You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by bu...@apache.org on 2017/07/26 16:30:54 UTC
svn commit: r1015998 - in /websites/staging/httpd/trunk/content: ./
security/vulnerabilities-httpd.page/securitydb.xsl
security/vulnerabilities_22.html security/vulnerabilities_24.html
Author: buildbot
Date: Wed Jul 26 16:30:54 2017
New Revision: 1015998
Log:
Staging update by buildbot for httpd
Modified:
websites/staging/httpd/trunk/content/ (props changed)
websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.page/securitydb.xsl
websites/staging/httpd/trunk/content/security/vulnerabilities_22.html
websites/staging/httpd/trunk/content/security/vulnerabilities_24.html
Propchange: websites/staging/httpd/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Wed Jul 26 16:30:54 2017
@@ -1 +1 @@
-1802599
+1803072
Modified: websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.page/securitydb.xsl
==============================================================================
Binary files - no diff available.
Modified: websites/staging/httpd/trunk/content/security/vulnerabilities_22.html
==============================================================================
--- websites/staging/httpd/trunk/content/security/vulnerabilities_22.html (original)
+++ websites/staging/httpd/trunk/content/security/vulnerabilities_22.html Wed Jul 26 16:30:54 2017
@@ -111,6 +111,7 @@ Fixed in Apache httpd 2.2.34</h1><dl>
<dd>
<b>important: </b>
<b>
+ <a name="CVE-2017-9788"/>
<name name="CVE-2017-9788">Uninitialized memory reflection in mod_auth_digest</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9788">CVE-2017-9788</a>
@@ -143,6 +144,7 @@ We would like to thank Robert ÅwiÄ
<dd>
<b>important: </b>
<b>
+ <a name="CVE-2017-3167"/>
<name name="CVE-2017-3167">ap_get_basic_auth_pw() Authentication Bypass</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167">CVE-2017-3167</a>
@@ -175,6 +177,7 @@ We would like to thank Emmanuel Dreyfus
<dd>
<b>important: </b>
<b>
+ <a name="CVE-2017-3169"/>
<name name="CVE-2017-3169">mod_ssl Null Pointer Dereference</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169">CVE-2017-3169</a>
@@ -200,6 +203,7 @@ reporting this issue.
<dd>
<b>important: </b>
<b>
+ <a name="CVE-2017-7668"/>
<name name="CVE-2017-7668">ap_find_token() Buffer Overread</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668">CVE-2017-7668</a>
@@ -228,6 +232,7 @@ issue.
<dd>
<b>important: </b>
<b>
+ <a name="CVE-2017-7679"/>
<name name="CVE-2017-7679">mod_mime Buffer Overread</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679">CVE-2017-7679</a>
@@ -254,6 +259,7 @@ Fixed in Apache httpd 2.2.32</h1><dl>
<dd>
<b>important: </b>
<b>
+ <a name="CVE-2016-8743"/>
<name name="CVE-2016-8743">Apache HTTP Request Parsing Whitespace Defects</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743">CVE-2016-8743</a>
@@ -323,6 +329,7 @@ as well as Régis Leroy for each repor
<dd>
<b>n/a: </b>
<b>
+ <a name="CVE-2016-5387"/>
<name name="CVE-2016-5387">HTTP_PROXY environment variable "httpoxy" mitigation</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5387">CVE-2016-5387</a>
@@ -357,6 +364,7 @@ Fixed in Apache httpd 2.2.31</h1><dl>
<dd>
<b>low: </b>
<b>
+ <a name="CVE-2015-3183"/>
<name name="CVE-2015-3183">HTTP request smuggling attack against chunked request parser</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3183">CVE-2015-3183</a>
@@ -387,6 +395,7 @@ Fixed in Apache httpd 2.2.29</h1><dl>
<dd>
<b>important: </b>
<b>
+ <a name="CVE-2014-0231"/>
<name name="CVE-2014-0231">mod_cgid denial of service</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0231">CVE-2014-0231</a>
@@ -413,6 +422,7 @@ This issue was reported by Rainer Jung o
<dd>
<b>low: </b>
<b>
+ <a name="CVE-2013-5704"/>
<name name="CVE-2013-5704">HTTP Trailers processing bypass</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5704">CVE-2013-5704</a>
@@ -439,6 +449,7 @@ This issue was reported by Martin Holst
<dd>
<b>moderate: </b>
<b>
+ <a name="CVE-2014-0118"/>
<name name="CVE-2014-0118">mod_deflate denial of service</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0118">CVE-2014-0118</a>
@@ -466,6 +477,7 @@ This issue was reported by Giancarlo Pel
<dd>
<b>moderate: </b>
<b>
+ <a name="CVE-2014-0226"/>
<name name="CVE-2014-0226">mod_status buffer overflow</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0226">CVE-2014-0226</a>
@@ -496,6 +508,7 @@ Fixed in Apache httpd 2.2.27</h1><dl>
<dd>
<b>low: </b>
<b>
+ <a name="CVE-2014-0098"/>
<name name="CVE-2014-0098">mod_log_config crash</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0098">CVE-2014-0098</a>
@@ -521,6 +534,7 @@ This issue was reported by Rainer M Cana
<dd>
<b>moderate: </b>
<b>
+ <a name="CVE-2013-6438"/>
<name name="CVE-2013-6438">mod_dav crash</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6438">CVE-2013-6438</a>
@@ -549,6 +563,7 @@ Fixed in Apache httpd 2.2.25</h1><dl>
<dd>
<b>low: </b>
<b>
+ <a name="CVE-2013-1862"/>
<name name="CVE-2013-1862">mod_rewrite log escape filtering</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1862">CVE-2013-1862</a>
@@ -575,6 +590,7 @@ This issue was reported by Ramiro Molina
<dd>
<b>moderate: </b>
<b>
+ <a name="CVE-2013-1896"/>
<name name="CVE-2013-1896">mod_dav crash</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1896">CVE-2013-1896</a>
@@ -602,6 +618,7 @@ Fixed in Apache httpd 2.2.24</h1><dl>
<dd>
<b>low: </b>
<b>
+ <a name="CVE-2012-3499"/>
<name name="CVE-2012-3499">XSS due to unescaped hostnames</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3499">CVE-2012-3499</a>
@@ -626,6 +643,7 @@ This issue was reported by Niels Heinen
<dd>
<b>moderate: </b>
<b>
+ <a name="CVE-2012-4558"/>
<name name="CVE-2012-4558">XSS in mod_proxy_balancer</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4558">CVE-2012-4558</a>
@@ -651,6 +669,7 @@ Fixed in Apache httpd 2.2.23</h1><dl>
<dd>
<b>low: </b>
<b>
+ <a name="CVE-2012-2687"/>
<name name="CVE-2012-2687">XSS in mod_negotiation when untrusted uploads are supported</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2687">CVE-2012-2687</a>
@@ -671,6 +690,7 @@ untrusted uploads to locations which hav
<dd>
<b>low: </b>
<b>
+ <a name="CVE-2012-0883"/>
<name name="CVE-2012-0883">insecure LD_LIBRARY_PATH handling</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0883">CVE-2012-0883</a>
@@ -694,6 +714,7 @@ Fixed in Apache httpd 2.2.22</h1><dl>
<dd>
<b>low: </b>
<b>
+ <a name="CVE-2012-4557"/>
<name name="CVE-2012-4557">mod_proxy_ajp remote DoS</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4557">CVE-2012-4557</a>
@@ -716,6 +737,7 @@ temporary denial of service.</p>
<dd>
<b>low: </b>
<b>
+ <a name="CVE-2011-3607"/>
<name name="CVE-2011-3607">mod_setenvif .htaccess privilege escalation</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3607">CVE-2011-3607</a>
@@ -741,6 +763,7 @@ This issue was reported by halfdog
<dd>
<b>low: </b>
<b>
+ <a name="CVE-2012-0021"/>
<name name="CVE-2012-0021">mod_log_config crash</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0021">CVE-2012-0021</a>
@@ -761,6 +784,7 @@ This crash would only be a denial of ser
<dd>
<b>low: </b>
<b>
+ <a name="CVE-2012-0031"/>
<name name="CVE-2012-0031">scoreboard parent DoS</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0031">CVE-2012-0031</a>
@@ -786,6 +810,7 @@ This issue was reported by halfdog
<dd>
<b>moderate: </b>
<b>
+ <a name="CVE-2011-4317"/>
<name name="CVE-2011-4317">mod_proxy reverse proxy exposure </name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317">CVE-2011-4317</a>
@@ -814,6 +839,7 @@ This issue was reported by Prutha Parikh
<dd>
<b>moderate: </b>
<b>
+ <a name="CVE-2012-0053"/>
<name name="CVE-2012-0053">error responses can expose cookies</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0053">CVE-2012-0053</a>
@@ -839,6 +865,7 @@ This issue was reported by Norman Hipper
<dd>
<b>moderate: </b>
<b>
+ <a name="CVE-2011-3368"/>
<name name="CVE-2011-3368">mod_proxy reverse proxy exposure</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368">CVE-2011-3368</a>
@@ -868,6 +895,7 @@ Fixed in Apache httpd 2.2.21</h1><dl>
<dd>
<b>moderate: </b>
<b>
+ <a name="CVE-2011-3348"/>
<name name="CVE-2011-3348">mod_proxy_ajp remote DoS</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3348">CVE-2011-3348</a>
@@ -891,6 +919,7 @@ Fixed in Apache httpd 2.2.20</h1><dl>
<dd>
<b>important: </b>
<b>
+ <a name="CVE-2011-3192"/>
<name name="CVE-2011-3192">Range header remote DoS</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192">CVE-2011-3192</a>
@@ -916,6 +945,7 @@ Fixed in Apache httpd 2.2.19</h1><dl>
<dd>
<b>moderate: </b>
<b>
+ <a name="CVE-2011-0419"/>
<name name="CVE-2011-0419">apr_fnmatch flaw leads to mod_autoindex remote DoS</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0419">CVE-2011-0419</a>
@@ -954,6 +984,7 @@ Fixed in Apache httpd 2.2.17</h1><dl>
<dd>
<b>low: </b>
<b>
+ <a name="CVE-2009-3720"/>
<name name="CVE-2009-3720">expat DoS</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720">CVE-2009-3720</a>
@@ -976,6 +1007,7 @@ be a denial of service if using the work
<dd>
<b>low: </b>
<b>
+ <a name="CVE-2009-3560"/>
<name name="CVE-2009-3560">expat DoS</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560">CVE-2009-3560</a>
@@ -998,6 +1030,7 @@ be a denial of service if using the work
<dd>
<b>low: </b>
<b>
+ <a name="CVE-2010-1623"/>
<name name="CVE-2010-1623">apr_bridage_split_line DoS</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1623">CVE-2010-1623</a>
@@ -1022,6 +1055,7 @@ Fixed in Apache httpd 2.2.16</h1><dl>
<dd>
<b>important: </b>
<b>
+ <a name="CVE-2010-2068"/>
<name name="CVE-2010-2068">Timeout detection flaw (mod_proxy_http)</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2068">CVE-2010-2068</a>
@@ -1060,6 +1094,7 @@ reporting of this issue.
<dd>
<b>low: </b>
<b>
+ <a name="CVE-2010-1452"/>
<name name="CVE-2010-1452">mod_cache and mod_dav DoS</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1452">CVE-2010-1452</a>
@@ -1092,6 +1127,7 @@ Fixed in Apache httpd 2.2.15</h1><dl>
<dd>
<b>important: </b>
<b>
+ <a name="CVE-2010-0425"/>
<name name="CVE-2010-0425">mod_isapi module unload flaw</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0425">CVE-2010-0425</a>
@@ -1121,6 +1157,7 @@ proposing a patch fix for this issue.
<dd>
<b>low: </b>
<b>
+ <a name="CVE-2010-0434"/>
<name name="CVE-2010-0434">Subrequest handling of request headers (mod_headers)</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0434">CVE-2010-0434</a>
@@ -1153,6 +1190,7 @@ fix for this issue.
<dd>
<b>moderate: </b>
<b>
+ <a name="CVE-2010-0408"/>
<name name="CVE-2010-0408">mod_proxy_ajp DoS</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0408">CVE-2010-0408</a>
@@ -1182,6 +1220,7 @@ Fixed in Apache httpd 2.2.14</h1><dl>
<dd>
<b>low: </b>
<b>
+ <a name="CVE-2009-3094"/>
<name name="CVE-2009-3094">mod_proxy_ftp DoS</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094">CVE-2009-3094</a>
@@ -1204,6 +1243,7 @@ service.
<dd>
<b>low: </b>
<b>
+ <a name="CVE-2009-3095"/>
<name name="CVE-2009-3095">mod_proxy_ftp FTP command injection</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095">CVE-2009-3095</a>
@@ -1225,6 +1265,7 @@ to the FTP server.
<dd>
<b>moderate: </b>
<b>
+ <a name="CVE-2009-2699"/>
<name name="CVE-2009-2699">Solaris pollset DoS</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2699">CVE-2009-2699</a>
@@ -1247,6 +1288,7 @@ Fixed in Apache httpd 2.2.13</h1><dl>
<dd>
<b>low: </b>
<b>
+ <a name="CVE-2009-2412"/>
<name name="CVE-2009-2412">APR apr_palloc heap overflow</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412">CVE-2009-2412</a>
@@ -1272,6 +1314,7 @@ Fixed in Apache httpd 2.2.12</h1><dl>
<dd>
<b>important: </b>
<b>
+ <a name="CVE-2009-1890"/>
<name name="CVE-2009-1890">mod_proxy reverse proxy DoS</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1890">CVE-2009-1890</a>
@@ -1292,6 +1335,7 @@ force a proxy process to consume large a
<dd>
<b>important: </b>
<b>
+ <a name="CVE-2009-1191"/>
<name name="CVE-2009-1191">mod_proxy_ajp information disclosure</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1191">CVE-2009-1191</a>
@@ -1313,6 +1357,7 @@ could return a response intended for ano
<dd>
<b>low: </b>
<b>
+ <a name="CVE-2009-1891"/>
<name name="CVE-2009-1891">mod_deflate DoS</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891">CVE-2009-1891</a>
@@ -1334,6 +1379,7 @@ file.</p>
<dd>
<b>low: </b>
<b>
+ <a name="CVE-2009-1195"/>
<name name="CVE-2009-1195">AllowOverride Options handling bypass</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1195">CVE-2009-1195</a>
@@ -1355,6 +1401,7 @@ from executing commands from a Server-Si
<dd>
<b>low: </b>
<b>
+ <a name="CVE-2008-0456"/>
<name name="CVE-2008-0456">CRLF injection in mod_negotiation when untrusted uploads are supported</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0456">CVE-2008-0456</a>
@@ -1375,6 +1422,7 @@ MultiViews enabled.
<dd>
<b>moderate: </b>
<b>
+ <a name="CVE-2009-1956"/>
<name name="CVE-2009-1956">APR-util off-by-one overflow</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1956">CVE-2009-1956</a>
@@ -1397,6 +1445,7 @@ or a denial of service.
<dd>
<b>moderate: </b>
<b>
+ <a name="CVE-2009-1955"/>
<name name="CVE-2009-1955">APR-util XML DoS</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955">CVE-2009-1955</a>
@@ -1419,6 +1468,7 @@ engine.
<dd>
<b>moderate: </b>
<b>
+ <a name="CVE-2009-0023"/>
<name name="CVE-2009-0023">APR-util heap underwrite</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0023">CVE-2009-0023</a>
@@ -1443,6 +1493,7 @@ Fixed in Apache httpd 2.2.10</h1><dl>
<dd>
<b>important: </b>
<b>
+ <a name="CVE-2010-2791"/>
<name name="CVE-2010-2791">Timeout detection flaw (mod_proxy_http)</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2791">CVE-2010-2791</a>
@@ -1466,6 +1517,7 @@ globally configure:</p>
<dd>
<b>low: </b>
<b>
+ <a name="CVE-2008-2939"/>
<name name="CVE-2008-2939">mod_proxy_ftp globbing XSS</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939">CVE-2008-2939</a>
@@ -1488,6 +1540,7 @@ Fixed in Apache httpd 2.2.9</h1><dl>
<dd>
<b>low: </b>
<b>
+ <a name="CVE-2007-6420"/>
<name name="CVE-2007-6420">mod_proxy_balancer CSRF</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6420">CVE-2007-6420</a>
@@ -1507,6 +1560,7 @@ vulnerable to cross-site request forgery
<dd>
<b>moderate: </b>
<b>
+ <a name="CVE-2008-2364"/>
<name name="CVE-2008-2364">mod_proxy_http DoS</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364">CVE-2008-2364</a>
@@ -1528,6 +1582,7 @@ Fixed in Apache httpd 2.2.8</h1><dl>
<dd>
<b>low: </b>
<b>
+ <a name="CVE-2008-0005"/>
<name name="CVE-2008-0005">mod_proxy_ftp UTF-7 XSS</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005">CVE-2008-0005</a>
@@ -1550,6 +1605,7 @@ RFC 2616.
<dd>
<b>low: </b>
<b>
+ <a name="CVE-2007-6422"/>
<name name="CVE-2007-6422">mod_proxy_balancer DoS</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6422">CVE-2007-6422</a>
@@ -1571,6 +1627,7 @@ threaded Multi-Processing Module. </p>
<dd>
<b>low: </b>
<b>
+ <a name="CVE-2007-6421"/>
<name name="CVE-2007-6421">mod_proxy_balancer XSS</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6421">CVE-2007-6421</a>
@@ -1590,6 +1647,7 @@ authorized user is possible. </p>
<dd>
<b>moderate: </b>
<b>
+ <a name="CVE-2007-6388"/>
<name name="CVE-2007-6388">mod_status XSS</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388">CVE-2007-6388</a>
@@ -1610,6 +1668,7 @@ Note that the server-status page is not
<dd>
<b>moderate: </b>
<b>
+ <a name="CVE-2007-5000"/>
<name name="CVE-2007-5000">mod_imagemap XSS</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000">CVE-2007-5000</a>
@@ -1631,6 +1690,7 @@ Fixed in Apache httpd 2.2.6</h1><dl>
<dd>
<b>moderate: </b>
<b>
+ <a name="CVE-2007-3847"/>
<name name="CVE-2007-3847">mod_proxy crash</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847">CVE-2007-3847</a>
@@ -1653,6 +1713,7 @@ using a threaded Multi-Processing Module
<dd>
<b>moderate: </b>
<b>
+ <a name="CVE-2006-5752"/>
<name name="CVE-2006-5752">mod_status cross-site scripting</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752">CVE-2006-5752</a>
@@ -1675,6 +1736,7 @@ this publicly available.</p>
<dd>
<b>moderate: </b>
<b>
+ <a name="CVE-2007-3304"/>
<name name="CVE-2007-3304">Signals to arbitrary processes</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304">CVE-2007-3304</a>
@@ -1695,6 +1757,7 @@ terminated which could lead to a denial
<dd>
<b>moderate: </b>
<b>
+ <a name="CVE-2007-1862"/>
<name name="CVE-2007-1862">mod_cache information leak</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1862">CVE-2007-1862</a>
@@ -1715,6 +1778,7 @@ used by remote attackers to obtain poten
<dd>
<b>moderate: </b>
<b>
+ <a name="CVE-2007-1863"/>
<name name="CVE-2007-1863">mod_cache proxy DoS</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863">CVE-2007-1863</a>
@@ -1737,6 +1801,7 @@ Fixed in Apache httpd 2.2.3</h1><dl>
<dd>
<b>important: </b>
<b>
+ <a name="CVE-2006-3747"/>
<name name="CVE-2006-3747">mod_rewrite off-by-one error</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3747">CVE-2006-3747</a>
@@ -1763,6 +1828,7 @@ Fixed in Apache httpd 2.2.2</h1><dl>
<dd>
<b>low: </b>
<b>
+ <a name="CVE-2005-3357"/>
<name name="CVE-2005-3357">mod_ssl access control DoS</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3357">CVE-2005-3357</a>
@@ -1785,6 +1851,7 @@ crash would only be a denial of service
<dd>
<b>moderate: </b>
<b>
+ <a name="CVE-2005-3352"/>
<name name="CVE-2005-3352">mod_imap Referer Cross-Site Scripting</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352">CVE-2005-3352</a>
Modified: websites/staging/httpd/trunk/content/security/vulnerabilities_24.html
==============================================================================
--- websites/staging/httpd/trunk/content/security/vulnerabilities_24.html (original)
+++ websites/staging/httpd/trunk/content/security/vulnerabilities_24.html Wed Jul 26 16:30:54 2017
@@ -111,6 +111,7 @@ Fixed in Apache httpd 2.4.27</h1><dl>
<dd>
<b>important: </b>
<b>
+ <a name="CVE-2017-9789"/>
<name name="CVE-2017-9789">Read after free in mod_http2</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9789">CVE-2017-9789</a>
@@ -136,6 +137,7 @@ We would like to thank Robert ÅwiÄ
<dd>
<b>important: </b>
<b>
+ <a name="CVE-2017-9788"/>
<name name="CVE-2017-9788">Uninitialized memory reflection in mod_auth_digest</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9788">CVE-2017-9788</a>
@@ -170,6 +172,7 @@ Fixed in Apache httpd 2.4.26</h1><dl>
<dd>
<b>important: </b>
<b>
+ <a name="CVE-2017-3167"/>
<name name="CVE-2017-3167">ap_get_basic_auth_pw() Authentication Bypass</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167">CVE-2017-3167</a>
@@ -202,6 +205,7 @@ We would like to thank Emmanuel Dreyfus
<dd>
<b>important: </b>
<b>
+ <a name="CVE-2017-3169"/>
<name name="CVE-2017-3169">mod_ssl Null Pointer Dereference</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169">CVE-2017-3169</a>
@@ -227,6 +231,7 @@ reporting this issue.
<dd>
<b>important: </b>
<b>
+ <a name="CVE-2017-7659"/>
<name name="CVE-2017-7659">mod_http2 Null Pointer Dereference</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7659">CVE-2017-7659</a>
@@ -251,6 +256,7 @@ We would like to thank Robert ÅwiÄ
<dd>
<b>important: </b>
<b>
+ <a name="CVE-2017-7668"/>
<name name="CVE-2017-7668">ap_find_token() Buffer Overread</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668">CVE-2017-7668</a>
@@ -279,6 +285,7 @@ issue.
<dd>
<b>important: </b>
<b>
+ <a name="CVE-2017-7679"/>
<name name="CVE-2017-7679">mod_mime Buffer Overread</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679">CVE-2017-7679</a>
@@ -305,6 +312,7 @@ Fixed in Apache httpd 2.4.25</h1><dl>
<dd>
<b>important: </b>
<b>
+ <a name="CVE-2016-8743"/>
<name name="CVE-2016-8743">Apache HTTP Request Parsing Whitespace Defects</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743">CVE-2016-8743</a>
@@ -374,6 +382,7 @@ as well as Régis Leroy for each repor
<dd>
<b>low: </b>
<b>
+ <a name="CVE-2016-8740"/>
<name name="CVE-2016-8740">HTTP/2 CONTINUATION denial of service</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8740">CVE-2016-8740</a>
@@ -402,6 +411,7 @@ and CDF/SEFCOM at Arizona State Universi
<dd>
<b>low: </b>
<b>
+ <a name="CVE-2016-2161"/>
<name name="CVE-2016-2161">DoS vulnerability in mod_auth_digest</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2161">CVE-2016-2161</a>
@@ -426,6 +436,7 @@ We would like to thank Maksim Malyutin f
<dd>
<b>low: </b>
<b>
+ <a name="CVE-2016-0736"/>
<name name="CVE-2016-0736">Padding Oracle in Apache mod_session_crypto</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0736">CVE-2016-0736</a>
@@ -455,6 +466,7 @@ this issue.
<dd>
<b>n/a: </b>
<b>
+ <a name="CVE-2016-5387"/>
<name name="CVE-2016-5387">HTTP_PROXY environment variable "httpoxy" mitigation</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5387">CVE-2016-5387</a>
@@ -495,6 +507,7 @@ Fixed in Apache httpd 2.4.23</h1><dl>
<dd>
<b>important: </b>
<b>
+ <a name="CVE-2016-4979"/>
<name name="CVE-2016-4979">TLS/SSL X.509 client certificate auth bypass with HTTP/2</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4979">CVE-2016-4979</a>
@@ -525,6 +538,7 @@ Fixed in Apache httpd 2.4.20</h1><dl>
<dd>
<b>low: </b>
<b>
+ <a name="CVE-2016-1546"/>
<name name="CVE-2016-1546">mod_http2: denial of service by thread starvation</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1546">CVE-2016-1546</a>
@@ -555,6 +569,7 @@ Fixed in Apache httpd 2.4.16</h1><dl>
<dd>
<b>low: </b>
<b>
+ <a name="CVE-2015-0228"/>
<name name="CVE-2015-0228">mod_lua: Crash in websockets PING handling</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0228">CVE-2015-0228</a>
@@ -583,6 +598,7 @@ This issue was reported by Guido Vranken
<dd>
<b>low: </b>
<b>
+ <a name="CVE-2015-0253"/>
<name name="CVE-2015-0253">Crash in ErrorDocument 400 handling</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0253">CVE-2015-0253</a>
@@ -607,6 +623,7 @@ This issue was reported by Guido Vranken
<dd>
<b>low: </b>
<b>
+ <a name="CVE-2015-3183"/>
<name name="CVE-2015-3183">HTTP request smuggling attack against chunked request parser</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3183">CVE-2015-3183</a>
@@ -635,6 +652,7 @@ This issue was reported by Régis Lero
<dd>
<b>low: </b>
<b>
+ <a name="CVE-2015-3185"/>
<name name="CVE-2015-3185">ap_some_auth_required API unusable</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3185">CVE-2015-3185</a>
@@ -671,6 +689,7 @@ Fixed in Apache httpd 2.4.12</h1><dl>
<dd>
<b>low: </b>
<b>
+ <a name="CVE-2014-8109"/>
<name name="CVE-2014-8109">mod_lua multiple "Require" directive handling is broken</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8109">CVE-2014-8109</a>
@@ -690,6 +709,7 @@ lead to different authentication rules t
<dd>
<b>low: </b>
<b>
+ <a name="CVE-2014-3583"/>
<name name="CVE-2014-3583">mod_proxy_fcgi out-of-bounds memory read</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3583">CVE-2014-3583</a>
@@ -716,6 +736,7 @@ This issue was reported by Teguh P. Alko
<dd>
<b>low: </b>
<b>
+ <a name="CVE-2014-3581"/>
<name name="CVE-2014-3581">mod_cache crash with empty Content-Type header</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3581">CVE-2014-3581</a>
@@ -735,6 +756,7 @@ This crash would only be a denial of ser
<dd>
<b>low: </b>
<b>
+ <a name="CVE-2013-5704"/>
<name name="CVE-2013-5704">HTTP Trailers processing bypass</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5704">CVE-2013-5704</a>
@@ -763,6 +785,7 @@ Fixed in Apache httpd 2.4.10</h1><dl>
<dd>
<b>important: </b>
<b>
+ <a name="CVE-2014-0231"/>
<name name="CVE-2014-0231">mod_cgid denial of service</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0231">CVE-2014-0231</a>
@@ -789,6 +812,7 @@ This issue was reported by Rainer Jung o
<dd>
<b>important: </b>
<b>
+ <a name="CVE-2014-3523"/>
<name name="CVE-2014-3523">WinNT MPM denial of service</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3523">CVE-2014-3523</a>
@@ -815,6 +839,7 @@ This issue was reported by Jeff Trawick
<dd>
<b>moderate: </b>
<b>
+ <a name="CVE-2014-0117"/>
<name name="CVE-2014-0117">mod_proxy denial of service</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0117">CVE-2014-0117</a>
@@ -840,6 +865,7 @@ This issue was reported by Marek Kroemek
<dd>
<b>moderate: </b>
<b>
+ <a name="CVE-2014-0118"/>
<name name="CVE-2014-0118">mod_deflate denial of service</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0118">CVE-2014-0118</a>
@@ -867,6 +893,7 @@ This issue was reported by Giancarlo Pel
<dd>
<b>moderate: </b>
<b>
+ <a name="CVE-2014-0226"/>
<name name="CVE-2014-0226">mod_status buffer overflow</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0226">CVE-2014-0226</a>
@@ -897,6 +924,7 @@ Fixed in Apache httpd 2.4.7</h1><dl>
<dd>
<b>low: </b>
<b>
+ <a name="CVE-2013-4352"/>
<name name="CVE-2013-4352">mod_cache crash</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4352">CVE-2013-4352</a>
@@ -920,6 +948,7 @@ Fixed in Apache httpd 2.4.9</h1><dl>
<dd>
<b>low: </b>
<b>
+ <a name="CVE-2014-0098"/>
<name name="CVE-2014-0098">mod_log_config crash</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0098">CVE-2014-0098</a>
@@ -945,6 +974,7 @@ This issue was reported by Rainer M Cana
<dd>
<b>moderate: </b>
<b>
+ <a name="CVE-2013-6438"/>
<name name="CVE-2013-6438">mod_dav crash</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6438">CVE-2013-6438</a>
@@ -973,6 +1003,7 @@ Fixed in Apache httpd 2.4.6</h1><dl>
<dd>
<b>moderate: </b>
<b>
+ <a name="CVE-2013-1896"/>
<name name="CVE-2013-1896">mod_dav crash</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1896">CVE-2013-1896</a>
@@ -998,6 +1029,7 @@ This issue was reported by Ben Reser
<dd>
<b>moderate: </b>
<b>
+ <a name="CVE-2013-2249"/>
<name name="CVE-2013-2249">mod_session_dbd session fixation flaw</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2249">CVE-2013-2249</a>
@@ -1025,6 +1057,7 @@ Fixed in Apache httpd 2.4.4</h1><dl>
<dd>
<b>low: </b>
<b>
+ <a name="CVE-2012-3499"/>
<name name="CVE-2012-3499">XSS due to unescaped hostnames</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3499">CVE-2012-3499</a>
@@ -1049,6 +1082,7 @@ This issue was reported by Niels Heinen
<dd>
<b>moderate: </b>
<b>
+ <a name="CVE-2012-4558"/>
<name name="CVE-2012-4558">XSS in mod_proxy_balancer</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4558">CVE-2012-4558</a>
@@ -1074,6 +1108,7 @@ Fixed in Apache httpd 2.4.3</h1><dl>
<dd>
<b>important: </b>
<b>
+ <a name="CVE-2012-3502"/>
<name name="CVE-2012-3502">Response mixup when using mod_proxy_ajp or mod_proxy_http</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3502">CVE-2012-3502</a>
@@ -1094,6 +1129,7 @@ between users.
<dd>
<b>low: </b>
<b>
+ <a name="CVE-2012-2687"/>
<name name="CVE-2012-2687">XSS in mod_negotiation when untrusted uploads are supported</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2687">CVE-2012-2687</a>
@@ -1116,6 +1152,7 @@ Fixed in Apache httpd 2.4.2</h1><dl>
<dd>
<b>low: </b>
<b>
+ <a name="CVE-2012-0883"/>
<name name="CVE-2012-0883">insecure LD_LIBRARY_PATH handling</name>
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0883">CVE-2012-0883</a>