal the path to a CGI</dt>
-<dt>script for example, a minor security exposure.</dt>
-<dd>
-<p>Issue public: 22nd April 2002<br></br>Update released:
- 8th May 2002<br></br></p>
-</dd>
-<dd>
-<p>Affected: 2.0.35</p>
-</dd>
+arguments, preventing this attack.
+</p>
+    <p>
+Resolution: Update APR to release 0.9.20 (to be bundled with httpd 2.0.65)
+</p>
+  </dd>
+  <dd>
+    <p>Acknowledgements: 
+This issue was reported by Maksymilian Arciemowicz
+</p>
+  </dd>
+  <dd>
+  Reported to security team: 2nd March 2011<br/>
+  Issue public: 10th May 2011<br/></dd>
+  <dd>
+  Update Released: 21st May 2011<br/></dd>
+  <dd>
+      Affects: 
+    2.0.64, 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
+</dl><h1 id="2.0.64">
+Fixed in Apache httpd 2.0.64</h1><dl>
+  <dd>
+    <b>important: </b>
+    <b>
+      <name name="CVE-2010-0425">mod_isapi module unload flaw</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0425">CVE-2010-0425</a>
+    <p>
+A flaw was found with within mod_isapi which would attempt to unload the ISAPI dll when it
+encountered various error states.  This could leave the callbacks in an
+undefined state and result in a segfault.  On Windows platforms using mod_isapi, a 
+remote attacker could send a malicious request to trigger this issue, and as win32 MPM runs only one
+process, this would result in a denial of service, and potentially allow
+arbitrary code execution.
+</p>
+  </dd>
+  <dd>
+    <p>Acknowledgements: 
+We would like to thank Brett Gervasoni of Sense of Security for reporting and
+proposing a patch fix for this issue.
+</p>
+  </dd>
+  <dd>
+  Reported to security team: 9th February 2010<br/>
+  Issue public: 2nd March 2010<br/></dd>
+  <dd>
+  Update Released: 19th October 2010<br/></dd>
+  <dd>
+      Affects: 
+    2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37<p/></dd>
+  <dd>
+    <b>low: </b>
+    <b>
+      <name name="CVE-2009-3720">expat DoS</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720">CVE-2009-3720</a>
+    <p>
+A buffer over-read flaw was found in the bundled expat
+library.  An attacker who is able to get Apache to parse
+an untrused XML document (for example through mod_dav) may
+be able to cause a crash.  This crash would only
+be a denial of service if using the worker MPM.
+</p>
+  </dd>
+  <dd>
+  Reported to security team: 21st August 2009<br/>
+  Issue public: 17th January 2009<br/></dd>
+  <dd>
+  Update Released: 19th October 2010<br/></dd>
+  <dd>
+      Affects: 
+    2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
+  <dd>
+    <b>low: </b>
+    <b>
+      <name name="CVE-2009-3560">expat DoS</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560">CVE-2009-3560</a>
+    <p>
+A buffer over-read flaw was found in the bundled expat
+library.  An attacker who is able to get Apache to parse
+an untrused XML document (for example through mod_dav) may
+be able to cause a crash.  This crash would only                                                                                                                  
+be a denial of service if using the worker MPM.
+</p>
+  </dd>
+  <dd>
+  Issue public: 2nd December 2009<br/></dd>
+  <dd>
+  Update Released: 19th October 2010<br/></dd>
+  <dd>
+      Affects: 
+    2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
+  <dd>
+    <b>low: </b>
+    <b>
+      <name name="CVE-2010-1623">apr_bridage_split_line DoS</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1623">CVE-2010-1623</a>
+    <p>
+A flaw was found in the apr_brigade_split_line() function of the bundled
+APR-util library, used to process non-SSL requests.  A remote attacker
+could send requests, carefully crafting the timing of individual bytes,
+which would slowly consume memory, potentially leading to a denial of
+service.
+</p>
+  </dd>
+  <dd>
+  Reported to security team: 3rd March 2010<br/>
+  Issue public: 1st October 2010<br/></dd>
+  <dd>
+  Update Released: 19th October 2010<br/></dd>
+  <dd>
+      Affects: 
+    2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
+  <dd>
+    <b>low: </b>
+    <b>
+      <name name="CVE-2010-1452">mod_dav DoS</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1452">CVE-2010-1452</a>
+    <p>
+A flaw was found in the handling of requests by mod_dav.  A malicious remote
+attacker could send a carefully crafted request and cause a httpd child process
+to crash.  This crash would only be a denial of service if using the worker MPM.
+This issue is further mitigated as mod_dav is only affected by requests that are 
+most likely to be authenticated.
+</p>
+  </dd>
+  <dd>
+    <p>Acknowledgements: 
+This issue was reported by Mark Drayton.
+</p>
+  </dd>
+  <dd>
+  Reported to security team: 4th May 2010<br/>
+  Issue public: 25th July 2010<br/></dd>
+  <dd>
+  Update Released: 19th October 2010<br/></dd>
+  <dd>
+      Affects: 
+    2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
+  <dd>
+    <b>low: </b>
+    <b>
+      <name name="CVE-2009-2412">APR apr_palloc heap overflow</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412">CVE-2009-2412</a>
+    <p>
+A flaw in apr_palloc() in the bundled copy of APR could
+cause heap overflows in programs that try to apr_palloc() a user
+controlled size.  The Apache HTTP Server itself does not pass 
+unsanitized user-provided sizes to this function, so it could only
+be triggered through some other application which uses apr_palloc()
+in a vulnerable way.
+</p>
+  </dd>
+  <dd>
+  Reported to security team: 27th July 2009<br/>
+  Issue public: 4th August 2009<br/></dd>
+  <dd>
+  Update Released: 19th October 2010<br/></dd>
+  <dd>
+      Affects: 
+    2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
+  <dd>
+    <b>low: </b>
+    <b>
+      <name name="CVE-2009-1891">mod_deflate DoS</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891">CVE-2009-1891</a>
+    <p>
+A denial of service flaw was found in the mod_deflate module. This
+module continued to compress large files until compression was
+complete, even if the network connection that requested the content
+was closed before compression completed. This would cause mod_deflate
+to consume large amounts of CPU if mod_deflate was enabled for a large
+file.</p>
+  </dd>
+  <dd>
+  Issue public: 26th June 2009<br/></dd>
+  <dd>
+  Update Released: 19th October 2010<br/></dd>
+  <dd>
+      Affects: 
+    2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
+  <dd>
+    <b>low: </b>
+    <b>
+      <name name="CVE-2009-3095">mod_proxy_ftp FTP command injection</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095">CVE-2009-3095</a>
+    <p>
+A flaw was found in the mod_proxy_ftp module. In a reverse proxy
+configuration, a remote attacker could use this flaw to bypass
+intended access restrictions by creating a carefully-crafted HTTP
+Authorization header, allowing the attacker to send arbitrary commands
+to the FTP server.
+</p>
+  </dd>
+  <dd>
+  Reported to security team: 3rd September 2009<br/>
+  Issue public: 3rd August 2009<br/></dd>
+  <dd>
+  Update Released: 19th October 2010<br/></dd>
+  <dd>
+      Affects: 
+    2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
+  <dd>
+    <b>low: </b>
+    <b>
+      <name name="CVE-2009-3094">mod_proxy_ftp DoS</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094">CVE-2009-3094</a>
+    <p>
+A NULL pointer dereference flaw was found in the mod_proxy_ftp
+module. A malicious FTP server to which requests are being proxied
+could use this flaw to crash an httpd child process via a malformed
+reply to the EPSV or PASV commands, resulting in a limited denial of
+service.
+</p>
+  </dd>
+  <dd>
+  Reported to security team: 4th September 2009<br/>
+  Issue public: 2nd August 2009<br/></dd>
+  <dd>
+  Update Released: 19th October 2010<br/></dd>
+  <dd>
+      Affects: 
+    2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
+  <dd>
+    <b>low: </b>
+    <b>
+      <name name="CVE-2010-0434">Subrequest handling of request headers (mod_headers)</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0434">CVE-2010-0434</a>
+    <p>
+A flaw in the core subrequest process code was fixed, to always provide a shallow copy of the headers_in
+array to the subrequest, instead of a pointer to the parent request's array
+as it had for requests without request bodies.  This meant all modules such
+as mod_headers which may manipulate the input headers for a subrequest would
+poison the parent request in two ways, one by modifying the parent request,
+which might not be intended, and second by leaving pointers to modified header
+fields in memory allocated to the subrequest scope, which could be freed
+before the main request processing was finished, resulting in a segfault or
+in revealing data from another request on threaded servers, such as the worker
+or winnt MPMs.
+</p>
+  </dd>
+  <dd>
+    <p>Acknowledgements: 
+We would like to thank Philip Pickett of VMware for reporting and proposing a 
+fix for this issue.
+</p>
+  </dd>
+  <dd>
+  Issue public: 9th December 2009<br/></dd>
+  <dd>
+  Update Released: 19th October 2010<br/></dd>
+  <dd>
+      Affects: 
+    2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
+  <dd>
+    <b>low: </b>
+    <b>
+      <name name="CVE-2008-2939">mod_proxy_ftp globbing XSS</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939">CVE-2008-2939</a>
+    <p>
+A flaw was found in the handling of wildcards in the path of a FTP
+URL with mod_proxy_ftp.  If mod_proxy_ftp is enabled to support
+FTP-over-HTTP, requests containing globbing characters could lead
+to cross-site scripting (XSS) attacks.</p>
+  </dd>
+  <dd>
+  Reported to security team: 28th July 2008<br/>
+  Issue public: 5th August 2008<br/></dd>
+  <dd>
+  Update Released: 19th October 2010<br/></dd>
+  <dd>
+      Affects: 
+    2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
+  <dd>
+    <b>moderate: </b>
+    <b>
+      <name name="CVE-2008-2364">mod_proxy_http DoS</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364">CVE-2008-2364</a>
+    <p>
+A flaw was found in the handling of excessive interim responses
+from an origin server when using mod_proxy_http.  A remote attacker
+could cause a denial of service or high memory usage.</p>
+  </dd>
+  <dd>
+  Reported to security team: 29th May 2008<br/>
+  Issue public: 10th June 2008<br/></dd>
+  <dd>
+  Update Released: 19th October 2010<br/></dd>
+  <dd>
+      Affects: 
+    2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
+</dl><h1 id="2.0.63">
+Fixed in Apache httpd 2.0.63</h1><dl>
+  <dd>
+    <b>low: </b>
+    <b>
+      <name name="CVE-2008-0005">mod_proxy_ftp UTF-7 XSS</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005">CVE-2008-0005</a>
+    <p>
+A workaround was added in the mod_proxy_ftp module. On sites where
+mod_proxy_ftp is enabled and a forward proxy is configured, a
+cross-site scripting attack is possible against Web browsers which do
+not correctly derive the response character set following the rules in
+RFC 2616. 
+</p>
+  </dd>
+  <dd>
+  Reported to security team: 15th December 2007<br/>
+  Issue public: 8th January 2008<br/></dd>
+  <dd>
+  Update Released: 19th January 2008<br/></dd>
+  <dd>
+      Affects: 
+    2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
+  <dd>
+    <b>moderate: </b>
+    <b>
+      <name name="CVE-2007-6388">mod_status XSS</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388">CVE-2007-6388</a>
+    <p>
+A flaw was found in the mod_status module. On sites where mod_status is
+enabled and the status pages were publicly accessible, a cross-site
+scripting attack is possible.
+Note that the server-status page is not enabled by default and it is best practice to not make this publicly available.</p>
+  </dd>
+  <dd>
+  Reported to security team: 15th December 2007<br/>
+  Issue public: 2nd January 2008<br/></dd>
+  <dd>
+  Update Released: 19th January 2008<br/></dd>
+  <dd>
+      Affects: 
+    2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
+  <dd>
+    <b>moderate: </b>
+    <b>
+      <name name="CVE-2007-5000">mod_imap XSS</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000">CVE-2007-5000</a>
+    <p>
+A flaw was found in the mod_imap module. On sites where
+mod_imap is enabled and an imagemap file is publicly available, a
+cross-site scripting attack is possible.</p>
+  </dd>
+  <dd>
+  Reported to security team: 23rd October 2007<br/>
+  Issue public: 11th December 2007<br/></dd>
+  <dd>
+  Update Released: 19th January 2008<br/></dd>
+  <dd>
+      Affects: 
+    2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
+</dl><h1 id="2.0.61">
+Fixed in Apache httpd 2.0.61</h1><dl>
+  <dd>
+    <b>moderate: </b>
+    <b>
+      <name name="CVE-2007-3847">mod_proxy crash</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847">CVE-2007-3847</a>
+    <p>
+A flaw was found in the Apache HTTP Server mod_proxy module. On sites where
+a reverse proxy is configured, a remote attacker could send a carefully
+crafted request that would cause the Apache child process handling that
+request to crash. On sites where a forward proxy is configured, an attacker
+could cause a similar crash if a user could be persuaded to visit a
+malicious site using the proxy. This could lead to a denial of service if
+using a threaded Multi-Processing Module.</p>
+  </dd>
+  <dd>
+  Issue public: 10th December 2006<br/></dd>
+  <dd>
+  Update Released: 7th September 2007<br/></dd>
+  <dd>
+      Affects: 
+    2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
+  <dd>
+    <b>moderate: </b>
+    <b>
+      <name name="CVE-2006-5752">mod_status cross-site scripting</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752">CVE-2006-5752</a>
+    <p>
+A flaw was found in the mod_status module. On sites where the
+server-status page is publicly accessible and ExtendedStatus is
+enabled this could lead to a cross-site scripting attack.
+Note that the server-status
+page is not enabled by default and it is best practice to not make
+this publicly available.</p>
+  </dd>
+  <dd>
+  Reported to security team: 19th October 2006<br/>
+  Issue public: 20th June 2007<br/></dd>
+  <dd>
+  Update Released: 7th September 2007<br/></dd>
+  <dd>
+      Affects: 
+    2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
+  <dd>
+    <b>moderate: </b>
+    <b>
+      <name name="CVE-2007-3304">Signals to arbitrary processes</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304">CVE-2007-3304</a>
+    <p>The Apache HTTP server did not verify that a process
+was an Apache child process before sending it signals. A local
+attacker with the ability to run scripts on the HTTP server could
+manipulate the scoreboard and cause arbitrary processes to be
+terminated which could lead to a denial of service.</p>
+  </dd>
+  <dd>
+  Reported to security team: 15th May 2006<br/>
+  Issue public: 19th June 2007<br/></dd>
+  <dd>
+  Update Released: 7th September 2007<br/></dd>
+  <dd>
+      Affects: 
+    2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
+  <dd>
+    <b>moderate: </b>
+    <b>
+      <name name="CVE-2007-1863">mod_cache proxy DoS</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863">CVE-2007-1863</a>
+    <p>A bug was found in the mod_cache module. On sites where
+caching is enabled, a remote attacker could send a carefully crafted
+request that would cause the Apache child process handling that request to
+crash. This could lead to a denial of service if using a threaded
+Multi-Processing Module.</p>
+  </dd>
+  <dd>
+  Reported to security team: 2nd May 2007<br/>
+  Issue public: 18th June 2007<br/></dd>
+  <dd>
+  Update Released: 7th September 2007<br/></dd>
+  <dd>
+      Affects: 
+    2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37<p/></dd>
+</dl><h1 id="2.0.59">
+Fixed in Apache httpd 2.0.59</h1><dl>
+  <dd>
+    <b>important: </b>
+    <b>
+      <name name="CVE-2006-3747">mod_rewrite off-by-one error</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3747">CVE-2006-3747</a>
+    <p>
+An off-by-one flaw exists in the Rewrite module, mod_rewrite.
+Depending on the manner in which Apache httpd was compiled, this
+software defect may result in a vulnerability which, in combination
+with certain types of Rewrite rules in the web server configuration
+files, could be triggered remotely.  For vulnerable builds, the nature
+of the vulnerability can be denial of service (crashing of web server
+processes) or potentially allow arbitrary code execution.
+</p>
+  </dd>
+  <dd>
+  Reported to security team: 21st July 2006<br/>
+  Issue public: 27th July 2006<br/></dd>
+  <dd>
+  Update Released: 27th July 2006<br/></dd>
+  <dd>
+      Affects: 
+    2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46<p/></dd>
+</dl><h1 id="2.0.58">
+Fixed in Apache httpd 2.0.58</h1><dl>
+  <dd>
+    <b>low: </b>
+    <b>
+      <name name="CVE-2005-3357">mod_ssl access control DoS</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3357">CVE-2005-3357</a>
+    <p>
+A NULL pointer dereference flaw in mod_ssl was discovered affecting server
+configurations where an SSL virtual host is configured with access control
+and a custom 400 error document. A remote attacker could send a carefully
+crafted request to trigger this issue which would lead to a crash. This
+crash would only be a denial of service if using the worker MPM.
+</p>
+  </dd>
+  <dd>
+  Reported to security team: 5th December 2005<br/>
+  Issue public: 12th December 2005<br/></dd>
+  <dd>
+  Update Released: 1st May 2006<br/></dd>
+  <dd>
+      Affects: 
+    2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
+  <dd>
+    <b>moderate: </b>
+    <b>
+      <name name="CVE-2005-3352">mod_imap Referer Cross-Site Scripting</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352">CVE-2005-3352</a>
+    <p>
+A flaw in mod_imap when using the Referer directive with image maps.
+In certain site configurations a remote attacker could perform a cross-site
+scripting attack if a victim can be forced to visit a malicious 
+URL using certain web browsers.  
+</p>
+  </dd>
+  <dd>
+  Reported to security team: 1st November 2005<br/>
+  Issue public: 12th December 2005<br/></dd>
+  <dd>
+  Update Released: 1st May 2006<br/></dd>
+  <dd>
+      Affects: 
+    2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
+</dl><h1 id="2.0.55">
+Fixed in Apache httpd 2.0.55</h1><dl>
+  <dd>
+    <b>important: </b>
+    <b>
+      <name name="CVE-2005-2700">SSLVerifyClient bypass</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2700">CVE-2005-2700</a>
+    <p>
+A flaw in the mod_ssl handling of the "SSLVerifyClient"
+directive. This flaw would occur if a virtual host has been configured
+using "SSLVerifyClient optional" and further a directive "SSLVerifyClient
+required" is set for a specific location.  For servers configured in this
+fashion, an attacker may be able to access resources that should otherwise
+be protected, by not supplying a client certificate when connecting.
+</p>
+  </dd>
+  <dd>
+  Issue public: 30th August 2005<br/></dd>
+  <dd>
+  Update Released: 14th October 2005<br/></dd>
+  <dd>
+      Affects: 
+    2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
+  <dd>
+    <b>low: </b>
+    <b>
+      <name name="CVE-2005-2970">Worker MPM memory leak</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2970">CVE-2005-2970</a>
+    <p>
+A memory leak in the worker MPM would allow remote attackers to cause
+a denial of service (memory consumption) via aborted connections,
+which prevents the memory for the transaction pool from being reused
+for other connections.  This issue was downgraded in severity to low
+(from moderate) as sucessful exploitation of the race condition would
+be difficult.
+</p>
+  </dd>
+  <dd/>
+  <dd>
+  Update Released: 14th October 2005<br/></dd>
+  <dd>
+      Affects: 
+    2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36<p/></dd>
+  <dd>
+    <b>low: </b>
+    <b>
+      <name name="CVE-2005-2491">PCRE overflow</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2491">CVE-2005-2491</a>
+    <p>
+An integer overflow flaw was found in PCRE, a Perl-compatible regular
+expression library included within httpd.  A local user who has the
+ability to create .htaccess files could create a maliciously crafted
+regular expression in such as way that they could gain the privileges
+of a httpd child.
+</p>
+  </dd>
+  <dd>
+  Issue public: 1st August 2005<br/></dd>
+  <dd>
+  Update Released: 14th October 2005<br/></dd>
+  <dd>
+      Affects: 
+    2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
+  <dd>
+    <b>low: </b>
+    <b>
+      <name name="CVE-2005-1268">Malicious CRL off-by-one</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1268">CVE-2005-1268</a>
+    <p>
+An off-by-one stack overflow was discovered in the mod_ssl CRL
+verification callback. In order to exploit this issue the Apache
+server would need to be configured to use a malicious certificate
+revocation list (CRL)
+</p>
+  </dd>
+  <dd>
+  Issue public: 8th June 2005<br/></dd>
+  <dd>
+  Update Released: 14th October 2005<br/></dd>
+  <dd>
+      Affects: 
+    2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
+  <dd>
+    <b>moderate: </b>
+    <b>
+      <name name="CVE-2005-2728">Byterange filter DoS</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2728">CVE-2005-2728</a>
+    <p>
+A flaw in the byterange filter would cause some responses to be buffered
+into memory. If a server has a dynamic resource such as a CGI
+script or PHP script which generates a large amount of data, an attacker
+could send carefully crafted requests in order to consume resources,
+potentially leading to a Denial of Service. 
+</p>
+  </dd>
+  <dd>
+  Issue public: 7th July 2005<br/></dd>
+  <dd>
+  Update Released: 14th October 2005<br/></dd>
+  <dd>
+      Affects: 
+    2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
+  <dd>
+    <b>moderate: </b>
+    <b>
+      <name name="CVE-2005-2088">HTTP Request Spoofing</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2088">CVE-2005-2088</a>
+    <p>
+A flaw occured when using the Apache server as a HTTP proxy. A remote
+attacker could send a HTTP request with both a "Transfer-Encoding:
+chunked" header and a Content-Length header, causing Apache to
+incorrectly handle and forward the body of the request in a way that
+causes the receiving server to process it as a separate HTTP request.
+This could allow the bypass of web application firewall protection or
+lead to cross-site scripting (XSS) attacks.
+</p>
+  </dd>
+  <dd>
+  Issue public: 11th June 2005<br/></dd>
+  <dd>
+  Update Released: 14th October 2005<br/></dd>
+  <dd>
+      Affects: 
+    2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
+</dl><h1 id="2.0.53">
+Fixed in Apache httpd 2.0.53</h1><dl>
+  <dd>
+    <b>important: </b>
+    <b>
+      <name name="CVE-2004-0942">Memory consumption DoS</name>
+    </b>
+    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0942">CVE-2004-0942</a>
+    <p>
+An issue was discovered where the field length limit was not enforced
+for certain malicious requests.  This could allow a remote attacker who
+is able to send large amounts of data to a server the ability to cause
+Apache children to consume proportional amounts of memory, leading to
+a denial of service.
+</p>
+  </dd>
+  <dd>
+  Reported to security team: 28th October 2004<br/>
+  Issue public: 1st November 2004<br/></dd>
+  <dd>
+  Update Released: 8th February 2005<br/></dd>
+  <dd>
+      Affects: 
+    2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/></dd>
+  <dd>
+    <b>low: </b>
+    <b>

[... 689 lines stripped ...]


Mime
View raw message