You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2013/05/21 07:24:21 UTC
[Bug 54994] New: Apache 2.x version older than 2.2.6
https://issues.apache.org/bugzilla/show_bug.cgi?id=54994
Bug ID: 54994
Summary: Apache 2.x version older than 2.2.6
Product: Apache httpd-2
Version: 2.2.6
Hardware: PC
Status: NEW
Severity: major
Priority: P2
Component: mod_status
Assignee: bugs@httpd.apache.org
Reporter: u-2031@hotmail.com
Classification: Unclassified
Fixed in Apache httpd 2.2.6:
moderate: mod_proxy crash CVE-2007-3847
A flaw was found in the Apache HTTP Server mod_proxy module. On sites where a
reverse proxy is configured, a remote attacker could send a carefully crafted
request that would cause the Apache child process handling that request to
crash. On sites where a forward proxy is configured, an attacker could cause a
similar crash if a user could be persuaded to visit a malicious site using the
proxy. This could lead to a denial of service if using a threaded
Multi-Processing Module.
moderate: mod_status cross-site scripting CVE-2006-5752
A flaw was found in the mod_status module. On sites where the server-status
page is publicly accessible and ExtendedStatus is enabled this could lead to a
cross-site scripting attack. Note that the server-status page is not enabled by
default and it is best practice to not make this publicly available.
moderate: Signals to arbitrary processes CVE-2007-3304
The Apache HTTP server did not verify that a process was an Apache child
process before sending it signals. A local attacker with the ability to run
scripts on the HTTP server could manipulate the scoreboard and cause arbitrary
processes to be terminated which could lead to a denial of service.
moderate: mod_cache information leak CVE-2007-1862
The recall_headers function in mod_mem_cache in Apache 2.2.4 did not properly
copy all levels of header data, which can cause Apache to return HTTP headers
containing previously used data, which could be used by remote attackers to
obtain potentially sensitive information.
moderate: mod_cache proxy DoS CVE-2007-1863
A bug was found in the mod_cache module. On sites where caching is enabled, a
remote attacker could send a carefully crafted request that would cause the
Apache child process handling that request to crash. This could lead to a
denial of service if using a threaded Multi-Processing Module.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 54994] Apache 2.x version older than 2.2.6
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=54994
Christophe JAILLET <ch...@wanadoo.fr> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |INVALID
OS| |All
--- Comment #1 from Christophe JAILLET <ch...@wanadoo.fr> ---
What the point with this report ?
The goal of bugzilla is to track *new* bug reports.
Did I miss something ?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org