You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by pq...@apache.org on 2006/05/01 03:32:20 UTC
svn commit: r398494 - in /httpd/site/trunk:
docs/security/vulnerabilities_13.html docs/security/vulnerabilities_20.html
docs/security/vulnerabilities_22.html xdocs/security/vulnerabilities_22.xml
Author: pquerna
Date: Sun Apr 30 18:32:18 2006
New Revision: 398494
URL: http://svn.apache.org/viewcvs?rev=398494&view=rev
Log:
rebuild all.
Modified:
httpd/site/trunk/docs/security/vulnerabilities_13.html
httpd/site/trunk/docs/security/vulnerabilities_20.html
httpd/site/trunk/docs/security/vulnerabilities_22.html
httpd/site/trunk/xdocs/security/vulnerabilities_22.xml
Modified: httpd/site/trunk/docs/security/vulnerabilities_13.html
URL: http://svn.apache.org/viewcvs/httpd/site/trunk/docs/security/vulnerabilities_13.html?rev=398494&r1=398493&r2=398494&view=diff
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities_13.html (original)
+++ httpd/site/trunk/docs/security/vulnerabilities_13.html Sun Apr 30 18:32:18 2006
@@ -78,775 +78,6 @@
</blockquote>
</td></tr>
</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="1.3.35-dev"><strong>Fixed in Apache httpd 1.3.35-dev</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2005-3352">mod_imap Referer Cross-Site Scripting</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352">CVE-2005-3352</a>
-<p>
-A flaw in mod_imap when using the Referer directive with image maps.
-In certain site configurations a remote attacker could perform a cross-site
-scripting attack if a victim can be forced to visit a malicious
-URL using certain web browsers.
-</p>
-</dd>
-<dd />
-<dd>
- Affects:
- 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="1.3.33"><strong>Fixed in Apache httpd 1.3.33</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2004-0940">mod_include overflow</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0940">CVE-2004-0940</a>
-<p>
-A buffer overflow in mod_include could allow a local user who
-is authorised to create server side include (SSI) files to gain
-the privileges of a httpd child.
-</p>
-</dd>
-<dd>
- Update Released: 28th October 2004<br />
-</dd>
-<dd>
- Affects:
- 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="1.3.32"><strong>Fixed in Apache httpd 1.3.32</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2004-0492">mod_proxy buffer overflow</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0492">CVE-2004-0492</a>
-<p>
-A buffer overflow was found in the Apache proxy module, mod_proxy, which
-can be triggered by receiving an invalid Content-Length header. In order
-to exploit this issue an attacker would need to get an Apache installation
-that was configured as a proxy to connect to a malicious site. This would
-cause the Apache child processing the request to crash, although this does
-not represent a significant Denial of Service attack as requests will
-continue to be handled by other Apache child processes. This issue may
-lead to remote arbitrary code execution on some BSD platforms.
-</p>
-</dd>
-<dd>
- Update Released: 20th October 2004<br />
-</dd>
-<dd>
- Affects:
- 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="1.3.31"><strong>Fixed in Apache httpd 1.3.31</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2004-0174">listening socket starvation</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0174">CVE-2004-0174</a>
-<p>
-A starvation issue on listening sockets occurs when a short-lived
-connection on a rarely-accessed listening socket will cause a child to
-hold the accept mutex and block out new connections until another
-connection arrives on that rarely-accessed listening socket. This
-issue is known to affect some versions of AIX, Solaris, and Tru64; it
-is known to not affect FreeBSD or Linux.
-
-</p>
-</dd>
-<dd>
- Update Released: 12th May 2004<br />
-</dd>
-<dd>
- Affects:
- 1.3.29, 1.3.28?, 1.3.27?, 1.3.26?, 1.3.24?, 1.3.22?, 1.3.20?, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p />
-</dd>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2003-0993">Allow/Deny parsing on big-endian 64-bit platforms</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0993">CVE-2003-0993</a>
-<p>
-A bug in the parsing of Allow/Deny rules using IP addresses
-without a netmask on big-endian 64-bit platforms causes the rules
-to fail to match.
-</p>
-</dd>
-<dd>
- Update Released: 12th May 2004<br />
-</dd>
-<dd>
- Affects:
- 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2003-0020">Error log escape filtering</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0020">CVE-2003-0020</a>
-<p>
-Apache does not filter terminal escape sequences from error logs,
-which could make it easier for attackers to insert those sequences
-into terminal emulators containing vulnerabilities related to escape
-sequences.
-</p>
-</dd>
-<dd>
- Update Released: 12th May 2004<br />
-</dd>
-<dd>
- Affects:
- 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2003-0987">mod_digest nonce checking</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0987">CVE-2003-0987</a>
-<p>
-
-mod_digest does not properly verify the nonce of a client response by
-using a AuthNonce secret. This could allow a malicious user who is
-able to sniff network traffic to conduct a replay attack against a
-website using Digest protection. Note that mod_digest implements an
-older version of the MD5 Digest Authentication specification which
-is known not to work with modern browsers. This issue does not affect
-mod_auth_digest.
-
-</p>
-</dd>
-<dd>
- Update Released: 12th May 2004<br />
-</dd>
-<dd>
- Affects:
- 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="1.3.29"><strong>Fixed in Apache httpd 1.3.29</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2003-0542">Local configuration regular expression overflow</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0542">CVE-2003-0542</a>
-<p>
-By using a regular expression with more than 9 captures a buffer
-overflow can occur in mod_alias or mod_rewrite. To exploit this an
-attacker would need to be able to create a carefully crafted configuration
-file (.htaccess or httpd.conf)
-</p>
-</dd>
-<dd>
- Update Released: 27th October 2003<br />
-</dd>
-<dd>
- Affects:
- 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="1.3.28"><strong>Fixed in Apache httpd 1.3.28</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2003-0460">RotateLogs DoS</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0460">CVE-2003-0460</a>
-<p>The rotatelogs support program on Win32 and OS/2 would quit logging
-and exit if it received special control characters such as 0x1A.
-</p>
-</dd>
-<dd>
- Update Released: 18th July 2003<br />
-</dd>
-<dd>
- Affects:
- 1.3.27, 1.3.26?, 1.3.24?, 1.3.22?, 1.3.20?, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="1.3.27"><strong>Fixed in Apache httpd 1.3.27</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2002-0843">Buffer overflows in ab utility</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0843">CVE-2002-0843</a>
-<p>Buffer overflows in the benchmarking utility ab could be exploited if
-ab is run against a malicious server
-</p>
-</dd>
-<dd>
- Update Released: 3rd October 2002<br />
-</dd>
-<dd>
- Affects:
- 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
-</dd>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2002-0839">Shared memory permissions lead to local privilege escalation</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0839">CVE-2002-0839</a>
-<p>The permissions of the shared memory used for the scoreboard
-allows an attacker who can execute under
-the Apache UID to send a signal to any process as root or cause a local
-denial of service attack.
-</p>
-</dd>
-<dd>
- Update Released: 3rd October 2002<br />
-</dd>
-<dd>
- Affects:
- 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2002-0840">Error page XSS using wildcard DNS</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0840">CVE-2002-0840</a>
-<p>Cross-site scripting (XSS) vulnerability in the default error page of
-Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when
-UseCanonicalName is "Off" and support for wildcard DNS is present,
-allows remote attackers to execute script as other web page visitors
-via the Host: header.</p>
-</dd>
-<dd>
- Update Released: 3rd October 2002<br />
-</dd>
-<dd>
- Affects:
- 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="1.3.26"><strong>Fixed in Apache httpd 1.3.26</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>critical: </b>
-<b>
-<name name="CVE-2002-0392">Apache Chunked encoding vulnerability</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0392">CVE-2002-0392</a>
-<p>Requests to all versions of Apache 1.3 can cause various effects
-ranging from a relatively harmless increase in
-system resources through to denial of service attacks and in some
-cases the ability to be remotely exploited.</p>
-</dd>
-<dd>
- Update Released: 18th June 2002<br />
-</dd>
-<dd>
- Affects:
- 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2003-0083">Filtered escape sequences</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0083">CVE-2003-0083</a>
-<p>
-Apache does not filter terminal escape sequences from its
-access logs, which could make it easier for attackers to insert those
-sequences into terminal emulators containing vulnerabilities related
-to escape sequences,
-</p>
-</dd>
-<dd>
- Update Released: 18th June 2002<br />
-</dd>
-<dd>
- Affects:
- 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="1.3.24"><strong>Fixed in Apache httpd 1.3.24</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>critical: </b>
-<b>
-<name name="CVE-2002-0061">Win32 Apache Remote command execution</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0061">CVE-2002-0061</a>
-<p>Apache for Win32 before 1.3.24 and 2.0.34-beta allows remote
-attackers to execute arbitrary commands via parameters passed
-to batch file CGI scripts.</p>
-</dd>
-<dd>
- Update Released: 22nd March 2002<br />
-</dd>
-<dd>
- Affects:
- 1.3.22, 1.3.20?, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="1.3.22"><strong>Fixed in Apache httpd 1.3.22</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2001-0729">Requests can cause directory listing to be displayed</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0729">CVE-2001-0729</a>
-<p>A vulnerability was found in the Win32 port of
-Apache 1.3.20. A client submitting a very long URI
-could cause a directory listing to be returned rather than
-the default index page. </p>
-</dd>
-<dd>
- Update Released: 12th October 2001<br />
-</dd>
-<dd>
- Affects:
- 1.3.20<p />
-</dd>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2001-0731">Multiviews can cause a directory listing to be displayed</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0731">CVE-2001-0731</a>
-<p>A vulnerability was found when <directive>Multiviews</directive>
- are used to negotiate the directory index. In some
- configurations, requesting a URI with a <samp>QUERY_STRING</samp> of
- <samp>M=D</samp> could
- return a directory listing rather than the expected index page.</p>
-</dd>
-<dd>
- Update Released: 12th October 2001<br />
-</dd>
-<dd>
- Affects:
- 1.3.20, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p />
-</dd>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2001-0730">split-logfile can cause arbitrary log files to be written to</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0730">CVE-2001-0730</a>
-<p>A vulnerability was found in the <samp>split-logfile</samp> support
- program. A request with a specially crafted <samp>Host:</samp>
- header could allow any file with a <samp>.log</samp> extension on
- the system to be written to. </p>
-</dd>
-<dd>
- Update Released: 12th October 2001<br />
-</dd>
-<dd>
- Affects:
- 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="1.3.20"><strong>Fixed in Apache httpd 1.3.20</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2001-1342">Denial of service attack on Win32 and OS2</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1342">CVE-2001-1342</a>
-<p>A vulnerability was found in the Win32 and OS2 ports of Apache 1.3. A
- client submitting a carefully constructed URI could cause a General
- Protection Fault in a child process, bringing up a message box which
- would have to be cleared by the operator to resume operation. This
- vulnerability introduced no identified means to compromise the server
- other than introducing a possible denial of service. </p>
-</dd>
-<dd>
- Update Released: 22nd May 2001<br />
-</dd>
-<dd>
- Affects:
- 1.3.20, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="1.3.19"><strong>Fixed in Apache httpd 1.3.19</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2001-0925">Requests can cause directory listing to be displayed</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0925">CVE-2001-0925</a>
-<p>The default installation can lead <samp>mod_negotiation</samp> and
- <samp>mod_dir</samp> or <samp>mod_autoindex</samp> to display a
- directory listing instead of the multiview index.html file if a
- very long path was created artificially by using many slashes. </p>
-</dd>
-<dd>
- Update Released: 28th February 2001<br />
-</dd>
-<dd>
- Affects:
- 1.3.17, 1.3.14, 1.3.12, 1.3.11<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="1.3.14"><strong>Fixed in Apache httpd 1.3.14</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2000-0913">Rewrite rules that include references allow access to any file</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0913">CVE-2000-0913</a>
-<p>The Rewrite module, <samp>mod_rewrite</samp>, can allow access to
- any file on the web server. The vulnerability occurs only with
- certain specific cases of using regular expression references in
- <samp>RewriteRule</samp> directives: If the destination
- of a <samp>RewriteRule</samp> contains regular expression references
- then an attacker will be able to access any file on the server.</p>
-</dd>
-<dd>
- Update Released: 13th October 2000<br />
-</dd>
-<dd>
- Affects:
- 1.3.12, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p />
-</dd>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2000-1204">Mass virtual hosting can display CGI source</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1204">CVE-2000-1204</a>
-<p>A security problem for users of the mass virtual hosting module,
- <samp>mod_vhost_alias</samp>, causes
- the source to a CGI to be sent if the <samp>cgi-bin</samp> directory is
- under the document root. However, it is not normal to have your
- cgi-bin directory under a document root.</p>
-</dd>
-<dd>
- Update Released: 13th October 2000<br />
-</dd>
-<dd>
- Affects:
- 1.3.12, 1.3.11, 1.3.9<p />
-</dd>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2000-0505">Requests can cause directory listing to be displayed on NT</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0505">CVE-2000-0505</a>
-<p>A security hole on Apache for Windows allows a user to
- view the listing of a
- directory instead of the default HTML page by sending a carefully
- constructed request.</p>
-</dd>
-<dd>
- Update Released: 13th October 2000<br />
-</dd>
-<dd>
- Affects:
- 1.3.12, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="1.3.12"><strong>Fixed in Apache httpd 1.3.12</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2000-1205">Cross-site scripting can reveal private session information</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1205">CVE-2000-1205</a>
-<p>Apache was vulnerable to cross site scripting issues.
- It was shown that malicious HTML tags can be embedded in client web
- requests if the server or script handling the request does not
- carefully encode all information displayed to
- the user. Using these vulnerabilities attackers could, for
- example, obtain copies of your private
- cookies used to authenticate
- you to other sites.</p>
-</dd>
-<dd>
- Update Released: 25th February 2000<br />
-</dd>
-<dd>
- Affects:
- 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="1.3.11"><strong>Fixed in Apache httpd 1.3.11</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2000-1206">Mass virtual hosting security issue</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1206">CVE-2000-1206</a>
-<p>A security problem can occur for sites using mass name-based virtual
-hosting (using
-the new <samp>mod_vhost_alias</samp> module) or with special
-<samp>mod_rewrite</samp> rules.
-
-<!-- Makes sure vhost alias can only be alnum, - or . -->
-
-</p>
-</dd>
-<dd>
- Update Released: 21st January 2000<br />
-</dd>
-<dd>
- Affects:
- 1.3.9, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="1.3.4"><strong>Fixed in Apache httpd 1.3.4</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="">Denial of service attack on Win32</name>
-</b>
-<p>There have been a number of important security fixes to Apache on
-Windows. The most important is that there is much better protection
-against people trying to access special DOS device names (such as
-"nul"). </p>
-</dd>
-<dd>
- Update Released: 11th January 1999<br />
-</dd>
-<dd>
- Affects:
- 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="1.3.2"><strong>Fixed in Apache httpd 1.3.2</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-1999-1199">Multiple header Denial of Service vulnerability</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1199">CVE-1999-1199</a>
-<p>A serious problem exists when a client
-sends a large number of headers with the same header name. Apache uses
-up memory faster than the amount of memory required to simply store
-the received data itself. That is, memory use increases faster and
-faster as more headers are received, rather than increasing at a
-constant rate. This makes a denial of service attack based on this
-method more effective than methods which cause Apache to use memory at
-a constant rate, since the attacker has to send less data.</p>
-</dd>
-<dd>
- Update Released: 23rd September 1998<br />
-</dd>
-<dd>
- Affects:
- 1.3.1, 1.3.0<p />
-</dd>
-<dd>
-<b>important: </b>
-<b>
-<name name="">Denial of service attacks</name>
-</b>
-<p>Apache 1.3.2 has
-better protection against denial of service attacks. These are when
-people make excessive requests to the server to try and prevent other
-people using it. In 1.3.2 there are several new directives which can
-limit the size of requests (these directives all start with the word
-<SAMP>Limit</SAMP>).
-</p>
-</dd>
-<dd>
- Update Released: 23rd September 1998<br />
-</dd>
-<dd>
- Affects:
- 1.3.1, 1.3.0<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
</td>
</tr>
<!-- FOOTER -->
Modified: httpd/site/trunk/docs/security/vulnerabilities_20.html
URL: http://svn.apache.org/viewcvs/httpd/site/trunk/docs/security/vulnerabilities_20.html?rev=398494&r1=398493&r2=398494&view=diff
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities_20.html (original)
+++ httpd/site/trunk/docs/security/vulnerabilities_20.html Sun Apr 30 18:32:18 2006
@@ -78,1048 +78,6 @@
</blockquote>
</td></tr>
</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="2.0.56-dev"><strong>Fixed in Apache httpd 2.0.56-dev</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2005-3357">mod_ssl access control DoS</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3357">CVE-2005-3357</a>
-<p>
-A NULL pointer dereference flaw in mod_ssl was discovered affecting server
-configurations where an SSL virtual host is configured with access control
-and a custom 400 error document. A remote attacker could send a carefully
-crafted request to trigger this issue which would lead to a crash. This
-crash would only be a denial of service if using the worker MPM.
-</p>
-</dd>
-<dd />
-<dd>
- Affects:
- 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
-</dd>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2005-3352">mod_imap Referer Cross-Site Scripting</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352">CVE-2005-3352</a>
-<p>
-A flaw in mod_imap when using the Referer directive with image maps.
-In certain site configurations a remote attacker could perform a cross-site
-scripting attack if a victim can be forced to visit a malicious
-URL using certain web browsers.
-</p>
-</dd>
-<dd />
-<dd>
- Affects:
- 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="2.0.55"><strong>Fixed in Apache httpd 2.0.55</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2005-2700">SSLVerifyClient bypass</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2700">CVE-2005-2700</a>
-<p>
-A flaw in the mod_ssl handling of the "SSLVerifyClient"
-directive. This flaw would occur if a virtual host has been configured
-using "SSLVerifyClient optional" and further a directive "SSLVerifyClient
-required" is set for a specific location. For servers configured in this
-fashion, an attacker may be able to access resources that should otherwise
-be protected, by not supplying a client certificate when connecting.
-</p>
-</dd>
-<dd>
- Update Released: 14th October 2005<br />
-</dd>
-<dd>
- Affects:
- 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2005-2970">Worker MPM memory leak</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2970">CVE-2005-2970</a>
-<p>
-A memory leak in the worker MPM would allow remote attackers to cause
-a denial of service (memory consumption) via aborted connections,
-which prevents the memory for the transaction pool from being reused
-for other connections. This issue was downgraded in severity to low
-(from moderate) as sucessful exploitation of the race condition would
-be difficult.
-</p>
-</dd>
-<dd>
- Update Released: 14th October 2005<br />
-</dd>
-<dd>
- Affects:
- 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36<p />
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2005-2491">PCRE overflow</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2491">CVE-2005-2491</a>
-<p>
-An integer overflow flaw was found in PCRE, a Perl-compatible regular
-expression library included within httpd. A local user who has the
-ability to create .htaccess files could create a maliciously crafted
-regular expression in such as way that they could gain the privileges
-of a httpd child.
-</p>
-</dd>
-<dd>
- Update Released: 14th October 2005<br />
-</dd>
-<dd>
- Affects:
- 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2005-1268">Malicious CRL off-by-one</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1268">CVE-2005-1268</a>
-<p>
-An off-by-one stack overflow was discovered in the mod_ssl CRL
-verification callback. In order to exploit this issue the Apache
-server would need to be configured to use a malicious certificate
-revocation list (CRL)
-</p>
-</dd>
-<dd>
- Update Released: 14th October 2005<br />
-</dd>
-<dd>
- Affects:
- 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
-</dd>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2005-2728">Byterange filter DoS</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2728">CVE-2005-2728</a>
-<p>
-A flaw in the byterange filter would cause some responses to be buffered
-into memory. If a server has a dynamic resource such as a CGI
-script or PHP script which generates a large amount of data, an attacker
-could send carefully crafted requests in order to consume resources,
-potentially leading to a Denial of Service.
-</p>
-</dd>
-<dd>
- Update Released: 14th October 2005<br />
-</dd>
-<dd>
- Affects:
- 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
-</dd>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2005-2088">HTTP Request Spoofing</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2088">CVE-2005-2088</a>
-<p>
-A flaw occured when using the Apache server as a HTTP proxy. A remote
-attacker could send a HTTP request with both a "Transfer-Encoding:
-chunked" header and a Content-Length header, causing Apache to
-incorrectly handle and forward the body of the request in a way that
-causes the receiving server to process it as a separate HTTP request.
-This could allow the bypass of web application firewall protection or
-lead to cross-site scripting (XSS) attacks.
-</p>
-</dd>
-<dd>
- Update Released: 14th October 2005<br />
-</dd>
-<dd>
- Affects:
- 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="2.0.53"><strong>Fixed in Apache httpd 2.0.53</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2004-0942">Memory consumption DoS</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0942">CVE-2004-0942</a>
-<p>
-An issue was discovered where the field length limit was not enforced
-for certain malicious requests. This could allow a remote attacker who
-is able to send large amounts of data to a server the ability to cause
-Apache children to consume proportional amounts of memory, leading to
-a denial of service.
-</p>
-</dd>
-<dd>
- Update Released: 8th February 2005<br />
-</dd>
-<dd>
- Affects:
- 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2004-1834">mod_disk_cache stores sensitive headers</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1834">CVE-2004-1834</a>
-<p>
-The experimental mod_disk_cache module stored client authentication
-credentials for cached objects such as proxy authentication credentials
-and Basic Authentication passwords on disk.
-</p>
-</dd>
-<dd>
- Update Released: 8th February 2005<br />
-</dd>
-<dd>
- Affects:
- 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
-</dd>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2004-0885">SSLCipherSuite bypass</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0885">CVE-2004-0885</a>
-<p>
-An issue has been discovered in the mod_ssl module when configured to use
-the "SSLCipherSuite" directive in directory or location context. If a
-particular location context has been configured to require a specific set
-of cipher suites, then a client will be able to access that location using
-any cipher suite allowed by the virtual host configuration.
-</p>
-</dd>
-<dd>
- Update Released: 8th February 2005<br />
-</dd>
-<dd>
- Affects:
- 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="2.0.52"><strong>Fixed in Apache httpd 2.0.52</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2004-0811">Basic authentication bypass</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0811">CVE-2004-0811</a>
-<p>
-A flaw in Apache 2.0.51 (only) broke the merging of the Satisfy
-directive which could result in access being granted to
-resources despite any configured authentication
-</p>
-</dd>
-<dd>
- Update Released: 28th September 2004<br />
-</dd>
-<dd>
- Affects:
- 2.0.51<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="2.0.51"><strong>Fixed in Apache httpd 2.0.51</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>critical: </b>
-<b>
-<name name="CVE-2004-0786">IPv6 URI parsing heap overflow</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0786">CVE-2004-0786</a>
-<p>
-Testing using the Codenomicon HTTP Test Tool performed by the Apache
-Software Foundation security group and Red Hat uncovered an input
-validation issue in the IPv6 URI parsing routines in the apr-util library.
-If a remote attacker sent a request including a carefully crafted URI, an
-httpd child process could be made to crash. One some BSD systems it
-is believed this flaw may be able to lead to remote code execution.
-</p>
-</dd>
-<dd>
- Update Released: 15th September 2004<br />
-</dd>
-<dd>
- Affects:
- 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
-</dd>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2004-0748">SSL connection infinite loop</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0748">CVE-2004-0748</a>
-<p>
-An issue was discovered in the mod_ssl module in Apache 2.0.
-A remote attacker who forces an SSL connection to
-be aborted in a particular state may cause an Apache child process to
-enter an infinite loop, consuming CPU resources.
-</p>
-</dd>
-<dd>
- Update Released: 15th September 2004<br />
-</dd>
-<dd>
- Affects:
- 2.0.50, 2.0.49?, 2.0.48?, 2.0.47?, 2.0.46?, 2.0.45?, 2.0.44?, 2.0.43?, 2.0.42?, 2.0.40?, 2.0.39?, 2.0.37?, 2.0.36?, 2.0.35?<p />
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2004-0747">Environment variable expansion flaw</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0747">CVE-2004-0747</a>
-<p>
-The Swedish IT Incident Centre (SITIC) reported a buffer overflow in the
-expansion of environment variables during configuration file parsing. This
-issue could allow a local user to gain the privileges of a httpd
-child if a server can be forced to parse a carefully crafted .htaccess file
-written by a local user.
-</p>
-</dd>
-<dd>
- Update Released: 15th September 2004<br />
-</dd>
-<dd>
- Affects:
- 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2004-0751">Malicious SSL proxy can cause crash</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0751">CVE-2004-0751</a>
-<p>
-An issue was discovered in the mod_ssl module in Apache 2.0.44-2.0.50
-which could be triggered if
-the server is configured to allow proxying to a remote SSL server. A
-malicious remote SSL server could force an httpd child process to crash by
-sending a carefully crafted response header. This issue is not believed to
-allow execution of arbitrary code and will only result in a denial
-of service where a threaded process model is in use.
-</p>
-</dd>
-<dd>
- Update Released: 15th September 2004<br />
-</dd>
-<dd>
- Affects:
- 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44<p />
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2004-0809">WebDAV remote crash</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0809">CVE-2004-0809</a>
-<p>
-An issue was discovered in the mod_dav module which could be triggered
-for a location where WebDAV authoring access has been configured. A
-malicious remote client which is authorized to use the LOCK method
-could force an httpd child process to crash by sending a particular
-sequence of LOCK requests. This issue does not allow execution of
-arbitrary code. and will only result in a denial of service where a
-threaded process model is in use.
-</p>
-</dd>
-<dd>
- Update Released: 15th September 2004<br />
-</dd>
-<dd>
- Affects:
- 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="2.0.50"><strong>Fixed in Apache httpd 2.0.50</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2004-0493">Header parsing memory leak</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0493">CVE-2004-0493</a>
-<p>
-A memory leak in parsing of HTTP headers which can be triggered
-remotely may allow a denial of service attack due to excessive memory
-consumption.
-</p>
-</dd>
-<dd>
- Update Released: 1st July 2004<br />
-</dd>
-<dd>
- Affects:
- 2.0.49, 2.0.48?, 2.0.47?, 2.0.46?, 2.0.45?, 2.0.44?, 2.0.43?, 2.0.42?, 2.0.40?, 2.0.39?, 2.0.37?, 2.0.36?, 2.0.35?<p />
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2004-0488">FakeBasicAuth overflow</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0488">CVE-2004-0488</a>
-<p>
-A buffer overflow in the mod_ssl FakeBasicAuth code could be exploited
-by an attacker using a (trusted) client certificate with a subject DN
-field which exceeds 6K in length.
-</p>
-</dd>
-<dd>
- Update Released: 1st July 2004<br />
-</dd>
-<dd>
- Affects:
- 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="2.0.49"><strong>Fixed in Apache httpd 2.0.49</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2004-0174">listening socket starvation</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0174">CVE-2004-0174</a>
-<p>
-A starvation issue on listening sockets occurs when a short-lived
-connection on a rarely-accessed listening socket will cause a child to
-hold the accept mutex and block out new connections until another
-connection arrives on that rarely-accessed listening socket. This
-issue is known to affect some versions of AIX, Solaris, and Tru64; it
-is known to not affect FreeBSD or Linux.
-
-</p>
-</dd>
-<dd>
- Update Released: 19th March 2004<br />
-</dd>
-<dd>
- Affects:
- 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
-</dd>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2004-0113">mod_ssl memory leak</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0113">CVE-2004-0113</a>
-<p>
-A memory leak in mod_ssl allows a remote denial of service attack
-against an SSL-enabled server by sending plain HTTP requests to the
-SSL port.
-</p>
-</dd>
-<dd>
- Update Released: 19th March 2004<br />
-</dd>
-<dd>
- Affects:
- 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2003-0020">Error log escape filtering</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0020">CVE-2003-0020</a>
-<p>
-Apache does not filter terminal escape sequences from error logs,
-which could make it easier for attackers to insert those sequences
-into terminal emulators containing vulnerabilities related to escape
-sequences.
-</p>
-</dd>
-<dd>
- Update Released: 19th March 2004<br />
-</dd>
-<dd>
- Affects:
- 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="2.0.48"><strong>Fixed in Apache httpd 2.0.48</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2003-0542">Local configuration regular expression overflow</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0542">CVE-2003-0542</a>
-<p>
-By using a regular expression with more than 9 captures a buffer
-overflow can occur in mod_alias or mod_rewrite. To exploit this an
-attacker would need to be able to create a carefully crafted configuration
-file (.htaccess or httpd.conf)
-</p>
-</dd>
-<dd>
- Update Released: 27th October 2003<br />
-</dd>
-<dd>
- Affects:
- 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
-</dd>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2003-0789">CGI output information leak</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0789">CVE-2003-0789</a>
-<p>
-A bug in mod_cgid mishandling of CGI redirect paths can result in
-CGI output going to the wrong client when a threaded MPM
-is used.
-</p>
-</dd>
-<dd>
- Update Released: 27th October 2003<br />
-</dd>
-<dd>
- Affects:
- 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="2.0.47"><strong>Fixed in Apache httpd 2.0.47</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2003-0253">Remote DoS with multiple Listen directives</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0253">CVE-2003-0253</a>
-<p>
-In a server with multiple listening sockets a certain error returned
-by accept() on a rarely access port can cause a temporary denial of
-service, due to a bug in the prefork MPM.
-</p>
-</dd>
-<dd>
- Update Released: 9th July 2003<br />
-</dd>
-<dd>
- Affects:
- 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2003-0192">mod_ssl renegotiation issue</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0192">CVE-2003-0192</a>
-<p>
-A bug in the optional renegotiation code in mod_ssl included with
-Apache httpd can cause cipher suite restrictions to be ignored.
-This is triggered if optional renegotiation is used (SSLOptions
-+OptRenegotiate) along with verification of client certificates
-and a change to the cipher suite over the renegotiation.
-</p>
-</dd>
-<dd>
- Update Released: 9th July 2003<br />
-</dd>
-<dd>
- Affects:
- 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
-</dd>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2003-0254">Remote DoS via IPv6 ftp proxy</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0254">CVE-2003-0254</a>
-<p>
-When a client requests that proxy ftp connect to a ftp server with
-IPv6 address, and the proxy is unable to create an IPv6 socket,
-an infinite loop occurs causing a remote Denial of Service.
-</p>
-</dd>
-<dd>
- Update Released: 9th July 2003<br />
-</dd>
-<dd>
- Affects:
- 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="2.0.46"><strong>Fixed in Apache httpd 2.0.46</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>critical: </b>
-<b>
-<name name="CVE-2003-0245">APR remote crash</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0245">CVE-2003-0245</a>
-<p>
-A vulnerability in the apr_psprintf function in the Apache Portable
-Runtime (APR) library allows remote
-attackers to cause a denial of service (crash) and possibly execute
-arbitrary code via long strings, as demonstrated using XML objects to
-mod_dav, and possibly other vectors.
-</p>
-</dd>
-<dd>
- Update Released: 28th May 2003<br />
-</dd>
-<dd>
- Affects:
- 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37<p />
-</dd>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2003-0189">Basic Authentication DoS</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0189">CVE-2003-0189</a>
-<p>
-A build system problem in Apache 2.0.40 through 2.0.45 allows remote attackers
-to cause a denial of access to authenticated content when a threaded
-server is used.
-</p>
-</dd>
-<dd>
- Update Released: 28th May 2003<br />
-</dd>
-<dd>
- Affects:
- 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40<p />
-</dd>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2003-0134">OS2 device name DoS</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0134">CVE-2003-0134</a>
-<p>
-Apache on OS2 up to and including Apache 2.0.45
-have a Denial of Service vulnerability caused by
-device names.
-</p>
-</dd>
-<dd>
- Update Released: 28th May 2003<br />
-</dd>
-<dd>
- Affects:
- 2.0.45, 2.0.44?, 2.0.43?, 2.0.42?, 2.0.40?, 2.0.39?, 2.0.37?, 2.0.36?, 2.0.35?<p />
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2003-0083">Filtered escape sequences</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0083">CVE-2003-0083</a>
-<p>
-Apache did not filter terminal escape sequences from its
-access logs, which could make it easier for attackers to insert those
-sequences into terminal emulators containing vulnerabilities related
-to escape sequences.
-</p>
-</dd>
-<dd>
- Update Released: 2nd April 2004<br />
-</dd>
-<dd>
- Affects:
- 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="2.0.45"><strong>Fixed in Apache httpd 2.0.45</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2003-0132">Line feed memory leak DoS</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0132">CVE-2003-0132</a>
-<p>
-Apache 2.0 versions before Apache 2.0.45 had a significant Denial of
-Service vulnerability. Remote attackers could cause a denial of service
-(memory consumption) via large chunks of linefeed characters, which
-causes Apache to allocate 80 bytes for each linefeed.
-</p>
-</dd>
-<dd>
- Update Released: 2nd April 2004<br />
-</dd>
-<dd>
- Affects:
- 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="2.0.44"><strong>Fixed in Apache httpd 2.0.44</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>critical: </b>
-<b>
-<name name="CVE-2003-0016">MS-DOS device name filtering</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0016">CVE-2003-0016</a>
-<p>On Windows platforms Apache did not
-correctly filter MS-DOS device names which
-could lead to denial of service attacks or remote code execution.
-</p>
-</dd>
-<dd>
- Update Released: 20th January 2003<br />
-</dd>
-<dd>
- Affects:
- 2.0.43, 2.0.42?, 2.0.40?, 2.0.39?, 2.0.37?, 2.0.36?, 2.0.35?<p />
-</dd>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2003-0017">Apache can serve unexpected files</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0017">CVE-2003-0017</a>
-<p>
-On Windows platforms Apache could be forced to serve unexpected files
-by appending illegal characters such as '<' to the request URL
-</p>
-</dd>
-<dd>
- Update Released: 20th January 2003<br />
-</dd>
-<dd>
- Affects:
- 2.0.43, 2.0.42?, 2.0.40?, 2.0.39?, 2.0.37?, 2.0.36?, 2.0.35?<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="2.0.43"><strong>Fixed in Apache httpd 2.0.43</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2002-0840">Error page XSS using wildcard DNS</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0840">CVE-2002-0840</a>
-<p>Cross-site scripting (XSS) vulnerability in the default error page of
-Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when
-UseCanonicalName is "Off" and support for wildcard DNS is present,
-allows remote attackers to execute script as other web page visitors
-via the Host: header.</p>
-</dd>
-<dd>
- Update Released: 3rd October 2002<br />
-</dd>
-<dd>
- Affects:
- 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
-</dd>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2002-1156">CGI scripts source revealed using WebDAV</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1156">CVE-2002-1156</a>
-<p>In Apache 2.0.42 only, for a location where both WebDAV and CGI were
-enabled, a POST request to a CGI script would reveal the CGI source to
-a remote user. </p>
-</dd>
-<dd>
- Update Released: 3rd October 2002<br />
-</dd>
-<dd>
- Affects:
- 2.0.42<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="2.0.42"><strong>Fixed in Apache httpd 2.0.42</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2002-1593">mod_dav crash</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1593">CVE-2002-1593</a>
-<p>
-A flaw was found in handling of versioning hooks in mod_dav. An attacker
-could send a carefully crafted request in such a way to cause the child
-process handling the connection to crash. This issue will only result
-in a denial of service where a threaded process model is in use.
-</p>
-</dd>
-<dd>
- Update Released: 24th September 2002<br />
-</dd>
-<dd>
- Affects:
- 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="2.0.40"><strong>Fixed in Apache httpd 2.0.40</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2002-0661">Path vulnerability</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0661">CVE-2002-0661</a>
-<p>Certain URIs would bypass security
-and allow users to invoke or access any file depending on the system
-configuration. Affects Windows, OS2, Netware and Cygwin platforms
-only.</p>
-</dd>
-<dd>
- Update Released: 9th August 2002<br />
-</dd>
-<dd>
- Affects:
- 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2002-0654">Path revealing exposures</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0654">CVE-2002-0654</a>
-<p>A path-revealing exposure was present in multiview type
-map negotiation (such as the default error documents) where a
-module would report the full path of the typemapped .var file when
-multiple documents or no documents could be served.
-Additionally a path-revealing exposure in cgi/cgid when Apache
-fails to invoke a script. The modules would report "couldn't create
-child process /path-to-script/script.pl" revealing the full path
-of the script.</p>
-</dd>
-<dd>
- Update Released: 9th August 2002<br />
-</dd>
-<dd>
- Affects:
- 2.0.39, 2.0.37?, 2.0.36?, 2.0.35?<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="2.0.37"><strong>Fixed in Apache httpd 2.0.37</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>critical: </b>
-<b>
-<name name="CVE-2002-0392">Apache Chunked encoding vulnerability</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0392">CVE-2002-0392</a>
-<p>Malicious requests can cause various effects
-ranging from a relatively harmless increase in
-system resources through to denial of service attacks and in some
-cases the ability to execute arbitrary remote code.</p>
-</dd>
-<dd>
- Update Released: 18th June 2002<br />
-</dd>
-<dd>
- Affects:
- 2.0.36, 2.0.35<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="2.0.36"><strong>Fixed in Apache httpd 2.0.36</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2002-1592">Warning messages could be displayed to users</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1592">CVE-2002-1592</a>
-<p>
-In some cases warning messages could get returned to end users in
-addition to being recorded in the error log. This could reveal the
-path to a CGI script for example, a minor security exposure.
-</p>
-</dd>
-<dd>
- Update Released: 8th May 2002<br />
-</dd>
-<dd>
- Affects:
- 2.0.35<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
</td>
</tr>
<!-- FOOTER -->
Modified: httpd/site/trunk/docs/security/vulnerabilities_22.html
URL: http://svn.apache.org/viewcvs/httpd/site/trunk/docs/security/vulnerabilities_22.html?rev=398494&r1=398493&r2=398494&view=diff
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities_22.html (original)
+++ httpd/site/trunk/docs/security/vulnerabilities_22.html Sun Apr 30 18:32:18 2006
@@ -78,37 +78,6 @@
</blockquote>
</td></tr>
</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="2.2.1-dev"><strong>Fixed in Apache httpd 2.2.1-dev</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2005-3352">mod_imap Referer Cross-Site Scripting</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352">CVE-2005-3352</a>
-<p>
-A flaw in mod_imap when using the Referer directive with image maps.
-In certain site configurations a remote attacker could perform a cross-site
-scripting attack if a victim can be forced to visit a malicious
-URL using certain web browsers.
-</p>
-</dd>
-<dd />
-<dd>
- Affects:
- 2.2.0<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
</td>
</tr>
<!-- FOOTER -->
Modified: httpd/site/trunk/xdocs/security/vulnerabilities_22.xml
URL: http://svn.apache.org/viewcvs/httpd/site/trunk/xdocs/security/vulnerabilities_22.xml?rev=398494&r1=398493&r2=398494&view=diff
==============================================================================
--- httpd/site/trunk/xdocs/security/vulnerabilities_22.xml (original)
+++ httpd/site/trunk/xdocs/security/vulnerabilities_22.xml Sun Apr 30 18:32:18 2006
@@ -19,28 +19,5 @@
these vulnerabilities to the <a href="/security_report.html">Security
Team</a>. </p>
</section>
-<section id="2.2.1-dev">
-<title>Fixed in Apache httpd 2.2.1-dev</title>
-<dl>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2005-3352">mod_imap Referer Cross-Site Scripting</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352">CVE-2005-3352</a>
-<p>
-A flaw in mod_imap when using the Referer directive with image maps.
-In certain site configurations a remote attacker could perform a cross-site
-scripting attack if a victim can be forced to visit a malicious
-URL using certain web browsers.
-</p>
-</dd>
-<dd/>
-<dd>
- Affects:
- 2.2.0<p/>
-</dd>
-</dl>
-</section>
</body>
</document>
Re: svn commit: r398494 - in /httpd/site/trunk: docs/security/vulnerabilities_13.html
docs/security/vulnerabilities_20.html docs/security/vulnerabilities_22.html
xdocs/security/vulnerabilities_22.xml
Posted by Paul Querna <ch...@force-elite.com>.
Mark J Cox wrote:
>> This killed the list of vulnerabilities for all versions. Was this intended?
>> And if yes, where can they be found now?
>
> Must be someone with bad java foo, fixing.
>
Er. ya. It wasn't my intention to break stuff, I just ran build.sh and
it kept saying it wanted to do this....
java version "1.5.0_06"
Intel Mac.
How could a version of java change the behavior of the site build stuff?
-Paul
Re: svn commit: r398494 - in /httpd/site/trunk:
docs/security/vulnerabilities_13.html docs/security/vulnerabilities_20.html
docs/security/vulnerabilities_22.html xdocs/security/vulnerabilities_22.xml
Posted by Mark J Cox <ma...@awe.com>.
> This killed the list of vulnerabilities for all versions. Was this intended?
> And if yes, where can they be found now?
Must be someone with bad java foo, fixing.
Mark
--
Mark J Cox | www.awe.com/mark
Re: svn commit: r398494 - in /httpd/site/trunk: docs/security/vulnerabilities_13.html
docs/security/vulnerabilities_20.html docs/security/vulnerabilities_22.html
xdocs/security/vulnerabilities_22.xml
Posted by Ruediger Pluem <rp...@apache.org>.
On 05/01/2006 03:32 AM, pquerna@apache.org wrote:
> Author: pquerna
> Date: Sun Apr 30 18:32:18 2006
> New Revision: 398494
>
> URL: http://svn.apache.org/viewcvs?rev=398494&view=rev
> Log:
> rebuild all.
>
> Modified:
> httpd/site/trunk/docs/security/vulnerabilities_13.html
> httpd/site/trunk/docs/security/vulnerabilities_20.html
> httpd/site/trunk/docs/security/vulnerabilities_22.html
> httpd/site/trunk/xdocs/security/vulnerabilities_22.xml
This killed the list of vulnerabilities for all versions. Was this intended?
And if yes, where can they be found now?
Anyway, many thanks for doing this release work :-).
Regards
Rüdiger