You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by hu...@apache.org on 2012/05/06 15:14:50 UTC
svn commit: r1334622 [25/29] - in /httpd/site/trunk: cgi-bin/ content/
content/apreq/ content/apreq/docs/ content/apreq/docs/libapreq2/
content/contributors/ content/css/ content/dev/ content/dev/images/
content/dev/whiteboard/ content/docs-project/ co...
Propchange: httpd/site/trunk/content/security/vulnerabilities-httpd.xml
------------------------------------------------------------------------------
svn:eol-style = native
Added: httpd/site/trunk/content/security/vulnerabilities_13.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/security/vulnerabilities_13.xml?rev=1334622&view=auto
==============================================================================
--- httpd/site/trunk/content/security/vulnerabilities_13.xml (added)
+++ httpd/site/trunk/content/security/vulnerabilities_13.xml Sun May 6 13:14:42 2012
@@ -0,0 +1,923 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<document>
+<properties>
+<author email="security@httpd.apache.org">Apache HTTP Server Security Team</author>
+<title>Apache httpd 1.3 vulnerabilities</title>
+</properties>
+<body>
+<section id="top">
+<title>Apache httpd 1.3 vulnerabilities</title>
+<p>This page lists all security vulnerabilities fixed in released
+versions of Apache httpd 1.3. Each
+vulnerability is given a security <a href="/security/impact_levels.html">impact rating</a> by the Apache
+security team - please note that this rating may well vary from
+platform to platform. We also list the versions of Apache httpd the
+flaw is known to affect, and where a flaw has not been verified list
+the version with a question mark. </p>
+<p> Please note that if a vulnerability is shown below as being fixed
+in a "-dev" release then this means that a fix has been applied to
+the development source tree and will be part of an upcoming full release.</p>
+<p> This page is created from a database of vulnerabilities originally
+populated by Apache Week. Please send comments or corrections for
+these vulnerabilities to the <a href="/security_report.html">Security
+Team</a>. </p>
+</section>
+<section id="1.3-never">
+<title>
+Not fixed in Apache httpd 1.3</title>
+<dl>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2011-3368">mod_proxy reverse proxy exposure</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368">CVE-2011-3368</a>
+<p>
+An exposure was found when using mod_proxy in reverse proxy mode.
+In certain configurations using RewriteRule with proxy flag,
+a remote attacker could cause the reverse proxy to
+connect to an arbitrary server, possibly disclosing sensitive
+information from internal web servers not directly accessible to
+attacker.</p>
+<p>No update of 1.3 will be released. Patches will be published to
+<a href="http://archive.apache.org/dist/httpd/patches/apply_to_1.3.42/">http://archive.apache.org/dist/httpd/patches/apply_to_1.3.42/</a>
+</p>
+</dd>
+<dd>
+<p>Acknowledgements:
+This issue was reported by Context Information Security Ltd
+</p>
+</dd>
+<dd>
+ Reported to security team: 16th September 2011<br/>
+ Issue public: 5th October 2011<br/>
+</dd>
+<dd>
+ Affected:
+ 1.3.42, 1.3.41, 1.3.39, 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2<p/>
+</dd>
+</dl>
+</section>
+<section id="1.3.42">
+<title>
+Fixed in Apache httpd 1.3.42</title>
+<dl>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2010-0010">mod_proxy overflow on 64-bit systems</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0010">CVE-2010-0010</a>
+<p>
+An incorrect conversion between numeric types flaw was found in the
+mod_proxy module which affects some 64-bit architecture systems. A
+malicious HTTP server to which requests are being proxied could use
+this flaw to trigger a heap buffer overflow in an httpd child process
+via a carefully crafted response.
+</p>
+</dd>
+<dd>
+ Reported to security team: 30th December 2009<br/>
+ Issue public: 7th December 2010<br/>
+ Update released: 3rd February 2010<br/>
+</dd>
+<dd>
+ Affected:
+ 1.3.41, 1.3.39, 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2<p/>
+</dd>
+</dl>
+</section>
+<section id="1.3.41">
+<title>
+Fixed in Apache httpd 1.3.41</title>
+<dl>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2007-6388">mod_status XSS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388">CVE-2007-6388</a>
+<p>
+A flaw was found in the mod_status module. On sites where mod_status is
+enabled and the status pages were publicly accessible, a cross-site
+scripting attack is possible.
+Note that the server-status page is not enabled by default and it is best practice to not make this publicly available.</p>
+</dd>
+<dd>
+ Reported to security team: 15th December 2007<br/>
+ Issue public: 2nd January 2008<br/>
+ Update released: 19th January 2008<br/>
+</dd>
+<dd>
+ Affected:
+ 1.3.39, 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2<p/>
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2007-5000">mod_imap XSS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000">CVE-2007-5000</a>
+<p>
+A flaw was found in the mod_imap module. On sites where
+mod_imap is enabled and an imagemap file is publicly available, a
+cross-site scripting attack is possible.</p>
+</dd>
+<dd>
+ Reported to security team: 23rd October 2007<br/>
+ Issue public: 11th December 2007<br/>
+ Update released: 19th January 2008<br/>
+</dd>
+<dd>
+ Affected:
+ 1.3.39, 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/>
+</dd>
+</dl>
+</section>
+<section id="1.3.39">
+<title>
+Fixed in Apache httpd 1.3.39</title>
+<dl>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2006-5752">mod_status cross-site scripting</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752">CVE-2006-5752</a>
+<p>
+A flaw was found in the mod_status module. On sites where the
+server-status page is publicly accessible and ExtendedStatus is
+enabled this could lead to a cross-site scripting attack.
+Note that the server-status
+page is not enabled by default and it is best practice to not make
+this publicly available.</p>
+</dd>
+<dd>
+ Reported to security team: 19th October 2006<br/>
+ Issue public: 20th June 2007<br/>
+ Update released: 7th September 2007<br/>
+</dd>
+<dd>
+ Affected:
+ 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2<p/>
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2007-3304">Signals to arbitrary processes</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304">CVE-2007-3304</a>
+<p>The Apache HTTP server did not verify that a process
+was an Apache child process before sending it signals. A local
+attacker with the ability to run scripts on the HTTP server could
+manipulate the scoreboard and cause arbitrary processes to be
+terminated which could lead to a denial of service.</p>
+</dd>
+<dd>
+ Reported to security team: 15th May 2006<br/>
+ Issue public: 19th June 2007<br/>
+ Update released: 7th September 2007<br/>
+</dd>
+<dd>
+ Affected:
+ 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/>
+</dd>
+</dl>
+</section>
+<section id="1.3.37">
+<title>
+Fixed in Apache httpd 1.3.37</title>
+<dl>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2006-3747">mod_rewrite off-by-one error</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3747">CVE-2006-3747</a>
+<p>
+An off-by-one flaw exists in the Rewrite module, mod_rewrite.
+Depending on the manner in which Apache httpd was compiled, this
+software defect may result in a vulnerability which, in combination
+with certain types of Rewrite rules in the web server configuration
+files, could be triggered remotely. For vulnerable builds, the nature
+of the vulnerability can be denial of service (crashing of web server
+processes) or potentially allow arbitrary code execution.
+</p>
+</dd>
+<dd>
+ Reported to security team: 21st July 2006<br/>
+ Issue public: 27th July 2006<br/>
+ Update released: 27th July 2006<br/>
+</dd>
+<dd>
+ Affected:
+ 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28<p/>
+</dd>
+</dl>
+</section>
+<section id="1.3.35">
+<title>
+Fixed in Apache httpd 1.3.35</title>
+<dl>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2006-3918">Expect header Cross-Site Scripting</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3918">CVE-2006-3918</a>
+<p>
+A flaw in the handling of invalid Expect headers. If an attacker can
+influence the Expect header that a victim sends to a target site they
+could perform a cross-site scripting attack. It is known that
+some versions of Flash can set an arbitrary Expect header which can
+trigger this flaw. Not marked as a security issue for 2.0 or
+2.2 as the cross-site scripting is only returned to the victim after
+the server times out a connection.
+</p>
+</dd>
+<dd>
+ Issue public: 8th May 2006<br/>
+ Update released: 1st May 2006<br/>
+</dd>
+<dd>
+ Affected:
+ 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3<p/>
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2005-3352">mod_imap Referer Cross-Site Scripting</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352">CVE-2005-3352</a>
+<p>
+A flaw in mod_imap when using the Referer directive with image maps.
+In certain site configurations a remote attacker could perform a cross-site
+scripting attack if a victim can be forced to visit a malicious
+URL using certain web browsers.
+</p>
+</dd>
+<dd>
+ Reported to security team: 1st November 2005<br/>
+ Issue public: 12th December 2005<br/>
+ Update released: 1st May 2006<br/>
+</dd>
+<dd>
+ Affected:
+ 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/>
+</dd>
+</dl>
+</section>
+<section id="1.3.33">
+<title>
+Fixed in Apache httpd 1.3.33</title>
+<dl>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2004-0940">mod_include overflow</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0940">CVE-2004-0940</a>
+<p>
+A buffer overflow in mod_include could allow a local user who
+is authorised to create server side include (SSI) files to gain
+the privileges of a httpd child.
+</p>
+</dd>
+<dd>
+ Issue public: 21st October 2004<br/>
+ Update released: 28th October 2004<br/>
+</dd>
+<dd>
+ Affected:
+ 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/>
+</dd>
+</dl>
+</section>
+<section id="1.3.32">
+<title>
+Fixed in Apache httpd 1.3.32</title>
+<dl>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2004-0492">mod_proxy buffer overflow</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0492">CVE-2004-0492</a>
+<p>
+A buffer overflow was found in the Apache proxy module, mod_proxy, which
+can be triggered by receiving an invalid Content-Length header. In order
+to exploit this issue an attacker would need to get an Apache installation
+that was configured as a proxy to connect to a malicious site. This would
+cause the Apache child processing the request to crash, although this does
+not represent a significant Denial of Service attack as requests will
+continue to be handled by other Apache child processes. This issue may
+lead to remote arbitrary code execution on some BSD platforms.
+</p>
+</dd>
+<dd>
+ Reported to security team: 8th June 2003<br/>
+ Issue public: 10th June 2003<br/>
+ Update released: 20th October 2004<br/>
+</dd>
+<dd>
+ Affected:
+ 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26<p/>
+</dd>
+</dl>
+</section>
+<section id="1.3.31">
+<title>
+Fixed in Apache httpd 1.3.31</title>
+<dl>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2004-0174">listening socket starvation</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0174">CVE-2004-0174</a>
+<p>
+A starvation issue on listening sockets occurs when a short-lived
+connection on a rarely-accessed listening socket will cause a child to
+hold the accept mutex and block out new connections until another
+connection arrives on that rarely-accessed listening socket. This
+issue is known to affect some versions of AIX, Solaris, and Tru64; it
+is known to not affect FreeBSD or Linux.
+
+</p>
+</dd>
+<dd>
+ Reported to security team: 25th February 2004<br/>
+ Issue public: 18th March 2004<br/>
+ Update released: 12th May 2004<br/>
+</dd>
+<dd>
+ Affected:
+ 1.3.29, 1.3.28?, 1.3.27?, 1.3.26?, 1.3.24?, 1.3.22?, 1.3.20?, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p/>
+</dd>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2003-0993">Allow/Deny parsing on big-endian 64-bit platforms</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0993">CVE-2003-0993</a>
+<p>
+A bug in the parsing of Allow/Deny rules using IP addresses
+without a netmask on big-endian 64-bit platforms causes the rules
+to fail to match.
+</p>
+</dd>
+<dd>
+ Issue public: 15th October 2003<br/>
+ Update released: 12th May 2004<br/>
+</dd>
+<dd>
+ Affected:
+ 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/>
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2003-0020">Error log escape filtering</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0020">CVE-2003-0020</a>
+<p>
+Apache does not filter terminal escape sequences from error logs,
+which could make it easier for attackers to insert those sequences
+into terminal emulators containing vulnerabilities related to escape
+sequences.
+</p>
+</dd>
+<dd>
+ Issue public: 24th February 2003<br/>
+ Update released: 12th May 2004<br/>
+</dd>
+<dd>
+ Affected:
+ 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/>
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2003-0987">mod_digest nonce checking</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0987">CVE-2003-0987</a>
+<p>
+
+mod_digest does not properly verify the nonce of a client response by
+using a AuthNonce secret. This could allow a malicious user who is
+able to sniff network traffic to conduct a replay attack against a
+website using Digest protection. Note that mod_digest implements an
+older version of the MD5 Digest Authentication specification which
+is known not to work with modern browsers. This issue does not affect
+mod_auth_digest.
+
+</p>
+</dd>
+<dd>
+ Issue public: 18th December 2003<br/>
+ Update released: 12th May 2004<br/>
+</dd>
+<dd>
+ Affected:
+ 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/>
+</dd>
+</dl>
+</section>
+<section id="1.3.29">
+<title>
+Fixed in Apache httpd 1.3.29</title>
+<dl>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2003-0542">Local configuration regular expression overflow</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0542">CVE-2003-0542</a>
+<p>
+By using a regular expression with more than 9 captures a buffer
+overflow can occur in mod_alias or mod_rewrite. To exploit this an
+attacker would need to be able to create a carefully crafted configuration
+file (.htaccess or httpd.conf)
+</p>
+</dd>
+<dd>
+ Reported to security team: 4th August 2003<br/>
+ Issue public: 27th October 2003<br/>
+ Update released: 27th October 2003<br/>
+</dd>
+<dd>
+ Affected:
+ 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/>
+</dd>
+</dl>
+</section>
+<section id="1.3.28">
+<title>
+Fixed in Apache httpd 1.3.28</title>
+<dl>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2003-0460">RotateLogs DoS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0460">CVE-2003-0460</a>
+<p>The rotatelogs support program on Win32 and OS/2 would quit logging
+and exit if it received special control characters such as 0x1A.
+</p>
+</dd>
+<dd>
+ Reported to security team: 4th July 2003<br/>
+ Issue public: 18th July 2003<br/>
+ Update released: 18th July 2003<br/>
+</dd>
+<dd>
+ Affected:
+ 1.3.27, 1.3.26?, 1.3.24?, 1.3.22?, 1.3.20?, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p/>
+</dd>
+</dl>
+</section>
+<section id="1.3.27">
+<title>
+Fixed in Apache httpd 1.3.27</title>
+<dl>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2002-0843">Buffer overflows in ab utility</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0843">CVE-2002-0843</a>
+<p>Buffer overflows in the benchmarking utility ab could be exploited if
+ab is run against a malicious server
+</p>
+</dd>
+<dd>
+ Reported to security team: 23rd September 2002<br/>
+ Issue public: 3rd October 2002<br/>
+ Update released: 3rd October 2002<br/>
+</dd>
+<dd>
+ Affected:
+ 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/>
+</dd>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2002-0839">Shared memory permissions lead to local privilege escalation</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0839">CVE-2002-0839</a>
+<p>The permissions of the shared memory used for the scoreboard
+allows an attacker who can execute under
+the Apache UID to send a signal to any process as root or cause a local
+denial of service attack.
+</p>
+</dd>
+<dd>
+ Reported to security team: 11th November 2001<br/>
+ Issue public: 3rd October 2002<br/>
+ Update released: 3rd October 2002<br/>
+</dd>
+<dd>
+ Affected:
+ 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/>
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2002-0840">Error page XSS using wildcard DNS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0840">CVE-2002-0840</a>
+<p>Cross-site scripting (XSS) vulnerability in the default error page of
+Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when
+UseCanonicalName is "Off" and support for wildcard DNS is present,
+allows remote attackers to execute script as other web page visitors
+via the Host: header.</p>
+</dd>
+<dd>
+ Reported to security team: 20th September 2002<br/>
+ Issue public: 2nd October 2002<br/>
+ Update released: 3rd October 2002<br/>
+</dd>
+<dd>
+ Affected:
+ 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/>
+</dd>
+</dl>
+</section>
+<section id="1.3.26">
+<title>
+Fixed in Apache httpd 1.3.26</title>
+<dl>
+<dd>
+<b>critical: </b>
+<b>
+<name name="CVE-2002-0392">Apache Chunked encoding vulnerability</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0392">CVE-2002-0392</a>
+<p>Requests to all versions of Apache 1.3 can cause various effects
+ranging from a relatively harmless increase in
+system resources through to denial of service attacks and in some
+cases the ability to be remotely exploited.</p>
+</dd>
+<dd>
+ Reported to security team: 27th May 2002<br/>
+ Issue public: 17th June 2002<br/>
+ Update released: 18th June 2002<br/>
+</dd>
+<dd>
+ Affected:
+ 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/>
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2003-0083">Filtered escape sequences</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0083">CVE-2003-0083</a>
+<p>
+Apache does not filter terminal escape sequences from its
+access logs, which could make it easier for attackers to insert those
+sequences into terminal emulators containing vulnerabilities related
+to escape sequences,
+</p>
+</dd>
+<dd>
+ Issue public: 24th February 2003<br/>
+ Update released: 18th June 2002<br/>
+</dd>
+<dd>
+ Affected:
+ 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/>
+</dd>
+</dl>
+</section>
+<section id="1.3.24">
+<title>
+Fixed in Apache httpd 1.3.24</title>
+<dl>
+<dd>
+<b>critical: </b>
+<b>
+<name name="CVE-2002-0061">Win32 Apache Remote command execution</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0061">CVE-2002-0061</a>
+<p>Apache for Win32 before 1.3.24 and 2.0.34-beta allows remote
+attackers to execute arbitrary commands via parameters passed
+to batch file CGI scripts.</p>
+</dd>
+<dd>
+ Update released: 22nd March 2002<br/>
+</dd>
+<dd>
+ Affected:
+ 1.3.22, 1.3.20?, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p/>
+</dd>
+</dl>
+</section>
+<section id="1.3.22">
+<title>
+Fixed in Apache httpd 1.3.22</title>
+<dl>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2001-0729">Requests can cause directory listing to be displayed</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0729">CVE-2001-0729</a>
+<p>A vulnerability was found in the Win32 port of
+Apache 1.3.20. A client submitting a very long URI
+could cause a directory listing to be returned rather than
+the default index page. </p>
+</dd>
+<dd>
+ Reported to security team: 18th September 2001<br/>
+ Issue public: 28th September 2001<br/>
+ Update released: 12th October 2001<br/>
+</dd>
+<dd>
+ Affected:
+ 1.3.20<p/>
+</dd>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2001-0731">Multiviews can cause a directory listing to be displayed</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0731">CVE-2001-0731</a>
+<p>A vulnerability was found when <directive>Multiviews</directive>
+ are used to negotiate the directory index. In some
+ configurations, requesting a URI with a <samp>QUERY_STRING</samp> of
+ <samp>M=D</samp> could
+ return a directory listing rather than the expected index page.</p>
+</dd>
+<dd>
+ Issue public: 9th July 2001<br/>
+ Update released: 12th October 2001<br/>
+</dd>
+<dd>
+ Affected:
+ 1.3.20, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p/>
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2001-0730">split-logfile can cause arbitrary log files to be written to</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0730">CVE-2001-0730</a>
+<p>A vulnerability was found in the <samp>split-logfile</samp> support
+ program. A request with a specially crafted <samp>Host:</samp>
+ header could allow any file with a <samp>.log</samp> extension on
+ the system to be written to. </p>
+</dd>
+<dd>
+ Issue public: 28th September 2001<br/>
+ Update released: 12th October 2001<br/>
+</dd>
+<dd>
+ Affected:
+ 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/>
+</dd>
+</dl>
+</section>
+<section id="1.3.20">
+<title>
+Fixed in Apache httpd 1.3.20</title>
+<dl>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2001-1342">Denial of service attack on Win32 and OS2</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1342">CVE-2001-1342</a>
+<p>A vulnerability was found in the Win32 and OS2 ports of Apache 1.3. A
+ client submitting a carefully constructed URI could cause a General
+ Protection Fault in a child process, bringing up a message box which
+ would have to be cleared by the operator to resume operation. This
+ vulnerability introduced no identified means to compromise the server
+ other than introducing a possible denial of service. </p>
+</dd>
+<dd>
+ Update released: 22nd May 2001<br/>
+</dd>
+<dd>
+ Affected:
+ 1.3.20, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p/>
+</dd>
+</dl>
+</section>
+<section id="1.3.19">
+<title>
+Fixed in Apache httpd 1.3.19</title>
+<dl>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2001-0925">Requests can cause directory listing to be displayed</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0925">CVE-2001-0925</a>
+<p>The default installation can lead <samp>mod_negotiation</samp> and
+ <samp>mod_dir</samp> or <samp>mod_autoindex</samp> to display a
+ directory listing instead of the multiview index.html file if a
+ very long path was created artificially by using many slashes. </p>
+</dd>
+<dd>
+ Update released: 28th February 2001<br/>
+</dd>
+<dd>
+ Affected:
+ 1.3.17, 1.3.14, 1.3.12, 1.3.11<p/>
+</dd>
+</dl>
+</section>
+<section id="1.3.14">
+<title>
+Fixed in Apache httpd 1.3.14</title>
+<dl>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2000-0913">Rewrite rules that include references allow access to any file</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0913">CVE-2000-0913</a>
+<p>The Rewrite module, <samp>mod_rewrite</samp>, can allow access to
+ any file on the web server. The vulnerability occurs only with
+ certain specific cases of using regular expression references in
+ <samp>RewriteRule</samp> directives: If the destination
+ of a <samp>RewriteRule</samp> contains regular expression references
+ then an attacker will be able to access any file on the server.</p>
+</dd>
+<dd>
+ Issue public: 29th September 2000<br/>
+ Update released: 13th October 2000<br/>
+</dd>
+<dd>
+ Affected:
+ 1.3.12, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p/>
+</dd>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2000-1204">Mass virtual hosting can display CGI source</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1204">CVE-2000-1204</a>
+<p>A security problem for users of the mass virtual hosting module,
+ <samp>mod_vhost_alias</samp>, causes
+ the source to a CGI to be sent if the <samp>cgi-bin</samp> directory is
+ under the document root. However, it is not normal to have your
+ cgi-bin directory under a document root.</p>
+</dd>
+<dd>
+ Update released: 13th October 2000<br/>
+</dd>
+<dd>
+ Affected:
+ 1.3.12, 1.3.11, 1.3.9<p/>
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2000-0505">Requests can cause directory listing to be displayed on NT</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0505">CVE-2000-0505</a>
+<p>A security hole on Apache for Windows allows a user to
+ view the listing of a
+ directory instead of the default HTML page by sending a carefully
+ constructed request.</p>
+</dd>
+<dd>
+ Update released: 13th October 2000<br/>
+</dd>
+<dd>
+ Affected:
+ 1.3.12, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p/>
+</dd>
+</dl>
+</section>
+<section id="1.3.12">
+<title>
+Fixed in Apache httpd 1.3.12</title>
+<dl>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2000-1205">Cross-site scripting can reveal private session information</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1205">CVE-2000-1205</a>
+<p>Apache was vulnerable to cross site scripting issues.
+ It was shown that malicious HTML tags can be embedded in client web
+ requests if the server or script handling the request does not
+ carefully encode all information displayed to
+ the user. Using these vulnerabilities attackers could, for
+ example, obtain copies of your private
+ cookies used to authenticate
+ you to other sites.</p>
+</dd>
+<dd>
+ Update released: 25th February 2000<br/>
+</dd>
+<dd>
+ Affected:
+ 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/>
+</dd>
+</dl>
+</section>
+<section id="1.3.11">
+<title>
+Fixed in Apache httpd 1.3.11</title>
+<dl>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2000-1206">Mass virtual hosting security issue</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1206">CVE-2000-1206</a>
+<p>A security problem can occur for sites using mass name-based virtual
+hosting (using
+the new <samp>mod_vhost_alias</samp> module) or with special
+<samp>mod_rewrite</samp> rules.
+
+<!-- Makes sure vhost alias can only be alnum, - or . -->
+
+</p>
+</dd>
+<dd>
+ Update released: 21st January 2000<br/>
+</dd>
+<dd>
+ Affected:
+ 1.3.9, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p/>
+</dd>
+</dl>
+</section>
+<section id="1.3.4">
+<title>
+Fixed in Apache httpd 1.3.4</title>
+<dl>
+<dd>
+<b>important: </b>
+<b>
+<name name="">Denial of service attack on Win32</name>
+</b>
+<p>There have been a number of important security fixes to Apache on
+Windows. The most important is that there is much better protection
+against people trying to access special DOS device names (such as
+"nul"). </p>
+</dd>
+<dd>
+ Update released: 11th January 1999<br/>
+</dd>
+<dd>
+ Affected:
+ 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/>
+</dd>
+</dl>
+</section>
+<section id="1.3.2">
+<title>
+Fixed in Apache httpd 1.3.2</title>
+<dl>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-1999-1199">Multiple header Denial of Service vulnerability</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1199">CVE-1999-1199</a>
+<p>A serious problem exists when a client
+sends a large number of headers with the same header name. Apache uses
+up memory faster than the amount of memory required to simply store
+the received data itself. That is, memory use increases faster and
+faster as more headers are received, rather than increasing at a
+constant rate. This makes a denial of service attack based on this
+method more effective than methods which cause Apache to use memory at
+a constant rate, since the attacker has to send less data.</p>
+</dd>
+<dd>
+ Update released: 23rd September 1998<br/>
+</dd>
+<dd>
+ Affected:
+ 1.3.1, 1.3.0<p/>
+</dd>
+<dd>
+<b>important: </b>
+<b>
+<name name="">Denial of service attacks</name>
+</b>
+<p>Apache 1.3.2 has
+better protection against denial of service attacks. These are when
+people make excessive requests to the server to try and prevent other
+people using it. In 1.3.2 there are several new directives which can
+limit the size of requests (these directives all start with the word
+<SAMP>Limit</SAMP>).
+</p>
+</dd>
+<dd>
+ Update released: 23rd September 1998<br/>
+</dd>
+<dd>
+ Affected:
+ 1.3.1, 1.3.0<p/>
+</dd>
+</dl>
+</section>
+</body>
+</document>
Propchange: httpd/site/trunk/content/security/vulnerabilities_13.xml
------------------------------------------------------------------------------
svn:eol-style = native
Added: httpd/site/trunk/content/security/vulnerabilities_20.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/security/vulnerabilities_20.xml?rev=1334622&view=auto
==============================================================================
--- httpd/site/trunk/content/security/vulnerabilities_20.xml (added)
+++ httpd/site/trunk/content/security/vulnerabilities_20.xml Sun May 6 13:14:42 2012
@@ -0,0 +1,1606 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<document>
+<properties>
+<author email="security@httpd.apache.org">Apache HTTP Server Security Team</author>
+<title>Apache httpd 2.0 vulnerabilities</title>
+</properties>
+<body>
+<section id="top">
+<title>Apache httpd 2.0 vulnerabilities</title>
+<p>This page lists all security vulnerabilities fixed in released
+versions of Apache httpd 2.0. Each
+vulnerability is given a security <a href="/security/impact_levels.html">impact rating</a> by the Apache
+security team - please note that this rating may well vary from
+platform to platform. We also list the versions of Apache httpd the
+flaw is known to affect, and where a flaw has not been verified list
+the version with a question mark. </p>
+<p> Please note that if a vulnerability is shown below as being fixed
+in a "-dev" release then this means that a fix has been applied to
+the development source tree and will be part of an upcoming full release.</p>
+<p> This page is created from a database of vulnerabilities originally
+populated by Apache Week. Please send comments or corrections for
+these vulnerabilities to the <a href="/security_report.html">Security
+Team</a>. </p>
+</section>
+<section id="2.0.65-dev">
+<title>
+Fixed in Apache httpd 2.0.65-dev</title>
+<dl>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2011-3192">Range header remote DoS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192">CVE-2011-3192</a>
+<p>
+A flaw was found in the way the Apache HTTP Server handled Range HTTP
+headers. A remote attacker could use this flaw to cause httpd to use
+an excessive amount of memory and CPU time via HTTP requests with a
+specially-crafted Range header. This could be used in a denial of
+service attack. </p>
+<p>
+Advisory: <a href="CVE-2011-3192.txt">CVE-2011-3192.txt</a>
+</p>
+</dd>
+<dd>
+ Issue public: 20th August 2011<br/>
+ Update released: 30th August 2011<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.64, 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2011-3368">mod_proxy reverse proxy exposure</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368">CVE-2011-3368</a>
+<p>
+An exposure was found when using mod_proxy in reverse proxy mode.
+In certain configurations using RewriteRule with proxy flag or
+ProxyPassMatch, a remote attacker could cause the reverse proxy to
+connect to an arbitrary server, possibly disclosing sensitive
+information from internal web servers not directly accessible to
+attacker.</p>
+</dd>
+<dd>
+<p>Acknowledgements:
+This issue was reported by Context Information Security Ltd
+</p>
+</dd>
+<dd>
+ Reported to security team: 16th September 2011<br/>
+ Issue public: 5th October 2011<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.64, 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2011-0419">apr_fnmatch flaw leads to mod_autoindex remote DoS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0419">CVE-2011-0419</a>
+<p>
+A flaw was found in the apr_fnmatch() function of the bundled APR
+library. Where mod_autoindex is enabled, and a directory indexed by
+mod_autoindex contained files with sufficiently long names, a
+remote attacker could send a carefully crafted request which would
+cause excessive CPU usage. This could be used in a denial of service
+attack.
+</p>
+<p>
+Workaround: Setting the 'IgnoreClient' option to the 'IndexOptions'
+directive disables processing of the client-supplied request query
+arguments, preventing this attack.
+</p>
+<p>
+Resolution: Update APR to release 0.9.20 (to be bundled with httpd 2.0.65)
+</p>
+</dd>
+<dd>
+<p>Acknowledgements:
+This issue was reported by Maksymilian Arciemowicz
+</p>
+</dd>
+<dd>
+ Reported to security team: 2nd March 2011<br/>
+ Issue public: 10th May 2011<br/>
+ Update released: 21st May 2011<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.64, 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
+</dd>
+</dl>
+</section>
+<section id="2.0.64">
+<title>
+Fixed in Apache httpd 2.0.64</title>
+<dl>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2010-0425">mod_isapi module unload flaw</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0425">CVE-2010-0425</a>
+<p>
+A flaw was found with within mod_isapi which would attempt to unload the ISAPI dll when it
+encountered various error states. This could leave the callbacks in an
+undefined state and result in a segfault. On Windows platforms using mod_isapi, a
+remote attacker could send a malicious request to trigger this issue, and as win32 MPM runs only one
+process, this would result in a denial of service, and potentially allow
+arbitrary code execution.
+</p>
+</dd>
+<dd>
+<p>Acknowledgements:
+We would like to thank Brett Gervasoni of Sense of Security for reporting and
+proposing a patch fix for this issue.
+</p>
+</dd>
+<dd>
+ Reported to security team: 9th February 2010<br/>
+ Issue public: 2nd March 2010<br/>
+ Update released: 19th October 2010<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37<p/>
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2009-3720">expat DoS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720">CVE-2009-3720</a>
+<p>
+A buffer over-read flaw was found in the bundled expat
+library. An attacker who is able to get Apache to parse
+an untrused XML document (for example through mod_dav) may
+be able to cause a crash. This crash would only
+be a denial of service if using the worker MPM.
+</p>
+</dd>
+<dd>
+ Reported to security team: 21st August 2009<br/>
+ Issue public: 17th January 2009<br/>
+ Update released: 19th October 2010<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2009-3560">expat DoS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560">CVE-2009-3560</a>
+<p>
+A buffer over-read flaw was found in the bundled expat
+library. An attacker who is able to get Apache to parse
+an untrused XML document (for example through mod_dav) may
+be able to cause a crash. This crash would only
+be a denial of service if using the worker MPM.
+</p>
+</dd>
+<dd>
+ Issue public: 2nd December 2009<br/>
+ Update released: 19th October 2010<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2010-1623">apr_bridage_split_line DoS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1623">CVE-2010-1623</a>
+<p>
+A flaw was found in the apr_brigade_split_line() function of the bundled
+APR-util library, used to process non-SSL requests. A remote attacker
+could send requests, carefully crafting the timing of individual bytes,
+which would slowly consume memory, potentially leading to a denial of
+service.
+</p>
+</dd>
+<dd>
+ Reported to security team: 3rd March 2010<br/>
+ Issue public: 1st October 2010<br/>
+ Update released: 19th October 2010<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2010-1452">mod_dav DoS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1452">CVE-2010-1452</a>
+<p>
+A flaw was found in the handling of requests by mod_dav. A malicious remote
+attacker could send a carefully crafted request and cause a httpd child process
+to crash. This crash would only be a denial of service if using the worker MPM.
+This issue is further mitigated as mod_dav is only affected by requests that are
+most likely to be authenticated.
+</p>
+</dd>
+<dd>
+<p>Acknowledgements:
+This issue was reported by Mark Drayton.
+</p>
+</dd>
+<dd>
+ Reported to security team: 4th May 2010<br/>
+ Issue public: 25th July 2010<br/>
+ Update released: 19th October 2010<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2009-2412">APR apr_palloc heap overflow</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412">CVE-2009-2412</a>
+<p>
+A flaw in apr_palloc() in the bundled copy of APR could
+cause heap overflows in programs that try to apr_palloc() a user
+controlled size. The Apache HTTP Server itself does not pass
+unsanitized user-provided sizes to this function, so it could only
+be triggered through some other application which uses apr_palloc()
+in a vulnerable way.
+</p>
+</dd>
+<dd>
+ Reported to security team: 27th July 2009<br/>
+ Issue public: 4th August 2009<br/>
+ Update released: 19th October 2010<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2009-1891">mod_deflate DoS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891">CVE-2009-1891</a>
+<p>
+A denial of service flaw was found in the mod_deflate module. This
+module continued to compress large files until compression was
+complete, even if the network connection that requested the content
+was closed before compression completed. This would cause mod_deflate
+to consume large amounts of CPU if mod_deflate was enabled for a large
+file.</p>
+</dd>
+<dd>
+ Issue public: 26th June 2009<br/>
+ Update released: 19th October 2010<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2009-3095">mod_proxy_ftp FTP command injection</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095">CVE-2009-3095</a>
+<p>
+A flaw was found in the mod_proxy_ftp module. In a reverse proxy
+configuration, a remote attacker could use this flaw to bypass
+intended access restrictions by creating a carefully-crafted HTTP
+Authorization header, allowing the attacker to send arbitrary commands
+to the FTP server.
+</p>
+</dd>
+<dd>
+ Reported to security team: 3rd September 2009<br/>
+ Issue public: 3rd August 2009<br/>
+ Update released: 19th October 2010<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2009-3094">mod_proxy_ftp DoS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094">CVE-2009-3094</a>
+<p>
+A NULL pointer dereference flaw was found in the mod_proxy_ftp
+module. A malicious FTP server to which requests are being proxied
+could use this flaw to crash an httpd child process via a malformed
+reply to the EPSV or PASV commands, resulting in a limited denial of
+service.
+</p>
+</dd>
+<dd>
+ Reported to security team: 4th September 2009<br/>
+ Issue public: 2nd August 2009<br/>
+ Update released: 19th October 2010<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2010-0434">Subrequest handling of request headers (mod_headers)</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0434">CVE-2010-0434</a>
+<p>
+A flaw in the core subrequest process code was fixed, to always provide a shallow copy of the headers_in
+array to the subrequest, instead of a pointer to the parent request's array
+as it had for requests without request bodies. This meant all modules such
+as mod_headers which may manipulate the input headers for a subrequest would
+poison the parent request in two ways, one by modifying the parent request,
+which might not be intended, and second by leaving pointers to modified header
+fields in memory allocated to the subrequest scope, which could be freed
+before the main request processing was finished, resulting in a segfault or
+in revealing data from another request on threaded servers, such as the worker
+or winnt MPMs.
+</p>
+</dd>
+<dd>
+<p>Acknowledgements:
+We would like to thank Philip Pickett of VMware for reporting and proposing a
+fix for this issue.
+</p>
+</dd>
+<dd>
+ Issue public: 9th December 2009<br/>
+ Update released: 19th October 2010<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2008-2939">mod_proxy_ftp globbing XSS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939">CVE-2008-2939</a>
+<p>
+A flaw was found in the handling of wildcards in the path of a FTP
+URL with mod_proxy_ftp. If mod_proxy_ftp is enabled to support
+FTP-over-HTTP, requests containing globbing characters could lead
+to cross-site scripting (XSS) attacks.</p>
+</dd>
+<dd>
+ Reported to security team: 28th July 2008<br/>
+ Issue public: 5th August 2008<br/>
+ Update released: 19th October 2010<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2008-2364">mod_proxy_http DoS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364">CVE-2008-2364</a>
+<p>
+A flaw was found in the handling of excessive interim responses
+from an origin server when using mod_proxy_http. A remote attacker
+could cause a denial of service or high memory usage.</p>
+</dd>
+<dd>
+ Reported to security team: 29th May 2008<br/>
+ Issue public: 10th June 2008<br/>
+ Update released: 19th October 2010<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
+</dd>
+</dl>
+</section>
+<section id="2.0.63">
+<title>
+Fixed in Apache httpd 2.0.63</title>
+<dl>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2008-0005">mod_proxy_ftp UTF-7 XSS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005">CVE-2008-0005</a>
+<p>
+A workaround was added in the mod_proxy_ftp module. On sites where
+mod_proxy_ftp is enabled and a forward proxy is configured, a
+cross-site scripting attack is possible against Web browsers which do
+not correctly derive the response character set following the rules in
+RFC 2616.
+</p>
+</dd>
+<dd>
+ Reported to security team: 15th December 2007<br/>
+ Issue public: 8th January 2008<br/>
+ Update released: 19th January 2008<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2007-6388">mod_status XSS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388">CVE-2007-6388</a>
+<p>
+A flaw was found in the mod_status module. On sites where mod_status is
+enabled and the status pages were publicly accessible, a cross-site
+scripting attack is possible.
+Note that the server-status page is not enabled by default and it is best practice to not make this publicly available.</p>
+</dd>
+<dd>
+ Reported to security team: 15th December 2007<br/>
+ Issue public: 2nd January 2008<br/>
+ Update released: 19th January 2008<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2007-5000">mod_imap XSS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000">CVE-2007-5000</a>
+<p>
+A flaw was found in the mod_imap module. On sites where
+mod_imap is enabled and an imagemap file is publicly available, a
+cross-site scripting attack is possible.</p>
+</dd>
+<dd>
+ Reported to security team: 23rd October 2007<br/>
+ Issue public: 11th December 2007<br/>
+ Update released: 19th January 2008<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
+</dd>
+</dl>
+</section>
+<section id="2.0.61">
+<title>
+Fixed in Apache httpd 2.0.61</title>
+<dl>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2007-3847">mod_proxy crash</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847">CVE-2007-3847</a>
+<p>
+A flaw was found in the Apache HTTP Server mod_proxy module. On sites where
+a reverse proxy is configured, a remote attacker could send a carefully
+crafted request that would cause the Apache child process handling that
+request to crash. On sites where a forward proxy is configured, an attacker
+could cause a similar crash if a user could be persuaded to visit a
+malicious site using the proxy. This could lead to a denial of service if
+using a threaded Multi-Processing Module.</p>
+</dd>
+<dd>
+ Issue public: 10th December 2006<br/>
+ Update released: 7th September 2007<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2006-5752">mod_status cross-site scripting</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752">CVE-2006-5752</a>
+<p>
+A flaw was found in the mod_status module. On sites where the
+server-status page is publicly accessible and ExtendedStatus is
+enabled this could lead to a cross-site scripting attack.
+Note that the server-status
+page is not enabled by default and it is best practice to not make
+this publicly available.</p>
+</dd>
+<dd>
+ Reported to security team: 19th October 2006<br/>
+ Issue public: 20th June 2007<br/>
+ Update released: 7th September 2007<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2007-3304">Signals to arbitrary processes</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304">CVE-2007-3304</a>
+<p>The Apache HTTP server did not verify that a process
+was an Apache child process before sending it signals. A local
+attacker with the ability to run scripts on the HTTP server could
+manipulate the scoreboard and cause arbitrary processes to be
+terminated which could lead to a denial of service.</p>
+</dd>
+<dd>
+ Reported to security team: 15th May 2006<br/>
+ Issue public: 19th June 2007<br/>
+ Update released: 7th September 2007<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2007-1863">mod_cache proxy DoS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863">CVE-2007-1863</a>
+<p>A bug was found in the mod_cache module. On sites where
+caching is enabled, a remote attacker could send a carefully crafted
+request that would cause the Apache child process handling that request to
+crash. This could lead to a denial of service if using a threaded
+Multi-Processing Module.</p>
+</dd>
+<dd>
+ Reported to security team: 2nd May 2007<br/>
+ Issue public: 18th June 2007<br/>
+ Update released: 7th September 2007<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37<p/>
+</dd>
+</dl>
+</section>
+<section id="2.0.59">
+<title>
+Fixed in Apache httpd 2.0.59</title>
+<dl>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2006-3747">mod_rewrite off-by-one error</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3747">CVE-2006-3747</a>
+<p>
+An off-by-one flaw exists in the Rewrite module, mod_rewrite.
+Depending on the manner in which Apache httpd was compiled, this
+software defect may result in a vulnerability which, in combination
+with certain types of Rewrite rules in the web server configuration
+files, could be triggered remotely. For vulnerable builds, the nature
+of the vulnerability can be denial of service (crashing of web server
+processes) or potentially allow arbitrary code execution.
+</p>
+</dd>
+<dd>
+ Reported to security team: 21st July 2006<br/>
+ Issue public: 27th July 2006<br/>
+ Update released: 27th July 2006<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46<p/>
+</dd>
+</dl>
+</section>
+<section id="2.0.58">
+<title>
+Fixed in Apache httpd 2.0.58</title>
+<dl>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2005-3357">mod_ssl access control DoS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3357">CVE-2005-3357</a>
+<p>
+A NULL pointer dereference flaw in mod_ssl was discovered affecting server
+configurations where an SSL virtual host is configured with access control
+and a custom 400 error document. A remote attacker could send a carefully
+crafted request to trigger this issue which would lead to a crash. This
+crash would only be a denial of service if using the worker MPM.
+</p>
+</dd>
+<dd>
+ Reported to security team: 5th December 2005<br/>
+ Issue public: 12th December 2005<br/>
+ Update released: 1st May 2006<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2005-3352">mod_imap Referer Cross-Site Scripting</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352">CVE-2005-3352</a>
+<p>
+A flaw in mod_imap when using the Referer directive with image maps.
+In certain site configurations a remote attacker could perform a cross-site
+scripting attack if a victim can be forced to visit a malicious
+URL using certain web browsers.
+</p>
+</dd>
+<dd>
+ Reported to security team: 1st November 2005<br/>
+ Issue public: 12th December 2005<br/>
+ Update released: 1st May 2006<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
+</dd>
+</dl>
+</section>
+<section id="2.0.55">
+<title>
+Fixed in Apache httpd 2.0.55</title>
+<dl>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2005-2700">SSLVerifyClient bypass</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2700">CVE-2005-2700</a>
+<p>
+A flaw in the mod_ssl handling of the "SSLVerifyClient"
+directive. This flaw would occur if a virtual host has been configured
+using "SSLVerifyClient optional" and further a directive "SSLVerifyClient
+required" is set for a specific location. For servers configured in this
+fashion, an attacker may be able to access resources that should otherwise
+be protected, by not supplying a client certificate when connecting.
+</p>
+</dd>
+<dd>
+ Issue public: 30th August 2005<br/>
+ Update released: 14th October 2005<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2005-2970">Worker MPM memory leak</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2970">CVE-2005-2970</a>
+<p>
+A memory leak in the worker MPM would allow remote attackers to cause
+a denial of service (memory consumption) via aborted connections,
+which prevents the memory for the transaction pool from being reused
+for other connections. This issue was downgraded in severity to low
+(from moderate) as sucessful exploitation of the race condition would
+be difficult.
+</p>
+</dd>
+<dd>
+ Update released: 14th October 2005<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36<p/>
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2005-2491">PCRE overflow</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2491">CVE-2005-2491</a>
+<p>
+An integer overflow flaw was found in PCRE, a Perl-compatible regular
+expression library included within httpd. A local user who has the
+ability to create .htaccess files could create a maliciously crafted
+regular expression in such as way that they could gain the privileges
+of a httpd child.
+</p>
+</dd>
+<dd>
+ Issue public: 1st August 2005<br/>
+ Update released: 14th October 2005<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2005-1268">Malicious CRL off-by-one</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1268">CVE-2005-1268</a>
+<p>
+An off-by-one stack overflow was discovered in the mod_ssl CRL
+verification callback. In order to exploit this issue the Apache
+server would need to be configured to use a malicious certificate
+revocation list (CRL)
+</p>
+</dd>
+<dd>
+ Issue public: 8th June 2005<br/>
+ Update released: 14th October 2005<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2005-2728">Byterange filter DoS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2728">CVE-2005-2728</a>
+<p>
+A flaw in the byterange filter would cause some responses to be buffered
+into memory. If a server has a dynamic resource such as a CGI
+script or PHP script which generates a large amount of data, an attacker
+could send carefully crafted requests in order to consume resources,
+potentially leading to a Denial of Service.
+</p>
+</dd>
+<dd>
+ Issue public: 7th July 2005<br/>
+ Update released: 14th October 2005<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2005-2088">HTTP Request Spoofing</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2088">CVE-2005-2088</a>
+<p>
+A flaw occured when using the Apache server as a HTTP proxy. A remote
+attacker could send a HTTP request with both a "Transfer-Encoding:
+chunked" header and a Content-Length header, causing Apache to
+incorrectly handle and forward the body of the request in a way that
+causes the receiving server to process it as a separate HTTP request.
+This could allow the bypass of web application firewall protection or
+lead to cross-site scripting (XSS) attacks.
+</p>
+</dd>
+<dd>
+ Issue public: 11th June 2005<br/>
+ Update released: 14th October 2005<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
+</dd>
+</dl>
+</section>
+<section id="2.0.53">
+<title>
+Fixed in Apache httpd 2.0.53</title>
+<dl>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2004-0942">Memory consumption DoS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0942">CVE-2004-0942</a>
+<p>
+An issue was discovered where the field length limit was not enforced
+for certain malicious requests. This could allow a remote attacker who
+is able to send large amounts of data to a server the ability to cause
+Apache children to consume proportional amounts of memory, leading to
+a denial of service.
+</p>
+</dd>
+<dd>
+ Reported to security team: 28th October 2004<br/>
+ Issue public: 1st November 2004<br/>
+ Update released: 8th February 2005<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2004-1834">mod_disk_cache stores sensitive headers</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1834">CVE-2004-1834</a>
+<p>
+The experimental mod_disk_cache module stored client authentication
+credentials for cached objects such as proxy authentication credentials
+and Basic Authentication passwords on disk.
+</p>
+</dd>
+<dd>
+ Reported to security team: 2nd March 2004<br/>
+ Issue public: 20th March 2004<br/>
+ Update released: 8th February 2005<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2004-0885">SSLCipherSuite bypass</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0885">CVE-2004-0885</a>
+<p>
+An issue has been discovered in the mod_ssl module when configured to use
+the "SSLCipherSuite" directive in directory or location context. If a
+particular location context has been configured to require a specific set
+of cipher suites, then a client will be able to access that location using
+any cipher suite allowed by the virtual host configuration.
+</p>
+</dd>
+<dd>
+ Issue public: 1st October 2004<br/>
+ Update released: 8th February 2005<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
+</dd>
+</dl>
+</section>
+<section id="2.0.52">
+<title>
+Fixed in Apache httpd 2.0.52</title>
+<dl>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2004-0811">Basic authentication bypass</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0811">CVE-2004-0811</a>
+<p>
+A flaw in Apache 2.0.51 (only) broke the merging of the Satisfy
+directive which could result in access being granted to
+resources despite any configured authentication
+</p>
+</dd>
+<dd>
+ Issue public: 18th September 2004<br/>
+ Update released: 28th September 2004<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.51<p/>
+</dd>
+</dl>
+</section>
+<section id="2.0.51">
+<title>
+Fixed in Apache httpd 2.0.51</title>
+<dl>
+<dd>
+<b>critical: </b>
+<b>
+<name name="CVE-2004-0786">IPv6 URI parsing heap overflow</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0786">CVE-2004-0786</a>
+<p>
+Testing using the Codenomicon HTTP Test Tool performed by the Apache
+Software Foundation security group and Red Hat uncovered an input
+validation issue in the IPv6 URI parsing routines in the apr-util library.
+If a remote attacker sent a request including a carefully crafted URI, an
+httpd child process could be made to crash. One some BSD systems it
+is believed this flaw may be able to lead to remote code execution.
+</p>
+</dd>
+<dd>
+ Reported to security team: 25th August 2004<br/>
+ Issue public: 15th September 2004<br/>
+ Update released: 15th September 2004<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
+</dd>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2004-0748">SSL connection infinite loop</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0748">CVE-2004-0748</a>
+<p>
+An issue was discovered in the mod_ssl module in Apache 2.0.
+A remote attacker who forces an SSL connection to
+be aborted in a particular state may cause an Apache child process to
+enter an infinite loop, consuming CPU resources.
+</p>
+</dd>
+<dd>
+ Issue public: 7th July 2004<br/>
+ Update released: 15th September 2004<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.50, 2.0.49?, 2.0.48?, 2.0.47?, 2.0.46?, 2.0.45?, 2.0.44?, 2.0.43?, 2.0.42?, 2.0.40?, 2.0.39?, 2.0.37?, 2.0.36?, 2.0.35?<p/>
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2004-0747">Environment variable expansion flaw</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0747">CVE-2004-0747</a>
+<p>
+A buffer overflow was found in the
+expansion of environment variables during configuration file parsing. This
+issue could allow a local user to gain the privileges of a httpd
+child if a server can be forced to parse a carefully crafted .htaccess file
+written by a local user.
+</p>
+</dd>
+<dd>
+<p>Acknowledgements:
+We would like to thank the Swedish IT Incident Centre (SITIC) for reporting
+this issue.
+</p>
+</dd>
+<dd>
+ Reported to security team: 5th August 2004<br/>
+ Issue public: 15th September 2004<br/>
+ Update released: 15th September 2004<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2004-0751">Malicious SSL proxy can cause crash</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0751">CVE-2004-0751</a>
+<p>
+An issue was discovered in the mod_ssl module in Apache 2.0.44-2.0.50
+which could be triggered if
+the server is configured to allow proxying to a remote SSL server. A
+malicious remote SSL server could force an httpd child process to crash by
+sending a carefully crafted response header. This issue is not believed to
+allow execution of arbitrary code and will only result in a denial
+of service where a threaded process model is in use.
+</p>
+</dd>
+<dd>
+ Issue public: 7th July 2004<br/>
+ Update released: 15th September 2004<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44<p/>
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2004-0809">WebDAV remote crash</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0809">CVE-2004-0809</a>
+<p>
+An issue was discovered in the mod_dav module which could be triggered
+for a location where WebDAV authoring access has been configured. A
+malicious remote client which is authorized to use the LOCK method
+could force an httpd child process to crash by sending a particular
+sequence of LOCK requests. This issue does not allow execution of
+arbitrary code. and will only result in a denial of service where a
+threaded process model is in use.
+</p>
+</dd>
+<dd>
+ Issue public: 12th September 2004<br/>
+ Update released: 15th September 2004<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
+</dd>
+</dl>
+</section>
+<section id="2.0.50">
+<title>
+Fixed in Apache httpd 2.0.50</title>
+<dl>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2004-0493">Header parsing memory leak</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0493">CVE-2004-0493</a>
+<p>
+A memory leak in parsing of HTTP headers which can be triggered
+remotely may allow a denial of service attack due to excessive memory
+consumption.
+</p>
+</dd>
+<dd>
+ Reported to security team: 13th June 2004<br/>
+ Issue public: 1st July 2004<br/>
+ Update released: 1st July 2004<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.49, 2.0.48?, 2.0.47?, 2.0.46?, 2.0.45?, 2.0.44?, 2.0.43?, 2.0.42?, 2.0.40?, 2.0.39?, 2.0.37?, 2.0.36?, 2.0.35?<p/>
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2004-0488">FakeBasicAuth overflow</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0488">CVE-2004-0488</a>
+<p>
+A buffer overflow in the mod_ssl FakeBasicAuth code could be exploited
+by an attacker using a (trusted) client certificate with a subject DN
+field which exceeds 6K in length.
+</p>
+</dd>
+<dd>
+ Issue public: 17th May 2004<br/>
+ Update released: 1st July 2004<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
+</dd>
+</dl>
+</section>
+<section id="2.0.49">
+<title>
+Fixed in Apache httpd 2.0.49</title>
+<dl>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2004-0174">listening socket starvation</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0174">CVE-2004-0174</a>
+<p>
+A starvation issue on listening sockets occurs when a short-lived
+connection on a rarely-accessed listening socket will cause a child to
+hold the accept mutex and block out new connections until another
+connection arrives on that rarely-accessed listening socket. This
+issue is known to affect some versions of AIX, Solaris, and Tru64; it
+is known to not affect FreeBSD or Linux.
+
+</p>
+</dd>
+<dd>
+ Reported to security team: 25th February 2004<br/>
+ Issue public: 18th March 2004<br/>
+ Update released: 19th March 2004<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
+</dd>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2004-0113">mod_ssl memory leak</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0113">CVE-2004-0113</a>
+<p>
+A memory leak in mod_ssl allows a remote denial of service attack
+against an SSL-enabled server by sending plain HTTP requests to the
+SSL port.
+</p>
+</dd>
+<dd>
+ Issue public: 20th February 2004<br/>
+ Update released: 19th March 2004<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2003-0020">Error log escape filtering</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0020">CVE-2003-0020</a>
+<p>
+Apache does not filter terminal escape sequences from error logs,
+which could make it easier for attackers to insert those sequences
+into terminal emulators containing vulnerabilities related to escape
+sequences.
+</p>
+</dd>
+<dd>
+ Issue public: 24th February 2003<br/>
+ Update released: 19th March 2004<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
+</dd>
+</dl>
+</section>
+<section id="2.0.48">
+<title>
+Fixed in Apache httpd 2.0.48</title>
+<dl>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2003-0542">Local configuration regular expression overflow</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0542">CVE-2003-0542</a>
+<p>
+By using a regular expression with more than 9 captures a buffer
+overflow can occur in mod_alias or mod_rewrite. To exploit this an
+attacker would need to be able to create a carefully crafted configuration
+file (.htaccess or httpd.conf)
+</p>
+</dd>
+<dd>
+ Reported to security team: 4th August 2003<br/>
+ Issue public: 27th October 2003<br/>
+ Update released: 27th October 2003<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2003-0789">CGI output information leak</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0789">CVE-2003-0789</a>
+<p>
+A bug in mod_cgid mishandling of CGI redirect paths can result in
+CGI output going to the wrong client when a threaded MPM
+is used.
+</p>
+</dd>
+<dd>
+ Reported to security team: 3rd October 2003<br/>
+ Issue public: 27th October 2003<br/>
+ Update released: 27th October 2003<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
+</dd>
+</dl>
+</section>
+<section id="2.0.47">
+<title>
+Fixed in Apache httpd 2.0.47</title>
+<dl>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2003-0253">Remote DoS with multiple Listen directives</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0253">CVE-2003-0253</a>
+<p>
+In a server with multiple listening sockets a certain error returned
+by accept() on a rarely access port can cause a temporary denial of
+service, due to a bug in the prefork MPM.
+</p>
+</dd>
+<dd>
+ Reported to security team: 25th June 2003<br/>
+ Issue public: 9th July 2003<br/>
+ Update released: 9th July 2003<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2003-0192">mod_ssl renegotiation issue</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0192">CVE-2003-0192</a>
+<p>
+A bug in the optional renegotiation code in mod_ssl included with
+Apache httpd can cause cipher suite restrictions to be ignored.
+This is triggered if optional renegotiation is used (SSLOptions
++OptRenegotiate) along with verification of client certificates
+and a change to the cipher suite over the renegotiation.
+</p>
+</dd>
+<dd>
+ Reported to security team: 30th April 2003<br/>
+ Issue public: 9th July 2003<br/>
+ Update released: 9th July 2003<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2003-0254">Remote DoS via IPv6 ftp proxy</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0254">CVE-2003-0254</a>
+<p>
+When a client requests that proxy ftp connect to a ftp server with
+IPv6 address, and the proxy is unable to create an IPv6 socket,
+an infinite loop occurs causing a remote Denial of Service.
+</p>
+</dd>
+<dd>
+ Reported to security team: 25th June 2003<br/>
+ Issue public: 9th July 2003<br/>
+ Update released: 9th July 2003<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
+</dd>
+</dl>
+</section>
+<section id="2.0.46">
+<title>
+Fixed in Apache httpd 2.0.46</title>
+<dl>
+<dd>
+<b>critical: </b>
+<b>
+<name name="CVE-2003-0245">APR remote crash</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0245">CVE-2003-0245</a>
+<p>
+A vulnerability in the apr_psprintf function in the Apache Portable
+Runtime (APR) library allows remote
+attackers to cause a denial of service (crash) and possibly execute
+arbitrary code via long strings, as demonstrated using XML objects to
+mod_dav, and possibly other vectors.
+</p>
+</dd>
+<dd>
+ Reported to security team: 9th April 2003<br/>
+ Issue public: 28th May 2003<br/>
+ Update released: 28th May 2003<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37<p/>
+</dd>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2003-0189">Basic Authentication DoS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0189">CVE-2003-0189</a>
+<p>
+A build system problem in Apache 2.0.40 through 2.0.45 allows remote attackers
+to cause a denial of access to authenticated content when a threaded
+server is used.
+</p>
+</dd>
+<dd>
+ Reported to security team: 25th April 2003<br/>
+ Issue public: 28th May 2003<br/>
+ Update released: 28th May 2003<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40<p/>
+</dd>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2003-0134">OS2 device name DoS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0134">CVE-2003-0134</a>
+<p>
+Apache on OS2 up to and including Apache 2.0.45
+have a Denial of Service vulnerability caused by
+device names.
+</p>
+</dd>
+<dd>
+ Issue public: 31st March 2003<br/>
+ Update released: 28th May 2003<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.45, 2.0.44?, 2.0.43?, 2.0.42?, 2.0.40?, 2.0.39?, 2.0.37?, 2.0.36?, 2.0.35?<p/>
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2003-0083">Filtered escape sequences</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0083">CVE-2003-0083</a>
+<p>
+Apache did not filter terminal escape sequences from its
+access logs, which could make it easier for attackers to insert those
+sequences into terminal emulators containing vulnerabilities related
+to escape sequences.
+</p>
+</dd>
+<dd>
+ Issue public: 24th February 2003<br/>
+ Update released: 2nd April 2004<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
+</dd>
+</dl>
+</section>
+<section id="2.0.45">
+<title>
+Fixed in Apache httpd 2.0.45</title>
+<dl>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2003-0132">Line feed memory leak DoS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0132">CVE-2003-0132</a>
+<p>
+Apache 2.0 versions before Apache 2.0.45 had a significant Denial of
+Service vulnerability. Remote attackers could cause a denial of service
+(memory consumption) via large chunks of linefeed characters, which
+causes Apache to allocate 80 bytes for each linefeed.
+</p>
+</dd>
+<dd>
+ Issue public: 2nd April 2004<br/>
+ Update released: 2nd April 2004<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
+</dd>
+</dl>
+</section>
+<section id="2.0.44">
+<title>
+Fixed in Apache httpd 2.0.44</title>
+<dl>
+<dd>
+<b>critical: </b>
+<b>
+<name name="CVE-2003-0016">MS-DOS device name filtering</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0016">CVE-2003-0016</a>
+<p>On Windows platforms Apache did not
+correctly filter MS-DOS device names which
+could lead to denial of service attacks or remote code execution.
+</p>
+</dd>
+<dd>
+ Reported to security team: 4th December 2002<br/>
+ Issue public: 20th January 2003<br/>
+ Update released: 20th January 2003<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.43, 2.0.42?, 2.0.40?, 2.0.39?, 2.0.37?, 2.0.36?, 2.0.35?<p/>
+</dd>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2003-0017">Apache can serve unexpected files</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0017">CVE-2003-0017</a>
+<p>
+On Windows platforms Apache could be forced to serve unexpected files
+by appending illegal characters such as '<' to the request URL
+</p>
+</dd>
+<dd>
+ Reported to security team: 15th November 2002<br/>
+ Issue public: 20th January 2003<br/>
+ Update released: 20th January 2003<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.43, 2.0.42?, 2.0.40?, 2.0.39?, 2.0.37?, 2.0.36?, 2.0.35?<p/>
+</dd>
+</dl>
+</section>
+<section id="2.0.43">
+<title>
+Fixed in Apache httpd 2.0.43</title>
+<dl>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2002-0840">Error page XSS using wildcard DNS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0840">CVE-2002-0840</a>
+<p>Cross-site scripting (XSS) vulnerability in the default error page of
+Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when
+UseCanonicalName is "Off" and support for wildcard DNS is present,
+allows remote attackers to execute script as other web page visitors
+via the Host: header.</p>
+</dd>
+<dd>
+ Reported to security team: 20th September 2002<br/>
+ Issue public: 2nd October 2002<br/>
+ Update released: 3rd October 2002<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2002-1156">CGI scripts source revealed using WebDAV</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1156">CVE-2002-1156</a>
+<p>In Apache 2.0.42 only, for a location where both WebDAV and CGI were
+enabled, a POST request to a CGI script would reveal the CGI source to
+a remote user. </p>
+</dd>
+<dd>
+ Update released: 3rd October 2002<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.42<p/>
+</dd>
+</dl>
+</section>
+<section id="2.0.42">
+<title>
+Fixed in Apache httpd 2.0.42</title>
+<dl>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2002-1593">mod_dav crash</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1593">CVE-2002-1593</a>
+<p>
+A flaw was found in handling of versioning hooks in mod_dav. An attacker
+could send a carefully crafted request in such a way to cause the child
+process handling the connection to crash. This issue will only result
+in a denial of service where a threaded process model is in use.
+</p>
+</dd>
+<dd>
+ Issue public: 19th September 2002<br/>
+ Update released: 24th September 2002<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
+</dd>
+</dl>
+</section>
+<section id="2.0.40">
+<title>
+Fixed in Apache httpd 2.0.40</title>
+<dl>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2002-0661">Path vulnerability</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0661">CVE-2002-0661</a>
+<p>Certain URIs would bypass security
+and allow users to invoke or access any file depending on the system
+configuration. Affects Windows, OS2, Netware and Cygwin platforms
+only.</p>
+</dd>
+<dd>
+ Reported to security team: 7th August 2002<br/>
+ Issue public: 9th August 2002<br/>
+ Update released: 9th August 2002<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2002-0654">Path revealing exposures</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0654">CVE-2002-0654</a>
+<p>A path-revealing exposure was present in multiview type
+map negotiation (such as the default error documents) where a
+module would report the full path of the typemapped .var file when
+multiple documents or no documents could be served.
+Additionally a path-revealing exposure in cgi/cgid when Apache
+fails to invoke a script. The modules would report "couldn't create
+child process /path-to-script/script.pl" revealing the full path
+of the script.</p>
+</dd>
+<dd>
+ Reported to security team: 5th July 2002<br/>
+ Issue public: 9th August 2002<br/>
+ Update released: 9th August 2002<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.39, 2.0.37?, 2.0.36?, 2.0.35?<p/>
+</dd>
+</dl>
+</section>
+<section id="2.0.37">
+<title>
+Fixed in Apache httpd 2.0.37</title>
+<dl>
+<dd>
+<b>critical: </b>
+<b>
+<name name="CVE-2002-0392">Apache Chunked encoding vulnerability</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0392">CVE-2002-0392</a>
+<p>Malicious requests can cause various effects
+ranging from a relatively harmless increase in
+system resources through to denial of service attacks and in some
+cases the ability to execute arbitrary remote code.</p>
+</dd>
+<dd>
+ Reported to security team: 27th May 2002<br/>
+ Issue public: 17th June 2002<br/>
+ Update released: 18th June 2002<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.36, 2.0.35<p/>
+</dd>
+</dl>
+</section>
+<section id="2.0.36">
+<title>
+Fixed in Apache httpd 2.0.36</title>
+<dl>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2002-1592">Warning messages could be displayed to users</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1592">CVE-2002-1592</a>
+<p>
+In some cases warning messages could get returned to end users in
+addition to being recorded in the error log. This could reveal the
+path to a CGI script for example, a minor security exposure.
+</p>
+</dd>
+<dd>
+ Issue public: 22nd April 2002<br/>
+ Update released: 8th May 2002<br/>
+</dd>
+<dd>
+ Affected:
+ 2.0.35<p/>
+</dd>
+</dl>
+</section>
+</body>
+</document>
Propchange: httpd/site/trunk/content/security/vulnerabilities_20.xml
------------------------------------------------------------------------------
svn:eol-style = native