httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark J Cox <>
Subject Security release needed for 2.0
Date Fri, 09 Sep 2005 09:22:21 GMT
We've a few security issues fixed recently that haven't made it out into 
releases from the ASF, but have made it out into releases from the various 
OS vendors.  One issue is "important" severity, and public now for 10 

I don't watch this list much, are there other things holding up a release?  
If so we ought to consider doing a 2.0.55 with just fixes for these issues
over 2.0.54:

CAN-2005-2700 important: SSLVerifyClient bypass

	A flaw in the mod_ssl handling of the "SSLVerifyClient"  
	directive. This flaw would occur if a virtual host has been
	configured using "SSLVerifyClient optional" and further a
	directive "SSLVerifyClient required" is set for a specific
	location.  For servers configured in this fashion, an attacker may
	be able to access resources that should otherwise be protected, by
	not supplying a client certificate when connecting.
	[*** needs committing]

CAN-2005-2728 moderate: Byterange filter DoS

	A flaw in the byterange filter would cause some responses to be
	buffered into memory. If a server has a dynamic resource such as a
	CGI script or PHP script which generates a large amount of data,
	an attacker could send carefully crafted requests in order to
	consume resources, potentially leading to a Denial of Service.

CAN-2005-2088 moderate: HTTP Request Spoofing

	A flaw occured when using the Apache server as a HTTP proxy. A
	remote attacker could send a HTTP request with both a
	"Transfer-Encoding:  chunked" header and a Content-Length header,
	causing Apache to incorrectly handle and forward the body of the
	request in a way that causes the receiving server to process it as
	a separate HTTP request.  This could allow the bypass of web
	application firewall protection or lead to cross-site scripting
	(XSS) attacks.

CAN-2005-1268 low: Malicious CRL off-by-one

	An off-by-one stack overflow was discovered in the mod_ssl CRL
	verification callback. In order to exploit this issue the Apache
	server would need to be configured to use a malicious certificate
	revocation list (CRL)

CAN-2005-2491 low: PCRE overflow

	An integer overflow flaw was found in PCRE, a Perl-compatible
	regular expression library included within httpd.  A local user
	who has the ability to create .htaccess files could create a
	maliciously crafted regular expression in such as way that they
	could gain the privileges of a httpd child.
	[*** needs committing]

View raw message