You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by hu...@apache.org on 2012/05/06 20:47:32 UTC
svn commit: r1334736 [1/2] - in /httpd/site/trunk/content/security:
vulnerabilities_13.mdtext vulnerabilities_13.xml vulnerabilities_20.mdtext
vulnerabilities_20.xml
Author: humbedooh
Date: Sun May 6 18:47:31 2012
New Revision: 1334736
URL: http://svn.apache.org/viewvc?rev=1334736&view=rev
Log:
xforms
Added:
httpd/site/trunk/content/security/vulnerabilities_13.mdtext
- copied, changed from r1334734, httpd/site/trunk/content/security/vulnerabilities_13.xml
httpd/site/trunk/content/security/vulnerabilities_20.mdtext
- copied, changed from r1334734, httpd/site/trunk/content/security/vulnerabilities_20.xml
Removed:
httpd/site/trunk/content/security/vulnerabilities_13.xml
httpd/site/trunk/content/security/vulnerabilities_20.xml
Copied: httpd/site/trunk/content/security/vulnerabilities_13.mdtext (from r1334734, httpd/site/trunk/content/security/vulnerabilities_13.xml)
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/security/vulnerabilities_13.mdtext?p2=httpd/site/trunk/content/security/vulnerabilities_13.mdtext&p1=httpd/site/trunk/content/security/vulnerabilities_13.xml&r1=1334734&r2=1334736&rev=1334736&view=diff
==============================================================================
--- httpd/site/trunk/content/security/vulnerabilities_13.xml (original)
+++ httpd/site/trunk/content/security/vulnerabilities_13.mdtext Sun May 6 18:47:31 2012
@@ -1,923 +1,567 @@
-<?xml version="1.0" encoding="ISO-8859-1"?>
-<document>
-<properties>
-<author email="security@httpd.apache.org">Apache HTTP Server Security Team</author>
-<title>Apache httpd 1.3 vulnerabilities</title>
-</properties>
-<body>
-<section id="top">
-<title>Apache httpd 1.3 vulnerabilities</title>
-<p>This page lists all security vulnerabilities fixed in released
-versions of Apache httpd 1.3. Each
-vulnerability is given a security <a href="/security/impact_levels.html">impact rating</a> by the Apache
-security team - please note that this rating may well vary from
-platform to platform. We also list the versions of Apache httpd the
-flaw is known to affect, and where a flaw has not been verified list
-the version with a question mark. </p>
-<p> Please note that if a vulnerability is shown below as being fixed
-in a "-dev" release then this means that a fix has been applied to
-the development source tree and will be part of an upcoming full release.</p>
-<p> This page is created from a database of vulnerabilities originally
-populated by Apache Week. Please send comments or corrections for
-these vulnerabilities to the <a href="/security_report.html">Security
-Team</a>. </p>
-</section>
-<section id="1.3-never">
-<title>
-Not fixed in Apache httpd 1.3</title>
-<dl>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2011-3368">mod_proxy reverse proxy exposure</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368">CVE-2011-3368</a>
-<p>
-An exposure was found when using mod_proxy in reverse proxy mode.
-In certain configurations using RewriteRule with proxy flag,
-a remote attacker could cause the reverse proxy to
-connect to an arbitrary server, possibly disclosing sensitive
-information from internal web servers not directly accessible to
-attacker.</p>
-<p>No update of 1.3 will be released. Patches will be published to
-<a href="http://archive.apache.org/dist/httpd/patches/apply_to_1.3.42/">http://archive.apache.org/dist/httpd/patches/apply_to_1.3.42/</a>
-</p>
-</dd>
-<dd>
-<p>Acknowledgements:
-This issue was reported by Context Information Security Ltd
-</p>
-</dd>
-<dd>
- Reported to security team: 16th September 2011<br/>
- Issue public: 5th October 2011<br/>
-</dd>
-<dd>
- Affected:
- 1.3.42, 1.3.41, 1.3.39, 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2<p/>
-</dd>
-</dl>
-</section>
-<section id="1.3.42">
-<title>
-Fixed in Apache httpd 1.3.42</title>
-<dl>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2010-0010">mod_proxy overflow on 64-bit systems</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0010">CVE-2010-0010</a>
-<p>
+Title: Apache httpd 1.3 vulnerabilities
+Notice: Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ .
+ http://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+
+# Apache httpd 1.3 vulnerabilities # {#top}
+
+This page lists all security vulnerabilities fixed in released versions of
+Apache httpd 1.3. Each vulnerability is given a security [impact
+rating](/security/impact_levels.html) by the Apache security team - please
+note that this rating may well vary from platform to platform. We also list
+the versions of Apache httpd the flaw is known to affect, and where a flaw
+has not been verified list the version with a question mark.
+
+Please note that if a vulnerability is shown below as being fixed in a
+"-dev" release then this means that a fix has been applied to the
+development source tree and will be part of an upcoming full release.
+
+This page is created from a database of vulnerabilities originally
+populated by Apache Week. Please send comments or corrections for these
+vulnerabilities to the [Security Team](/security_report.html).
+
+# Not fixed in Apache httpd 1.3 # {#1.3-never}
+
+: **moderate:** **<name name="CVE-2011-3368">mod_proxy reverse proxy
+ exposure</name>**
+ [CVE-2011-3368](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368)
+An exposure was found when using mod_proxy in reverse proxy mode. In
+certain configurations using RewriteRule with proxy flag, a remote attacker
+could cause the reverse proxy to connect to an arbitrary server, possibly
+disclosing sensitive information from internal web servers not directly
+accessible to attacker.
+
+No update of 1.3 will be released. Patches will be published to
+[http://archive.apache.org/dist/httpd/patches/apply_to_1.3.42/](http://archive.apache.org/dist/httpd/patches/apply_to_1.3.42/)
+
+Acknowledgements: This issue was reported by Context Information Security
+Ltd
+
+: Reported to security team: 16th September 2011<br></br>Issue public:
+ 5th October 2011<br></br>
+: Affected: 1.3.42, 1.3.41, 1.3.39, 1.3.37, 1.3.36, 1.3.35, 1.3.34,
+ 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24,
+ 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6,
+ 1.3.4, 1.3.3, 1.3.2
+
+# Fixed in Apache httpd 1.3.42 # {#1.3.42}
+
+: **moderate:** **<name name="CVE-2010-0010">mod_proxy overflow on
+ 64-bit systems</name>**
+ [CVE-2010-0010](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0010)
An incorrect conversion between numeric types flaw was found in the
-mod_proxy module which affects some 64-bit architecture systems. A
-malicious HTTP server to which requests are being proxied could use
-this flaw to trigger a heap buffer overflow in an httpd child process
-via a carefully crafted response.
-</p>
-</dd>
-<dd>
- Reported to security team: 30th December 2009<br/>
- Issue public: 7th December 2010<br/>
- Update released: 3rd February 2010<br/>
-</dd>
-<dd>
- Affected:
- 1.3.41, 1.3.39, 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2<p/>
-</dd>
-</dl>
-</section>
-<section id="1.3.41">
-<title>
-Fixed in Apache httpd 1.3.41</title>
-<dl>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2007-6388">mod_status XSS</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388">CVE-2007-6388</a>
-<p>
+mod_proxy module which affects some 64-bit architecture systems. A
+malicious HTTP server to which requests are being proxied could use this
+flaw to trigger a heap buffer overflow in an httpd child process via a
+carefully crafted response.
+
+: Reported to security team: 30th December 2009<br></br>Issue public:
+ 7th December 2010<br></br>Update released:
+ 3rd February 2010<br></br>
+: Affected: 1.3.41, 1.3.39, 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33,
+ 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22,
+ 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4,
+ 1.3.3, 1.3.2
+
+# Fixed in Apache httpd 1.3.41 # {#1.3.41}
+
+: **moderate:** **<name name="CVE-2007-6388">mod_status XSS</name>**
+ [CVE-2007-6388](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388)
A flaw was found in the mod_status module. On sites where mod_status is
enabled and the status pages were publicly accessible, a cross-site
-scripting attack is possible.
-Note that the server-status page is not enabled by default and it is best practice to not make this publicly available.</p>
-</dd>
-<dd>
- Reported to security team: 15th December 2007<br/>
- Issue public: 2nd January 2008<br/>
- Update released: 19th January 2008<br/>
-</dd>
-<dd>
- Affected:
- 1.3.39, 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2<p/>
-</dd>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2007-5000">mod_imap XSS</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000">CVE-2007-5000</a>
-<p>
-A flaw was found in the mod_imap module. On sites where
-mod_imap is enabled and an imagemap file is publicly available, a
-cross-site scripting attack is possible.</p>
-</dd>
-<dd>
- Reported to security team: 23rd October 2007<br/>
- Issue public: 11th December 2007<br/>
- Update released: 19th January 2008<br/>
-</dd>
-<dd>
- Affected:
- 1.3.39, 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/>
-</dd>
-</dl>
-</section>
-<section id="1.3.39">
-<title>
-Fixed in Apache httpd 1.3.39</title>
-<dl>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2006-5752">mod_status cross-site scripting</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752">CVE-2006-5752</a>
-<p>
-A flaw was found in the mod_status module. On sites where the
-server-status page is publicly accessible and ExtendedStatus is
-enabled this could lead to a cross-site scripting attack.
-Note that the server-status
-page is not enabled by default and it is best practice to not make
-this publicly available.</p>
-</dd>
-<dd>
- Reported to security team: 19th October 2006<br/>
- Issue public: 20th June 2007<br/>
- Update released: 7th September 2007<br/>
-</dd>
-<dd>
- Affected:
- 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2<p/>
-</dd>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2007-3304">Signals to arbitrary processes</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304">CVE-2007-3304</a>
-<p>The Apache HTTP server did not verify that a process
-was an Apache child process before sending it signals. A local
-attacker with the ability to run scripts on the HTTP server could
-manipulate the scoreboard and cause arbitrary processes to be
-terminated which could lead to a denial of service.</p>
-</dd>
-<dd>
- Reported to security team: 15th May 2006<br/>
- Issue public: 19th June 2007<br/>
- Update released: 7th September 2007<br/>
-</dd>
-<dd>
- Affected:
- 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/>
-</dd>
-</dl>
-</section>
-<section id="1.3.37">
-<title>
-Fixed in Apache httpd 1.3.37</title>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2006-3747">mod_rewrite off-by-one error</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3747">CVE-2006-3747</a>
-<p>
-An off-by-one flaw exists in the Rewrite module, mod_rewrite.
-Depending on the manner in which Apache httpd was compiled, this
-software defect may result in a vulnerability which, in combination
-with certain types of Rewrite rules in the web server configuration
-files, could be triggered remotely. For vulnerable builds, the nature
-of the vulnerability can be denial of service (crashing of web server
-processes) or potentially allow arbitrary code execution.
-</p>
-</dd>
-<dd>
- Reported to security team: 21st July 2006<br/>
- Issue public: 27th July 2006<br/>
- Update released: 27th July 2006<br/>
-</dd>
-<dd>
- Affected:
- 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28<p/>
-</dd>
-</dl>
-</section>
-<section id="1.3.35">
-<title>
-Fixed in Apache httpd 1.3.35</title>
-<dl>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2006-3918">Expect header Cross-Site Scripting</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3918">CVE-2006-3918</a>
-<p>
-A flaw in the handling of invalid Expect headers. If an attacker can
-influence the Expect header that a victim sends to a target site they
-could perform a cross-site scripting attack. It is known that
-some versions of Flash can set an arbitrary Expect header which can
-trigger this flaw. Not marked as a security issue for 2.0 or
-2.2 as the cross-site scripting is only returned to the victim after
-the server times out a connection.
-</p>
-</dd>
-<dd>
- Issue public: 8th May 2006<br/>
- Update released: 1st May 2006<br/>
-</dd>
-<dd>
- Affected:
- 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3<p/>
-</dd>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2005-3352">mod_imap Referer Cross-Site Scripting</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352">CVE-2005-3352</a>
-<p>
-A flaw in mod_imap when using the Referer directive with image maps.
-In certain site configurations a remote attacker could perform a cross-site
-scripting attack if a victim can be forced to visit a malicious
-URL using certain web browsers.
-</p>
-</dd>
-<dd>
- Reported to security team: 1st November 2005<br/>
- Issue public: 12th December 2005<br/>
- Update released: 1st May 2006<br/>
-</dd>
-<dd>
- Affected:
- 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/>
-</dd>
-</dl>
-</section>
-<section id="1.3.33">
-<title>
-Fixed in Apache httpd 1.3.33</title>
-<dl>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2004-0940">mod_include overflow</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0940">CVE-2004-0940</a>
-<p>
-A buffer overflow in mod_include could allow a local user who
-is authorised to create server side include (SSI) files to gain
-the privileges of a httpd child.
-</p>
-</dd>
-<dd>
- Issue public: 21st October 2004<br/>
- Update released: 28th October 2004<br/>
-</dd>
-<dd>
- Affected:
- 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/>
-</dd>
-</dl>
-</section>
-<section id="1.3.32">
-<title>
-Fixed in Apache httpd 1.3.32</title>
-<dl>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2004-0492">mod_proxy buffer overflow</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0492">CVE-2004-0492</a>
-<p>
+scripting attack is possible. Note that the server-status page is not
+enabled by default and it is best practice to not make this publicly
+available.
+
+: Reported to security team: 15th December 2007<br></br>Issue public:
+ 2nd January 2008<br></br>Update released:
+ 19th January 2008<br></br>
+: Affected: 1.3.39, 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32,
+ 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20,
+ 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3,
+ 1.3.2
+
+: **moderate:** **<name name="CVE-2007-5000">mod_imap XSS</name>**
+ [CVE-2007-5000](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000)
+A flaw was found in the mod_imap module. On sites where mod_imap is enabled
+and an imagemap file is publicly available, a cross-site scripting attack
+is possible.
+
+: Reported to security team: 23rd October 2007<br></br>Issue public:
+ 11th December 2007<br></br>Update released:
+ 19th January 2008<br></br>
+: Affected: 1.3.39, 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32,
+ 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20,
+ 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3,
+ 1.3.2, 1.3.1, 1.3.0
+
+# Fixed in Apache httpd 1.3.39 # {#1.3.39}
+
+: **moderate:** **<name name="CVE-2006-5752">mod_status cross-site
+ scripting</name>**
+ [CVE-2006-5752](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752)
+A flaw was found in the mod_status module. On sites where the server-status
+page is publicly accessible and ExtendedStatus is enabled this could lead
+to a cross-site scripting attack. Note that the server-status page is not
+enabled by default and it is best practice to not make this publicly
+available.
+
+: Reported to security team: 19th October 2006<br></br>Issue public:
+ 20th June 2007<br></br>Update released:
+ 7th September 2007<br></br>
+: Affected: 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31,
+ 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19,
+ 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2
+
+: **moderate:** **<name name="CVE-2007-3304">Signals to arbitrary
+ processes</name>**
+ [CVE-2007-3304](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304)
+The Apache HTTP server did not verify that a process was an Apache child
+process before sending it signals. A local attacker with the ability to run
+scripts on the HTTP server could manipulate the scoreboard and cause
+arbitrary processes to be terminated which could lead to a denial of
+service.
+
+: Reported to security team: 15th May 2006<br></br>Issue public:
+ 19th June 2007<br></br>Update released:
+ 7th September 2007<br></br>
+: Affected: 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31,
+ 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19,
+ 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2,
+ 1.3.1, 1.3.0
+
+# Fixed in Apache httpd 1.3.37 # {#1.3.37}
+
+: **important:** **<name name="CVE-2006-3747">mod_rewrite off-by-one
+ error</name>**
+ [CVE-2006-3747](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3747)
+An off-by-one flaw exists in the Rewrite module, mod_rewrite. Depending on
+the manner in which Apache httpd was compiled, this software defect may
+result in a vulnerability which, in combination with certain types of
+Rewrite rules in the web server configuration files, could be triggered
+remotely. For vulnerable builds, the nature of the vulnerability can be
+denial of service (crashing of web server processes) or potentially allow
+arbitrary code execution.
+
+: Reported to security team: 21st July 2006<br></br>Issue public:
+ 27th July 2006<br></br>Update released: 27th July 2006<br></br>
+: Affected: 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29,
+ 1.3.28
+
+# Fixed in Apache httpd 1.3.35 # {#1.3.35}
+
+: **moderate:** **<name name="CVE-2006-3918">Expect header Cross-Site
+ Scripting</name>**
+ [CVE-2006-3918](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3918)
+A flaw in the handling of invalid Expect headers. If an attacker can
+influence the Expect header that a victim sends to a target site they could
+perform a cross-site scripting attack. It is known that some versions of
+Flash can set an arbitrary Expect header which can trigger this flaw. Not
+marked as a security issue for 2.0 or 2.2 as the cross-site scripting is
+only returned to the victim after the server times out a connection.
+
+: Issue public: 8th May 2006<br></br>Update released:
+ 1st May 2006<br></br>
+: Affected: 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27,
+ 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12,
+ 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3
+
+: **moderate:** **<name name="CVE-2005-3352">mod_imap Referer
+ Cross-Site Scripting</name>**
+ [CVE-2005-3352](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352)
+A flaw in mod_imap when using the Referer directive with image maps. In
+certain site configurations a remote attacker could perform a cross-site
+scripting attack if a victim can be forced to visit a malicious URL using
+certain web browsers.
+
+: Reported to security team: 1st November 2005<br></br>Issue public:
+ 12th December 2005<br></br>Update released: 1st May 2006<br></br>
+: Affected: 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27,
+ 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12,
+ 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0
+
+# Fixed in Apache httpd 1.3.33 # {#1.3.33}
+
+: **moderate:** **<name name="CVE-2004-0940">mod_include
+ overflow</name>**
+ [CVE-2004-0940](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0940)
+A buffer overflow in mod_include could allow a local user who is authorised
+to create server side include (SSI) files to gain the privileges of a httpd
+child.
+
+: Issue public: 21st October 2004<br></br>Update released:
+ 28th October 2004<br></br>
+: Affected: 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24,
+ 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6,
+ 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0
+
+# Fixed in Apache httpd 1.3.32 # {#1.3.32}
+
+: **moderate:** **<name name="CVE-2004-0492">mod_proxy buffer
+ overflow</name>**
+ [CVE-2004-0492](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0492)
A buffer overflow was found in the Apache proxy module, mod_proxy, which
-can be triggered by receiving an invalid Content-Length header. In order
-to exploit this issue an attacker would need to get an Apache installation
+can be triggered by receiving an invalid Content-Length header. In order to
+exploit this issue an attacker would need to get an Apache installation
that was configured as a proxy to connect to a malicious site. This would
cause the Apache child processing the request to crash, although this does
not represent a significant Denial of Service attack as requests will
-continue to be handled by other Apache child processes. This issue may
-lead to remote arbitrary code execution on some BSD platforms.
-</p>
-</dd>
-<dd>
- Reported to security team: 8th June 2003<br/>
- Issue public: 10th June 2003<br/>
- Update released: 20th October 2004<br/>
-</dd>
-<dd>
- Affected:
- 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26<p/>
-</dd>
-</dl>
-</section>
-<section id="1.3.31">
-<title>
-Fixed in Apache httpd 1.3.31</title>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2004-0174">listening socket starvation</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0174">CVE-2004-0174</a>
-<p>
+continue to be handled by other Apache child processes. This issue may lead
+to remote arbitrary code execution on some BSD platforms.
+
+: Reported to security team: 8th June 2003<br></br>Issue public:
+ 10th June 2003<br></br>Update released: 20th October 2004<br></br>
+: Affected: 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26
+
+# Fixed in Apache httpd 1.3.31 # {#1.3.31}
+
+: **important:** **<name name="CVE-2004-0174">listening socket
+ starvation</name>**
+ [CVE-2004-0174](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0174)
A starvation issue on listening sockets occurs when a short-lived
-connection on a rarely-accessed listening socket will cause a child to
-hold the accept mutex and block out new connections until another
-connection arrives on that rarely-accessed listening socket. This
-issue is known to affect some versions of AIX, Solaris, and Tru64; it
-is known to not affect FreeBSD or Linux.
-
-</p>
-</dd>
-<dd>
- Reported to security team: 25th February 2004<br/>
- Issue public: 18th March 2004<br/>
- Update released: 12th May 2004<br/>
-</dd>
-<dd>
- Affected:
- 1.3.29, 1.3.28?, 1.3.27?, 1.3.26?, 1.3.24?, 1.3.22?, 1.3.20?, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p/>
-</dd>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2003-0993">Allow/Deny parsing on big-endian 64-bit platforms</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0993">CVE-2003-0993</a>
-<p>
-A bug in the parsing of Allow/Deny rules using IP addresses
-without a netmask on big-endian 64-bit platforms causes the rules
-to fail to match.
-</p>
-</dd>
-<dd>
- Issue public: 15th October 2003<br/>
- Update released: 12th May 2004<br/>
-</dd>
-<dd>
- Affected:
- 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/>
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2003-0020">Error log escape filtering</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0020">CVE-2003-0020</a>
-<p>
-Apache does not filter terminal escape sequences from error logs,
-which could make it easier for attackers to insert those sequences
-into terminal emulators containing vulnerabilities related to escape
-sequences.
-</p>
-</dd>
-<dd>
- Issue public: 24th February 2003<br/>
- Update released: 12th May 2004<br/>
-</dd>
-<dd>
- Affected:
- 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/>
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2003-0987">mod_digest nonce checking</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0987">CVE-2003-0987</a>
-<p>
-
-mod_digest does not properly verify the nonce of a client response by
-using a AuthNonce secret. This could allow a malicious user who is
-able to sniff network traffic to conduct a replay attack against a
-website using Digest protection. Note that mod_digest implements an
-older version of the MD5 Digest Authentication specification which
-is known not to work with modern browsers. This issue does not affect
-mod_auth_digest.
-
-</p>
-</dd>
-<dd>
- Issue public: 18th December 2003<br/>
- Update released: 12th May 2004<br/>
-</dd>
-<dd>
- Affected:
- 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/>
-</dd>
-</dl>
-</section>
-<section id="1.3.29">
-<title>
-Fixed in Apache httpd 1.3.29</title>
-<dl>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2003-0542">Local configuration regular expression overflow</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0542">CVE-2003-0542</a>
-<p>
-By using a regular expression with more than 9 captures a buffer
-overflow can occur in mod_alias or mod_rewrite. To exploit this an
-attacker would need to be able to create a carefully crafted configuration
-file (.htaccess or httpd.conf)
-</p>
-</dd>
-<dd>
- Reported to security team: 4th August 2003<br/>
- Issue public: 27th October 2003<br/>
- Update released: 27th October 2003<br/>
-</dd>
-<dd>
- Affected:
- 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/>
-</dd>
-</dl>
-</section>
-<section id="1.3.28">
-<title>
-Fixed in Apache httpd 1.3.28</title>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2003-0460">RotateLogs DoS</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0460">CVE-2003-0460</a>
-<p>The rotatelogs support program on Win32 and OS/2 would quit logging
-and exit if it received special control characters such as 0x1A.
-</p>
-</dd>
-<dd>
- Reported to security team: 4th July 2003<br/>
- Issue public: 18th July 2003<br/>
- Update released: 18th July 2003<br/>
-</dd>
-<dd>
- Affected:
- 1.3.27, 1.3.26?, 1.3.24?, 1.3.22?, 1.3.20?, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p/>
-</dd>
-</dl>
-</section>
-<section id="1.3.27">
-<title>
-Fixed in Apache httpd 1.3.27</title>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2002-0843">Buffer overflows in ab utility</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0843">CVE-2002-0843</a>
-<p>Buffer overflows in the benchmarking utility ab could be exploited if
-ab is run against a malicious server
-</p>
-</dd>
-<dd>
- Reported to security team: 23rd September 2002<br/>
- Issue public: 3rd October 2002<br/>
- Update released: 3rd October 2002<br/>
-</dd>
-<dd>
- Affected:
- 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/>
-</dd>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2002-0839">Shared memory permissions lead to local privilege escalation</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0839">CVE-2002-0839</a>
-<p>The permissions of the shared memory used for the scoreboard
-allows an attacker who can execute under
-the Apache UID to send a signal to any process as root or cause a local
-denial of service attack.
-</p>
-</dd>
-<dd>
- Reported to security team: 11th November 2001<br/>
- Issue public: 3rd October 2002<br/>
- Update released: 3rd October 2002<br/>
-</dd>
-<dd>
- Affected:
- 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/>
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2002-0840">Error page XSS using wildcard DNS</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0840">CVE-2002-0840</a>
-<p>Cross-site scripting (XSS) vulnerability in the default error page of
-Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when
-UseCanonicalName is "Off" and support for wildcard DNS is present,
-allows remote attackers to execute script as other web page visitors
-via the Host: header.</p>
-</dd>
-<dd>
- Reported to security team: 20th September 2002<br/>
- Issue public: 2nd October 2002<br/>
- Update released: 3rd October 2002<br/>
-</dd>
-<dd>
- Affected:
- 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/>
-</dd>
-</dl>
-</section>
-<section id="1.3.26">
-<title>
-Fixed in Apache httpd 1.3.26</title>
-<dl>
-<dd>
-<b>critical: </b>
-<b>
-<name name="CVE-2002-0392">Apache Chunked encoding vulnerability</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0392">CVE-2002-0392</a>
-<p>Requests to all versions of Apache 1.3 can cause various effects
-ranging from a relatively harmless increase in
-system resources through to denial of service attacks and in some
-cases the ability to be remotely exploited.</p>
-</dd>
-<dd>
- Reported to security team: 27th May 2002<br/>
- Issue public: 17th June 2002<br/>
- Update released: 18th June 2002<br/>
-</dd>
-<dd>
- Affected:
- 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/>
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2003-0083">Filtered escape sequences</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0083">CVE-2003-0083</a>
-<p>
-Apache does not filter terminal escape sequences from its
-access logs, which could make it easier for attackers to insert those
-sequences into terminal emulators containing vulnerabilities related
-to escape sequences,
-</p>
-</dd>
-<dd>
- Issue public: 24th February 2003<br/>
- Update released: 18th June 2002<br/>
-</dd>
-<dd>
- Affected:
- 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/>
-</dd>
-</dl>
-</section>
-<section id="1.3.24">
-<title>
-Fixed in Apache httpd 1.3.24</title>
-<dl>
-<dd>
-<b>critical: </b>
-<b>
-<name name="CVE-2002-0061">Win32 Apache Remote command execution</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0061">CVE-2002-0061</a>
-<p>Apache for Win32 before 1.3.24 and 2.0.34-beta allows remote
-attackers to execute arbitrary commands via parameters passed
-to batch file CGI scripts.</p>
-</dd>
-<dd>
- Update released: 22nd March 2002<br/>
-</dd>
-<dd>
- Affected:
- 1.3.22, 1.3.20?, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p/>
-</dd>
-</dl>
-</section>
-<section id="1.3.22">
-<title>
-Fixed in Apache httpd 1.3.22</title>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2001-0729">Requests can cause directory listing to be displayed</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0729">CVE-2001-0729</a>
-<p>A vulnerability was found in the Win32 port of
-Apache 1.3.20. A client submitting a very long URI
-could cause a directory listing to be returned rather than
-the default index page. </p>
-</dd>
-<dd>
- Reported to security team: 18th September 2001<br/>
- Issue public: 28th September 2001<br/>
- Update released: 12th October 2001<br/>
-</dd>
-<dd>
- Affected:
- 1.3.20<p/>
-</dd>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2001-0731">Multiviews can cause a directory listing to be displayed</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0731">CVE-2001-0731</a>
-<p>A vulnerability was found when <directive>Multiviews</directive>
- are used to negotiate the directory index. In some
- configurations, requesting a URI with a <samp>QUERY_STRING</samp> of
- <samp>M=D</samp> could
- return a directory listing rather than the expected index page.</p>
-</dd>
-<dd>
- Issue public: 9th July 2001<br/>
- Update released: 12th October 2001<br/>
-</dd>
-<dd>
- Affected:
- 1.3.20, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p/>
-</dd>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2001-0730">split-logfile can cause arbitrary log files to be written to</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0730">CVE-2001-0730</a>
-<p>A vulnerability was found in the <samp>split-logfile</samp> support
- program. A request with a specially crafted <samp>Host:</samp>
- header could allow any file with a <samp>.log</samp> extension on
- the system to be written to. </p>
-</dd>
-<dd>
- Issue public: 28th September 2001<br/>
- Update released: 12th October 2001<br/>
-</dd>
-<dd>
- Affected:
- 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/>
-</dd>
-</dl>
-</section>
-<section id="1.3.20">
-<title>
-Fixed in Apache httpd 1.3.20</title>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2001-1342">Denial of service attack on Win32 and OS2</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1342">CVE-2001-1342</a>
-<p>A vulnerability was found in the Win32 and OS2 ports of Apache 1.3. A
- client submitting a carefully constructed URI could cause a General
- Protection Fault in a child process, bringing up a message box which
- would have to be cleared by the operator to resume operation. This
- vulnerability introduced no identified means to compromise the server
- other than introducing a possible denial of service. </p>
-</dd>
-<dd>
- Update released: 22nd May 2001<br/>
-</dd>
-<dd>
- Affected:
- 1.3.20, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p/>
-</dd>
-</dl>
-</section>
-<section id="1.3.19">
-<title>
-Fixed in Apache httpd 1.3.19</title>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2001-0925">Requests can cause directory listing to be displayed</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0925">CVE-2001-0925</a>
-<p>The default installation can lead <samp>mod_negotiation</samp> and
- <samp>mod_dir</samp> or <samp>mod_autoindex</samp> to display a
- directory listing instead of the multiview index.html file if a
- very long path was created artificially by using many slashes. </p>
-</dd>
-<dd>
- Update released: 28th February 2001<br/>
-</dd>
-<dd>
- Affected:
- 1.3.17, 1.3.14, 1.3.12, 1.3.11<p/>
-</dd>
-</dl>
-</section>
-<section id="1.3.14">
-<title>
-Fixed in Apache httpd 1.3.14</title>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2000-0913">Rewrite rules that include references allow access to any file</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0913">CVE-2000-0913</a>
-<p>The Rewrite module, <samp>mod_rewrite</samp>, can allow access to
- any file on the web server. The vulnerability occurs only with
- certain specific cases of using regular expression references in
- <samp>RewriteRule</samp> directives: If the destination
- of a <samp>RewriteRule</samp> contains regular expression references
- then an attacker will be able to access any file on the server.</p>
-</dd>
-<dd>
- Issue public: 29th September 2000<br/>
- Update released: 13th October 2000<br/>
-</dd>
-<dd>
- Affected:
- 1.3.12, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p/>
-</dd>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2000-1204">Mass virtual hosting can display CGI source</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1204">CVE-2000-1204</a>
-<p>A security problem for users of the mass virtual hosting module,
- <samp>mod_vhost_alias</samp>, causes
- the source to a CGI to be sent if the <samp>cgi-bin</samp> directory is
- under the document root. However, it is not normal to have your
- cgi-bin directory under a document root.</p>
-</dd>
-<dd>
- Update released: 13th October 2000<br/>
-</dd>
-<dd>
- Affected:
- 1.3.12, 1.3.11, 1.3.9<p/>
-</dd>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2000-0505">Requests can cause directory listing to be displayed on NT</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0505">CVE-2000-0505</a>
-<p>A security hole on Apache for Windows allows a user to
- view the listing of a
- directory instead of the default HTML page by sending a carefully
- constructed request.</p>
-</dd>
-<dd>
- Update released: 13th October 2000<br/>
-</dd>
-<dd>
- Affected:
- 1.3.12, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p/>
-</dd>
-</dl>
-</section>
-<section id="1.3.12">
-<title>
-Fixed in Apache httpd 1.3.12</title>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2000-1205">Cross-site scripting can reveal private session information</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1205">CVE-2000-1205</a>
-<p>Apache was vulnerable to cross site scripting issues.
- It was shown that malicious HTML tags can be embedded in client web
- requests if the server or script handling the request does not
- carefully encode all information displayed to
- the user. Using these vulnerabilities attackers could, for
- example, obtain copies of your private
- cookies used to authenticate
- you to other sites.</p>
-</dd>
-<dd>
- Update released: 25th February 2000<br/>
-</dd>
-<dd>
- Affected:
- 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/>
-</dd>
-</dl>
-</section>
-<section id="1.3.11">
-<title>
-Fixed in Apache httpd 1.3.11</title>
-<dl>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2000-1206">Mass virtual hosting security issue</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1206">CVE-2000-1206</a>
-<p>A security problem can occur for sites using mass name-based virtual
-hosting (using
-the new <samp>mod_vhost_alias</samp> module) or with special
-<samp>mod_rewrite</samp> rules.
-
-<!-- Makes sure vhost alias can only be alnum, - or . -->
-
-</p>
-</dd>
-<dd>
- Update released: 21st January 2000<br/>
-</dd>
-<dd>
- Affected:
- 1.3.9, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p/>
-</dd>
-</dl>
-</section>
-<section id="1.3.4">
-<title>
-Fixed in Apache httpd 1.3.4</title>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="">Denial of service attack on Win32</name>
-</b>
-<p>There have been a number of important security fixes to Apache on
-Windows. The most important is that there is much better protection
-against people trying to access special DOS device names (such as
-"nul"). </p>
-</dd>
-<dd>
- Update released: 11th January 1999<br/>
-</dd>
-<dd>
- Affected:
- 1.3.3, 1.3.2, 1.3.1, 1.3.0<p/>
-</dd>
-</dl>
-</section>
-<section id="1.3.2">
-<title>
-Fixed in Apache httpd 1.3.2</title>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-1999-1199">Multiple header Denial of Service vulnerability</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1199">CVE-1999-1199</a>
-<p>A serious problem exists when a client
-sends a large number of headers with the same header name. Apache uses
-up memory faster than the amount of memory required to simply store
-the received data itself. That is, memory use increases faster and
-faster as more headers are received, rather than increasing at a
-constant rate. This makes a denial of service attack based on this
-method more effective than methods which cause Apache to use memory at
-a constant rate, since the attacker has to send less data.</p>
-</dd>
-<dd>
- Update released: 23rd September 1998<br/>
-</dd>
-<dd>
- Affected:
- 1.3.1, 1.3.0<p/>
-</dd>
-<dd>
-<b>important: </b>
-<b>
-<name name="">Denial of service attacks</name>
-</b>
-<p>Apache 1.3.2 has
-better protection against denial of service attacks. These are when
-people make excessive requests to the server to try and prevent other
-people using it. In 1.3.2 there are several new directives which can
-limit the size of requests (these directives all start with the word
-<SAMP>Limit</SAMP>).
-</p>
-</dd>
-<dd>
- Update released: 23rd September 1998<br/>
-</dd>
-<dd>
- Affected:
- 1.3.1, 1.3.0<p/>
-</dd>
-</dl>
-</section>
-</body>
-</document>
+connection on a rarely-accessed listening socket will cause a child to hold
+the accept mutex and block out new connections until another connection
+arrives on that rarely-accessed listening socket. This issue is known to
+affect some versions of AIX, Solaris, and Tru64; it is known to not affect
+FreeBSD or Linux.
+
+: Reported to security team: 25th February 2004<br></br>Issue public:
+ 18th March 2004<br></br>Update released: 12th May 2004<br></br>
+: Affected: 1.3.29, 1.3.28?, 1.3.27?, 1.3.26?, 1.3.24?, 1.3.22?,
+ 1.3.20?, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?, 1.3.6?,
+ 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?
+
+: **important:** **<name name="CVE-2003-0993">Allow/Deny parsing on
+ big-endian 64-bit platforms</name>**
+ [CVE-2003-0993](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0993)
+A bug in the parsing of Allow/Deny rules using IP addresses without a
+netmask on big-endian 64-bit platforms causes the rules to fail to match.
+
+: Issue public: 15th October 2003<br></br>Update released:
+ 12th May 2004<br></br>
+: Affected: 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20,
+ 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3,
+ 1.3.2, 1.3.1, 1.3.0
+
+: **low:** **<name name="CVE-2003-0020">Error log escape
+ filtering</name>**
+ [CVE-2003-0020](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0020)
+Apache does not filter terminal escape sequences from error logs, which
+could make it easier for attackers to insert those sequences into terminal
+emulators containing vulnerabilities related to escape sequences.
+
+: Issue public: 24th February 2003<br></br>Update released:
+ 12th May 2004<br></br>
+: Affected: 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20,
+ 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3,
+ 1.3.2, 1.3.1, 1.3.0
+
+: **low:** **<name name="CVE-2003-0987">mod_digest nonce
+ checking</name>**
+ [CVE-2003-0987](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0987)
+mod_digest does not properly verify the nonce of a client response by using
+a AuthNonce secret. This could allow a malicious user who is able to sniff
+network traffic to conduct a replay attack against a website using Digest
+protection. Note that mod_digest implements an older version of the MD5
+Digest Authentication specification which is known not to work with modern
+browsers. This issue does not affect mod_auth_digest.
+
+: Issue public: 18th December 2003<br></br>Update released:
+ 12th May 2004<br></br>
+: Affected: 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20,
+ 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3,
+ 1.3.2, 1.3.1, 1.3.0
+
+# Fixed in Apache httpd 1.3.29 # {#1.3.29}
+
+: **low:** **<name name="CVE-2003-0542">Local configuration regular
+ expression overflow</name>**
+ [CVE-2003-0542](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0542)
+By using a regular expression with more than 9 captures a buffer overflow
+can occur in mod_alias or mod_rewrite. To exploit this an attacker would
+need to be able to create a carefully crafted configuration file (.htaccess
+or httpd.conf)
+
+: Reported to security team: 4th August 2003<br></br>Issue public:
+ 27th October 2003<br></br>Update released:
+ 27th October 2003<br></br>
+: Affected: 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19,
+ 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2,
+ 1.3.1, 1.3.0
+
+# Fixed in Apache httpd 1.3.28 # {#1.3.28}
+
+: **important:** **<name name="CVE-2003-0460">RotateLogs DoS</name>**
+ [CVE-2003-0460](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0460)
+The rotatelogs support program on Win32 and OS/2 would quit logging and
+exit if it received special control characters such as 0x1A.
+
+: Reported to security team: 4th July 2003<br></br>Issue public:
+ 18th July 2003<br></br>Update released: 18th July 2003<br></br>
+: Affected: 1.3.27, 1.3.26?, 1.3.24?, 1.3.22?, 1.3.20?, 1.3.19?,
+ 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?,
+ 1.3.2?, 1.3.1?, 1.3.0?
+
+# Fixed in Apache httpd 1.3.27 # {#1.3.27}
+
+: **important:** **<name name="CVE-2002-0843">Buffer overflows in ab
+ utility</name>**
+ [CVE-2002-0843](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0843)
+Buffer overflows in the benchmarking utility ab could be exploited if ab is
+run against a malicious server
+
+: Reported to security team: 23rd September 2002<br></br>Issue public:
+ 3rd October 2002<br></br>Update released:
+ 3rd October 2002<br></br>
+: Affected: 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14,
+ 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0
+
+: **important:** **<name name="CVE-2002-0839">Shared memory
+ permissions lead to local privilege escalation</name>**
+ [CVE-2002-0839](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0839)
+The permissions of the shared memory used for the scoreboard allows an
+attacker who can execute under the Apache UID to send a signal to any
+process as root or cause a local denial of service attack.
+
+: Reported to security team: 11th November 2001<br></br>Issue public:
+ 3rd October 2002<br></br>Update released:
+ 3rd October 2002<br></br>
+: Affected: 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14,
+ 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0
+
+: **low:** **<name name="CVE-2002-0840">Error page XSS using wildcard
+ DNS</name>**
+ [CVE-2002-0840](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0840)
+Cross-site scripting (XSS) vulnerability in the default error page of
+Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is
+"Off" and support for wildcard DNS is present, allows remote attackers to
+execute script as other web page visitors via the Host: header.
+
+: Reported to security team: 20th September 2002<br></br>Issue public:
+ 2nd October 2002<br></br>Update released:
+ 3rd October 2002<br></br>
+: Affected: 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14,
+ 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0
+
+# Fixed in Apache httpd 1.3.26 # {#1.3.26}
+
+: **critical:** **<name name="CVE-2002-0392">Apache Chunked encoding
+ vulnerability</name>**
+ [CVE-2002-0392](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0392)
+Requests to all versions of Apache 1.3 can cause various effects ranging
+from a relatively harmless increase in system resources through to denial
+of service attacks and in some cases the ability to be remotely exploited.
+
+: Reported to security team: 27th May 2002<br></br>Issue public:
+ 17th June 2002<br></br>Update released: 18th June 2002<br></br>
+: Affected: 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12,
+ 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0
+
+: **low:** **<name name="CVE-2003-0083">Filtered escape
+ sequences</name>**
+ [CVE-2003-0083](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0083)
+Apache does not filter terminal escape sequences from its access logs,
+which could make it easier for attackers to insert those sequences into
+terminal emulators containing vulnerabilities related to escape sequences,
+
+: Issue public: 24th February 2003<br></br>Update released:
+ 18th June 2002<br></br>
+: Affected: 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12,
+ 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0
+
+# Fixed in Apache httpd 1.3.24 # {#1.3.24}
+
+: **critical:** **<name name="CVE-2002-0061">Win32 Apache Remote
+ command execution</name>**
+ [CVE-2002-0061](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0061)
+Apache for Win32 before 1.3.24 and 2.0.34-beta allows remote attackers to
+execute arbitrary commands via parameters passed to batch file CGI scripts.
+
+: Update released: 22nd March 2002<br></br>
+: Affected: 1.3.22, 1.3.20?, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?,
+ 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?
+
+# Fixed in Apache httpd 1.3.22 # {#1.3.22}
+
+: **important:** **<name name="CVE-2001-0729">Requests can cause
+ directory listing to be displayed</name>**
+ [CVE-2001-0729](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0729)
+A vulnerability was found in the Win32 port of Apache 1.3.20. A client
+submitting a very long URI could cause a directory listing to be returned
+rather than the default index page.
+
+: Reported to security team: 18th September 2001<br></br>Issue public:
+ 28th September 2001<br></br>Update released:
+ 12th October 2001<br></br>
+: Affected: 1.3.20
+
+: **important:** **<name name="CVE-2001-0731">Multiviews can cause a
+ directory listing to be displayed</name>**
+ [CVE-2001-0731](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0731)
+A vulnerability was found when<directive>Multiviews</directive>are used to
+negotiate the directory index. In some configurations, requesting a URI
+with a<samp>QUERY_STRING</samp>of<samp>M=D</samp>could return a directory
+listing rather than the expected index page.
+
+: Issue public: 9th July 2001<br></br>Update released:
+ 12th October 2001<br></br>
+: Affected: 1.3.20, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?,
+ 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?
+
+: **moderate:** **<name name="CVE-2001-0730">split-logfile can cause
+ arbitrary log files to be written to</name>**
+ [CVE-2001-0730](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0730)
+A vulnerability was found in the<samp>split-logfile</samp>support program.
+A request with a specially crafted<samp>Host:</samp>header could allow any
+file with a<samp>.log</samp>extension on the system to be written to.
+
+: Issue public: 28th September 2001<br></br>Update released:
+ 12th October 2001<br></br>
+: Affected: 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9,
+ 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0
+
+# Fixed in Apache httpd 1.3.20 # {#1.3.20}
+
+: **important:** **<name name="CVE-2001-1342">Denial of service attack
+ on Win32 and OS2</name>**
+ [CVE-2001-1342](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1342)
+A vulnerability was found in the Win32 and OS2 ports of Apache 1.3. A
+client submitting a carefully constructed URI could cause a General
+Protection Fault in a child process, bringing up a message box which would
+have to be cleared by the operator to resume operation. This vulnerability
+introduced no identified means to compromise the server other than
+introducing a possible denial of service.
+
+: Update released: 22nd May 2001<br></br>
+: Affected: 1.3.20, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?,
+ 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?
+
+# Fixed in Apache httpd 1.3.19 # {#1.3.19}
+
+: **important:** **<name name="CVE-2001-0925">Requests can cause
+ directory listing to be displayed</name>**
+ [CVE-2001-0925](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0925)
+The default installation can
+lead<samp>mod_negotiation</samp>and<samp>mod_dir</samp>or<samp>mod_autoindex</samp>to
+display a directory listing instead of the multiview index.html file if a
+very long path was created artificially by using many slashes.
+
+: Update released: 28th February 2001<br></br>
+: Affected: 1.3.17, 1.3.14, 1.3.12, 1.3.11
+
+# Fixed in Apache httpd 1.3.14 # {#1.3.14}
+
+: **important:** **<name name="CVE-2000-0913">Rewrite rules that
+ include references allow access to any file</name>**
+ [CVE-2000-0913](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0913)
+The Rewrite module,<samp>mod_rewrite</samp>, can allow access to any file
+on the web server. The vulnerability occurs only with certain specific
+cases of using regular expression references
+in<samp>RewriteRule</samp>directives: If the destination of
+a<samp>RewriteRule</samp>contains regular expression references then an
+attacker will be able to access any file on the server.
+
+: Issue public: 29th September 2000<br></br>Update released:
+ 13th October 2000<br></br>
+: Affected: 1.3.12, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?,
+ 1.3.1?, 1.3.0?
+
+: **important:** **<name name="CVE-2000-1204">Mass virtual hosting can
+ display CGI source</name>**
+ [CVE-2000-1204](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1204)
+A security problem for users of the mass virtual hosting
+module,<samp>mod_vhost_alias</samp>, causes the source to a CGI to be sent
+if the<samp>cgi-bin</samp>directory is under the document root. However, it
+is not normal to have your cgi-bin directory under a document root.
+
+: Update released: 13th October 2000<br></br>
+: Affected: 1.3.12, 1.3.11, 1.3.9
+
+: **moderate:** **<name name="CVE-2000-0505">Requests can cause
+ directory listing to be displayed on NT</name>**
+ [CVE-2000-0505](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0505)
+A security hole on Apache for Windows allows a user to view the listing of
+a directory instead of the default HTML page by sending a carefully
+constructed request.
+
+: Update released: 13th October 2000<br></br>
+: Affected: 1.3.12, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?,
+ 1.3.1?, 1.3.0?
+
+# Fixed in Apache httpd 1.3.12 # {#1.3.12}
+
+: **important:** **<name name="CVE-2000-1205">Cross-site scripting can
+ reveal private session information</name>**
+ [CVE-2000-1205](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1205)
+Apache was vulnerable to cross site scripting issues. It was shown that
+malicious HTML tags can be embedded in client web requests if the server or
+script handling the request does not carefully encode all information
+displayed to the user. Using these vulnerabilities attackers could, for
+example, obtain copies of your private cookies used to authenticate you to
+other sites.
+
+: Update released: 25th February 2000<br></br>
+: Affected: 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0
+
+# Fixed in Apache httpd 1.3.11 # {#1.3.11}
+
+: **moderate:** **<name name="CVE-2000-1206">Mass virtual hosting
+ security issue</name>**
+ [CVE-2000-1206](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1206)
+A security problem can occur for sites using mass name-based virtual
+hosting (using the new<samp>mod_vhost_alias</samp>module) or with
+special<samp>mod_rewrite</samp>rules.
+
+: Update released: 21st January 2000<br></br>
+: Affected: 1.3.9, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?
+
+# Fixed in Apache httpd 1.3.4 # {#1.3.4}
+
+: **important:** **<name name="">Denial of service attack on
+ Win32</name>**
+There have been a number of important security fixes to Apache on Windows.
+The most important is that there is much better protection against people
+trying to access special DOS device names (such as "nul").
+
+: Update released: 11th January 1999<br></br>
+: Affected: 1.3.3, 1.3.2, 1.3.1, 1.3.0
+
+# Fixed in Apache httpd 1.3.2 # {#1.3.2}
+
+: **important:** **<name name="CVE-1999-1199">Multiple header Denial
+ of Service vulnerability</name>**
+ [CVE-1999-1199](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1199)
+A serious problem exists when a client sends a large number of headers with
+the same header name. Apache uses up memory faster than the amount of
+memory required to simply store the received data itself. That is, memory
+use increases faster and faster as more headers are received, rather than
+increasing at a constant rate. This makes a denial of service attack based
+on this method more effective than methods which cause Apache to use memory
+at a constant rate, since the attacker has to send less data.
+
+: Update released: 23rd September 1998<br></br>
+: Affected: 1.3.1, 1.3.0
+
+: **important:** **<name name="">Denial of service attacks</name>**
+Apache 1.3.2 has better protection against denial of service attacks. These
+are when people make excessive requests to the server to try and prevent
+other people using it. In 1.3.2 there are several new directives which can
+limit the size of requests (these directives all start with the
+word<SAMP>Limit</SAMP>).
+
+: Update released: 23rd September 1998<br></br>
+: Affected: 1.3.1, 1.3.0
+