You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by bu...@apache.org on 2012/05/06 19:59:49 UTC
svn commit: r816099 - in /websites/staging/httpd/trunk/content: ./
security/vulnerabilities_22.html
Author: buildbot
Date: Sun May 6 17:59:49 2012
New Revision: 816099
Log:
Staging update by buildbot for httpd
Modified:
websites/staging/httpd/trunk/content/ (props changed)
websites/staging/httpd/trunk/content/security/vulnerabilities_22.html
Propchange: websites/staging/httpd/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Sun May 6 17:59:49 2012
@@ -1 +1 @@
-1334719
+1334721
Modified: websites/staging/httpd/trunk/content/security/vulnerabilities_22.html
==============================================================================
--- websites/staging/httpd/trunk/content/security/vulnerabilities_22.html (original)
+++ websites/staging/httpd/trunk/content/security/vulnerabilities_22.html Sun May 6 17:59:49 2012
@@ -86,11 +86,12 @@ development source tree and will be part
populated by Apache Week. Please send comments or corrections for these
vulnerabilities to the <a href="/security_report.html">Security Team</a>.</p>
<h1 id="2.2.22">Fixed in Apache httpd 2.2.22</h1>
-<dl>
-<dd><strong>low:</strong> <strong><name name="CVE-2011-3607">mod_setenvif.htaccess
- privilege escalation</name></strong>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3607">CVE-2011-3607</a> </dd>
-</dl>
+<h2 id="low-wzxhzdk38mod_setenvifhtaccess"><strong>low:</strong> **<name name="CVE-2011-3607">mod_setenvif.htaccess</h2>
+<div class="codehilite"><pre> <span class="n">privilege</span> <span class="n">escalation</span><span class="sr"></name></span><span class="o">**</span>
+ <span class="p">[</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2011</span><span class="o">-</span><span class="mi">3607</span><span class="p">](</span><span class="n">http:</span><span class="sr">//c</span><span class="n">ve</span><span class="o">.</span><span class="n">mitre</span><span class="o">.</span><span class="n">org</span><span class="sr">/cgi-bin/c</span><span class="n">vename</span><span class="o">.</span><span class="n">cgi</span><span class="p">?</span><span class="n">name</span><span class="o">=</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2011</span><span class="o">-</span><span class="mi">3607</span><span class="p">)</span>
+</pre></div>
+
+
<p>An integer overflow flaw was found which, when the mod_setenvif module is
enabled, could allow local users to gain privileges via a.htaccess file.</p>
<dl>
@@ -105,10 +106,13 @@ enabled, could allow local users to gain
2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5,
2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
</dd>
-<dd>
-<p><strong>low:</strong> <strong><name name="CVE-2012-0021">mod_log_config crash</name></strong>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0021">CVE-2012-0021</a> </p>
-</dd>
+</dl>
+<h2 id="low-wzxhzdk39mod_log_config-crashwzxhzdk40"><strong>low:</strong> <strong><name name="CVE-2012-0021">mod_log_config crash</name></strong></h2>
+<div class="codehilite"><pre> <span class="p">[</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2012</span><span class="o">-</span><span class="mo">0021</span><span class="p">](</span><span class="n">http:</span><span class="sr">//c</span><span class="n">ve</span><span class="o">.</span><span class="n">mitre</span><span class="o">.</span><span class="n">org</span><span class="sr">/cgi-bin/c</span><span class="n">vename</span><span class="o">.</span><span class="n">cgi</span><span class="p">?</span><span class="n">name</span><span class="o">=</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2012</span><span class="o">-</span><span class="mo">0021</span><span class="p">)</span>
+</pre></div>
+
+
+<dl>
<dt>A flaw was found in mod_log_config. If the '%{cookiename}C' log format</dt>
<dt>string is in use, a remote attacker could send a specific cookie causing a</dt>
<dt>crash. This crash would only be a denial of service if using a threaded</dt>
@@ -121,13 +125,16 @@ enabled, could allow local users to gain
<dd>
<p>Affected: 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17</p>
</dd>
-<dd>
-<p><strong>low:</strong> <strong><name name="CVE-2012-0031">scoreboard parent DoS</name></strong></p>
-<p><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0031">CVE-2012-0031</a>
-A flaw was found in the handling of the scoreboard. An unprivileged child
+</dl>
+<h2 id="low-wzxhzdk41scoreboard-parent-doswzxhzdk42"><strong>low:</strong> <strong><name name="CVE-2012-0031">scoreboard parent DoS</name></strong></h2>
+<div class="codehilite"><pre> <span class="p">[</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2012</span><span class="o">-</span><span class="mo">0031</span><span class="p">](</span><span class="n">http:</span><span class="sr">//c</span><span class="n">ve</span><span class="o">.</span><span class="n">mitre</span><span class="o">.</span><span class="n">org</span><span class="sr">/cgi-bin/c</span><span class="n">vename</span><span class="o">.</span><span class="n">cgi</span><span class="p">?</span><span class="n">name</span><span class="o">=</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2012</span><span class="o">-</span><span class="mo">0031</span><span class="p">)</span>
+</pre></div>
+
+
+<p>A flaw was found in the handling of the scoreboard. An unprivileged child
process could cause the parent process to crash at shutdown rather than
terminate cleanly.</p>
-</dd>
+<dl>
<dt>Acknowledgements: This issue was reported by halfdog</dt>
<dd>
<p>Reported to security team: 30th December 2011<br></br>Issue public:
@@ -139,12 +146,13 @@ terminate cleanly.</p>
2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5,
2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
</dd>
-<dd>
-<p><strong>moderate:</strong> <strong><name name="CVE-2011-4317">mod_proxy reverse proxy
- exposure</name></strong>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317">CVE-2011-4317</a> </p>
-</dd>
</dl>
+<h2 id="moderate-wzxhzdk43mod_proxy-reverse-proxy"><strong>moderate:</strong> **<name name="CVE-2011-4317">mod_proxy reverse proxy</h2>
+<div class="codehilite"><pre> <span class="n">exposure</span><span class="sr"></name></span><span class="o">**</span>
+ <span class="p">[</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2011</span><span class="o">-</span><span class="mi">4317</span><span class="p">](</span><span class="n">http:</span><span class="sr">//c</span><span class="n">ve</span><span class="o">.</span><span class="n">mitre</span><span class="o">.</span><span class="n">org</span><span class="sr">/cgi-bin/c</span><span class="n">vename</span><span class="o">.</span><span class="n">cgi</span><span class="p">?</span><span class="n">name</span><span class="o">=</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2011</span><span class="o">-</span><span class="mi">4317</span><span class="p">)</span>
+</pre></div>
+
+
<p>An additional exposure was found when using mod_proxy in reverse proxy
mode. In certain configurations using RewriteRule with proxy flag or
ProxyPassMatch, a remote attacker could cause the reverse proxy to connect
@@ -162,12 +170,13 @@ internal web servers not directly access
2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5,
2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
</dd>
-<dd>
-<p><strong>moderate:</strong> <strong><name name="CVE-2012-0053">error responses can
- expose cookies</name></strong>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0053">CVE-2012-0053</a> </p>
-</dd>
</dl>
+<h2 id="moderate-wzxhzdk44error-responses-can"><strong>moderate:</strong> **<name name="CVE-2012-0053">error responses can</h2>
+<div class="codehilite"><pre> <span class="n">expose</span> <span class="n">cookies</span><span class="sr"></name></span><span class="o">**</span>
+ <span class="p">[</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2012</span><span class="o">-</span><span class="mo">0053</span><span class="p">](</span><span class="n">http:</span><span class="sr">//c</span><span class="n">ve</span><span class="o">.</span><span class="n">mitre</span><span class="o">.</span><span class="n">org</span><span class="sr">/cgi-bin/c</span><span class="n">vename</span><span class="o">.</span><span class="n">cgi</span><span class="p">?</span><span class="n">name</span><span class="o">=</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2012</span><span class="o">-</span><span class="mo">0053</span><span class="p">)</span>
+</pre></div>
+
+
<p>A flaw was found in the default error response for status code 400. This
flaw could be used by an attacker to expose "httpOnly" cookies when no
custom ErrorDocument is specified.</p>
@@ -183,12 +192,13 @@ custom ErrorDocument is specified.</p>
2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5,
2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
</dd>
-<dd>
-<p><strong>moderate:</strong> <strong><name name="CVE-2011-3368">mod_proxy reverse proxy
- exposure</name></strong>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368">CVE-2011-3368</a> </p>
-</dd>
</dl>
+<h2 id="moderate-wzxhzdk45mod_proxy-reverse-proxy"><strong>moderate:</strong> **<name name="CVE-2011-3368">mod_proxy reverse proxy</h2>
+<div class="codehilite"><pre> <span class="n">exposure</span><span class="sr"></name></span><span class="o">**</span>
+ <span class="p">[</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2011</span><span class="o">-</span><span class="mi">3368</span><span class="p">](</span><span class="n">http:</span><span class="sr">//c</span><span class="n">ve</span><span class="o">.</span><span class="n">mitre</span><span class="o">.</span><span class="n">org</span><span class="sr">/cgi-bin/c</span><span class="n">vename</span><span class="o">.</span><span class="n">cgi</span><span class="p">?</span><span class="n">name</span><span class="o">=</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2011</span><span class="o">-</span><span class="mi">3368</span><span class="p">)</span>
+</pre></div>
+
+
<p>An exposure was found when using mod_proxy in reverse proxy mode. In
certain configurations using RewriteRule with proxy flag or ProxyPassMatch,
a remote attacker could cause the reverse proxy to connect to an arbitrary
@@ -209,10 +219,13 @@ not directly accessible to attacker.</p>
</dd>
</dl>
<h1 id="2.2.21">Fixed in Apache httpd 2.2.21</h1>
+<h2 id="moderate-wzxhzdk46mod_proxy_ajp-remote"><strong>moderate:</strong> **<name name="CVE-2011-3348">mod_proxy_ajp remote</h2>
+<div class="codehilite"><pre> <span class="n">DoS</span><span class="sr"></name></span><span class="o">**</span>
+ <span class="p">[</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2011</span><span class="o">-</span><span class="mi">3348</span><span class="p">](</span><span class="n">http:</span><span class="sr">//c</span><span class="n">ve</span><span class="o">.</span><span class="n">mitre</span><span class="o">.</span><span class="n">org</span><span class="sr">/cgi-bin/c</span><span class="n">vename</span><span class="o">.</span><span class="n">cgi</span><span class="p">?</span><span class="n">name</span><span class="o">=</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2011</span><span class="o">-</span><span class="mi">3348</span><span class="p">)</span>
+</pre></div>
+
+
<dl>
-<dd><strong>moderate:</strong> <strong><name name="CVE-2011-3348">mod_proxy_ajp remote
- DoS</name></strong>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3348">CVE-2011-3348</a> </dd>
<dt>A flaw was found when mod_proxy_ajp is used together with</dt>
<dt>mod_proxy_balancer. Given a specific configuration, a remote attacker could</dt>
<dt>send certain malformed HTTP requests, putting a backend server into an</dt>
@@ -252,11 +265,12 @@ attack.</p>
</dd>
</dl>
<h1 id="2.2.19">Fixed in Apache httpd 2.2.19</h1>
-<dl>
-<dd><strong>moderate:</strong> <strong><name name="CVE-2011-0419">apr_fnmatch flaw leads to
- mod_autoindex remote DoS</name></strong>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0419">CVE-2011-0419</a> </dd>
-</dl>
+<h2 id="moderate-wzxhzdk47apr_fnmatch-flaw-leads-to"><strong>moderate:</strong> **<name name="CVE-2011-0419">apr_fnmatch flaw leads to</h2>
+<div class="codehilite"><pre> <span class="n">mod_autoindex</span> <span class="n">remote</span> <span class="n">DoS</span><span class="sr"></name></span><span class="o">**</span>
+ <span class="p">[</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2011</span><span class="o">-</span><span class="mo">041</span><span class="mi">9</span><span class="p">](</span><span class="n">http:</span><span class="sr">//c</span><span class="n">ve</span><span class="o">.</span><span class="n">mitre</span><span class="o">.</span><span class="n">org</span><span class="sr">/cgi-bin/c</span><span class="n">vename</span><span class="o">.</span><span class="n">cgi</span><span class="p">?</span><span class="n">name</span><span class="o">=</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2011</span><span class="o">-</span><span class="mo">041</span><span class="mi">9</span><span class="p">)</span>
+</pre></div>
+
+
<p>A flaw was found in the apr_fnmatch() function of the bundled APR library.
Where mod_autoindex is enabled, and a directory indexed by mod_autoindex
contained files with sufficiently long names, a remote attacker could send
@@ -278,9 +292,12 @@ arguments, preventing this attack.</p>
</dd>
</dl>
<h1 id="2.2.17">Fixed in Apache httpd 2.2.17</h1>
+<h2 id="low-wzxhzdk48expat-doswzxhzdk49"><strong>low:</strong> <strong><name name="CVE-2009-3720">expat DoS</name></strong></h2>
+<div class="codehilite"><pre> <span class="p">[</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2009</span><span class="o">-</span><span class="mi">3720</span><span class="p">](</span><span class="n">http:</span><span class="sr">//c</span><span class="n">ve</span><span class="o">.</span><span class="n">mitre</span><span class="o">.</span><span class="n">org</span><span class="sr">/cgi-bin/c</span><span class="n">vename</span><span class="o">.</span><span class="n">cgi</span><span class="p">?</span><span class="n">name</span><span class="o">=</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2009</span><span class="o">-</span><span class="mi">3720</span><span class="p">)</span>
+</pre></div>
+
+
<dl>
-<dd><strong>low:</strong> <strong><name name="CVE-2009-3720">expat DoS</name></strong>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720">CVE-2009-3720</a> </dd>
<dt>A buffer over-read flaw was found in the bundled expat library. An attacker</dt>
<dt>who is able to get Apache to parse an untrused XML document (for example</dt>
<dt>through mod_dav) may be able to cause a crash. This crash would only be a</dt>
@@ -294,10 +311,13 @@ arguments, preventing this attack.</p>
<p>Affected: 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10,
2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
</dd>
-<dd>
-<p><strong>low:</strong> <strong><name name="CVE-2009-3560">expat DoS</name></strong>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560">CVE-2009-3560</a> </p>
-</dd>
+</dl>
+<h2 id="low-wzxhzdk50expat-doswzxhzdk51"><strong>low:</strong> <strong><name name="CVE-2009-3560">expat DoS</name></strong></h2>
+<div class="codehilite"><pre> <span class="p">[</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2009</span><span class="o">-</span><span class="mi">3560</span><span class="p">](</span><span class="n">http:</span><span class="sr">//c</span><span class="n">ve</span><span class="o">.</span><span class="n">mitre</span><span class="o">.</span><span class="n">org</span><span class="sr">/cgi-bin/c</span><span class="n">vename</span><span class="o">.</span><span class="n">cgi</span><span class="p">?</span><span class="n">name</span><span class="o">=</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2009</span><span class="o">-</span><span class="mi">3560</span><span class="p">)</span>
+</pre></div>
+
+
+<dl>
<dt>A buffer over-read flaw was found in the bundled expat library. An attacker</dt>
<dt>who is able to get Apache to parse an untrused XML document (for example</dt>
<dt>through mod_dav) may be able to cause a crash. This crash would only be a</dt>
@@ -310,11 +330,14 @@ arguments, preventing this attack.</p>
<p>Affected: 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10,
2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
</dd>
-<dd>
-<p><strong>low:</strong> <strong><name name="CVE-2010-1623">apr_bridage_split_line
- DoS</name></strong>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1623">CVE-2010-1623</a> </p>
-</dd>
+</dl>
+<h2 id="low-wzxhzdk52apr_bridage_split_line"><strong>low:</strong> **<name name="CVE-2010-1623">apr_bridage_split_line</h2>
+<div class="codehilite"><pre> <span class="n">DoS</span><span class="sr"></name></span><span class="o">**</span>
+ <span class="p">[</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2010</span><span class="o">-</span><span class="mi">1623</span><span class="p">](</span><span class="n">http:</span><span class="sr">//c</span><span class="n">ve</span><span class="o">.</span><span class="n">mitre</span><span class="o">.</span><span class="n">org</span><span class="sr">/cgi-bin/c</span><span class="n">vename</span><span class="o">.</span><span class="n">cgi</span><span class="p">?</span><span class="n">name</span><span class="o">=</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2010</span><span class="o">-</span><span class="mi">1623</span><span class="p">)</span>
+</pre></div>
+
+
+<dl>
<dt>A flaw was found in the apr_brigade_split_line() function of the bundled</dt>
<dt>APR-util library, used to process non-SSL requests. A remote attacker could</dt>
<dt>send requests, carefully crafting the timing of individual bytes, which</dt>
@@ -367,12 +390,13 @@ introduced. The simplest workaround is t
<p>Affected: 2.3.5-alpha, 2.3.4-alpha, 2.2.15, 2.2.14, 2.2.13, 2.2.12,
2.2.11, 2.2.10, 2.2.9</p>
</dd>
-<dd>
-<p><strong>low:</strong> <strong><name name="CVE-2010-1452">mod_cache and mod_dav
- DoS</name></strong>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1452">CVE-2010-1452</a> </p>
-</dd>
</dl>
+<h2 id="low-wzxhzdk53mod_cache-and-mod_dav"><strong>low:</strong> **<name name="CVE-2010-1452">mod_cache and mod_dav</h2>
+<div class="codehilite"><pre> <span class="n">DoS</span><span class="sr"></name></span><span class="o">**</span>
+ <span class="p">[</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2010</span><span class="o">-</span><span class="mi">1452</span><span class="p">](</span><span class="n">http:</span><span class="sr">//c</span><span class="n">ve</span><span class="o">.</span><span class="n">mitre</span><span class="o">.</span><span class="n">org</span><span class="sr">/cgi-bin/c</span><span class="n">vename</span><span class="o">.</span><span class="n">cgi</span><span class="p">?</span><span class="n">name</span><span class="o">=</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2010</span><span class="o">-</span><span class="mi">1452</span><span class="p">)</span>
+</pre></div>
+
+
<p>A flaw was found in the handling of requests by mod_cache and mod_dav. A
malicious remote attacker could send a carefully crafted request and cause
a httpd child process to crash. This crash would only be a denial of
@@ -416,12 +440,13 @@ execution.</p>
<p>Affected: 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6,
2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
</dd>
-<dd>
-<p><strong>low:</strong> <strong><name name="CVE-2010-0434">Subrequest handling of request
- headers (mod_headers)</name></strong>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0434">CVE-2010-0434</a> </p>
-</dd>
</dl>
+<h2 id="low-wzxhzdk54subrequest-handling-of-request"><strong>low:</strong> **<name name="CVE-2010-0434">Subrequest handling of request</h2>
+<div class="codehilite"><pre> <span class="n">headers</span> <span class="p">(</span><span class="n">mod_headers</span><span class="p">)</span><span class="sr"></name></span><span class="o">**</span>
+ <span class="p">[</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2010</span><span class="o">-</span><span class="mo">0434</span><span class="p">](</span><span class="n">http:</span><span class="sr">//c</span><span class="n">ve</span><span class="o">.</span><span class="n">mitre</span><span class="o">.</span><span class="n">org</span><span class="sr">/cgi-bin/c</span><span class="n">vename</span><span class="o">.</span><span class="n">cgi</span><span class="p">?</span><span class="n">name</span><span class="o">=</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2010</span><span class="o">-</span><span class="mo">0434</span><span class="p">)</span>
+</pre></div>
+
+
<p>A flaw in the core subrequest process code was fixed, to always provide a
shallow copy of the headers_in array to the subrequest, instead of a
pointer to the parent request's array as it had for requests without
@@ -444,12 +469,13 @@ or winnt MPMs.</p>
<p>Affected: 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6,
2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
</dd>
-<dd>
-<p><strong>moderate:</strong> <strong><name name="CVE-2010-0408">mod_proxy_ajp
- DoS</name></strong>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0408">CVE-2010-0408</a> </p>
-</dd>
</dl>
+<h2 id="moderate-wzxhzdk55mod_proxy_ajp"><strong>moderate:</strong> **<name name="CVE-2010-0408">mod_proxy_ajp</h2>
+<div class="codehilite"><pre> <span class="n">DoS</span><span class="sr"></name></span><span class="o">**</span>
+ <span class="p">[</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2010</span><span class="o">-</span><span class="mo">040</span><span class="mi">8</span><span class="p">](</span><span class="n">http:</span><span class="sr">//c</span><span class="n">ve</span><span class="o">.</span><span class="n">mitre</span><span class="o">.</span><span class="n">org</span><span class="sr">/cgi-bin/c</span><span class="n">vename</span><span class="o">.</span><span class="n">cgi</span><span class="p">?</span><span class="n">name</span><span class="o">=</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2010</span><span class="o">-</span><span class="mo">040</span><span class="mi">8</span><span class="p">)</span>
+</pre></div>
+
+
<p>mod_proxy_ajp would return the wrong status code if it encountered an
error, causing a backend server to be put into an error state until the
retry timeout expired. A remote attacker could send malicious requests to
@@ -467,9 +493,12 @@ trigger this issue, resulting in denial
</dd>
</dl>
<h1 id="2.2.14">Fixed in Apache httpd 2.2.14</h1>
+<h2 id="low-wzxhzdk56mod_proxy_ftp-doswzxhzdk57"><strong>low:</strong> <strong><name name="CVE-2009-3094">mod_proxy_ftp DoS</name></strong></h2>
+<div class="codehilite"><pre> <span class="p">[</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2009</span><span class="o">-</span><span class="mi">3094</span><span class="p">](</span><span class="n">http:</span><span class="sr">//c</span><span class="n">ve</span><span class="o">.</span><span class="n">mitre</span><span class="o">.</span><span class="n">org</span><span class="sr">/cgi-bin/c</span><span class="n">vename</span><span class="o">.</span><span class="n">cgi</span><span class="p">?</span><span class="n">name</span><span class="o">=</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2009</span><span class="o">-</span><span class="mi">3094</span><span class="p">)</span>
+</pre></div>
+
+
<dl>
-<dd><strong>low:</strong> <strong><name name="CVE-2009-3094">mod_proxy_ftp DoS</name></strong>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094">CVE-2009-3094</a> </dd>
<dt>A NULL pointer dereference flaw was found in the mod_proxy_ftp module. A</dt>
<dt>malicious FTP server to which requests are being proxied could use this</dt>
<dt>flaw to crash an httpd child process via a malformed reply to the EPSV or</dt>
@@ -482,11 +511,14 @@ trigger this issue, resulting in denial
<p>Affected: 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5,
2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
</dd>
-<dd>
-<p><strong>low:</strong> <strong><name name="CVE-2009-3095">mod_proxy_ftp FTP command
- injection</name></strong>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095">CVE-2009-3095</a> </p>
-</dd>
+</dl>
+<h2 id="low-wzxhzdk58mod_proxy_ftp-ftp-command"><strong>low:</strong> **<name name="CVE-2009-3095">mod_proxy_ftp FTP command</h2>
+<div class="codehilite"><pre> <span class="n">injection</span><span class="sr"></name></span><span class="o">**</span>
+ <span class="p">[</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2009</span><span class="o">-</span><span class="mi">3095</span><span class="p">](</span><span class="n">http:</span><span class="sr">//c</span><span class="n">ve</span><span class="o">.</span><span class="n">mitre</span><span class="o">.</span><span class="n">org</span><span class="sr">/cgi-bin/c</span><span class="n">vename</span><span class="o">.</span><span class="n">cgi</span><span class="p">?</span><span class="n">name</span><span class="o">=</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2009</span><span class="o">-</span><span class="mi">3095</span><span class="p">)</span>
+</pre></div>
+
+
+<dl>
<dt>A flaw was found in the mod_proxy_ftp module. In a reverse proxy</dt>
<dt>configuration, a remote attacker could use this flaw to bypass intended</dt>
<dt>access restrictions by creating a carefully-crafted HTTP Authorization</dt>
@@ -499,11 +531,14 @@ trigger this issue, resulting in denial
<p>Affected: 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5,
2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
</dd>
-<dd>
-<p><strong>moderate:</strong> <strong><name name="CVE-2009-2699">Solaris pollset
- DoS</name></strong>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2699">CVE-2009-2699</a> </p>
-</dd>
+</dl>
+<h2 id="moderate-wzxhzdk59solaris-pollset"><strong>moderate:</strong> **<name name="CVE-2009-2699">Solaris pollset</h2>
+<div class="codehilite"><pre> <span class="n">DoS</span><span class="sr"></name></span><span class="o">**</span>
+ <span class="p">[</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2009</span><span class="o">-</span><span class="mi">2699</span><span class="p">](</span><span class="n">http:</span><span class="sr">//c</span><span class="n">ve</span><span class="o">.</span><span class="n">mitre</span><span class="o">.</span><span class="n">org</span><span class="sr">/cgi-bin/c</span><span class="n">vename</span><span class="o">.</span><span class="n">cgi</span><span class="p">?</span><span class="n">name</span><span class="o">=</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2009</span><span class="o">-</span><span class="mi">2699</span><span class="p">)</span>
+</pre></div>
+
+
+<dl>
<dt>Faulty error handling was found affecting Solaris pollset support (Event</dt>
<dt>Port backend) caused by a bug in APR. A remote attacker could trigger this</dt>
<dt>issue on Solaris servers which used prefork or event MPMs, resulting in a</dt>
@@ -519,10 +554,13 @@ trigger this issue, resulting in denial
</dd>
</dl>
<h1 id="2.2.13">Fixed in Apache httpd 2.2.13</h1>
+<h2 id="low-wzxhzdk60apr-apr_palloc-heap"><strong>low:</strong> **<name name="CVE-2009-2412">APR apr_palloc heap</h2>
+<div class="codehilite"><pre> <span class="n">overflow</span><span class="sr"></name></span><span class="o">**</span>
+ <span class="p">[</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2009</span><span class="o">-</span><span class="mi">2412</span><span class="p">](</span><span class="n">http:</span><span class="sr">//c</span><span class="n">ve</span><span class="o">.</span><span class="n">mitre</span><span class="o">.</span><span class="n">org</span><span class="sr">/cgi-bin/c</span><span class="n">vename</span><span class="o">.</span><span class="n">cgi</span><span class="p">?</span><span class="n">name</span><span class="o">=</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2009</span><span class="o">-</span><span class="mi">2412</span><span class="p">)</span>
+</pre></div>
+
+
<dl>
-<dd><strong>low:</strong> <strong><name name="CVE-2009-2412">APR apr_palloc heap
- overflow</name></strong>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412">CVE-2009-2412</a> </dd>
<dt>A flaw in apr_palloc() in the bundled copy of APR could cause heap</dt>
<dt>overflows in programs that try to apr_palloc() a user controlled size. The</dt>
<dt>Apache HTTP Server itself does not pass unsanitized user-provided sizes to</dt>
@@ -568,10 +606,13 @@ trigger this issue, resulting in denial
<dd>
<p>Affected: 2.2.11</p>
</dd>
-<dd>
-<p><strong>low:</strong> <strong><name name="CVE-2009-1891">mod_deflate DoS</name></strong>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891">CVE-2009-1891</a> </p>
-</dd>
+</dl>
+<h2 id="low-wzxhzdk61mod_deflate-doswzxhzdk62"><strong>low:</strong> <strong><name name="CVE-2009-1891">mod_deflate DoS</name></strong></h2>
+<div class="codehilite"><pre> <span class="p">[</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2009</span><span class="o">-</span><span class="mi">1891</span><span class="p">](</span><span class="n">http:</span><span class="sr">//c</span><span class="n">ve</span><span class="o">.</span><span class="n">mitre</span><span class="o">.</span><span class="n">org</span><span class="sr">/cgi-bin/c</span><span class="n">vename</span><span class="o">.</span><span class="n">cgi</span><span class="p">?</span><span class="n">name</span><span class="o">=</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2009</span><span class="o">-</span><span class="mi">1891</span><span class="p">)</span>
+</pre></div>
+
+
+<dl>
<dt>A denial of service flaw was found in the mod_deflate module. This module</dt>
<dt>continued to compress large files until compression was complete, even if</dt>
<dt>the network connection that requested the content was closed before</dt>
@@ -585,11 +626,14 @@ trigger this issue, resulting in denial
<p>Affected: 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3,
2.2.2, 2.2.0</p>
</dd>
-<dd>
-<p><strong>low:</strong> <strong><name name="CVE-2009-1195">AllowOverride Options handling
- bypass</name></strong>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1195">CVE-2009-1195</a> </p>
-</dd>
+</dl>
+<h2 id="low-wzxhzdk63allowoverride-options-handling"><strong>low:</strong> **<name name="CVE-2009-1195">AllowOverride Options handling</h2>
+<div class="codehilite"><pre> <span class="n">bypass</span><span class="sr"></name></span><span class="o">**</span>
+ <span class="p">[</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2009</span><span class="o">-</span><span class="mi">1195</span><span class="p">](</span><span class="n">http:</span><span class="sr">//c</span><span class="n">ve</span><span class="o">.</span><span class="n">mitre</span><span class="o">.</span><span class="n">org</span><span class="sr">/cgi-bin/c</span><span class="n">vename</span><span class="o">.</span><span class="n">cgi</span><span class="p">?</span><span class="n">name</span><span class="o">=</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2009</span><span class="o">-</span><span class="mi">1195</span><span class="p">)</span>
+</pre></div>
+
+
+<dl>
<dt>A flaw was found in the handling of the "Options" and "AllowOverride"</dt>
<dt>directives. In configurations using the "AllowOverride" directive with</dt>
<dt>certain "Options=" arguments, local users were not restricted from</dt>
@@ -602,11 +646,14 @@ trigger this issue, resulting in denial
<p>Affected: 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3,
2.2.2, 2.2.0</p>
</dd>
-<dd>
-<p><strong>moderate:</strong> <strong><name name="CVE-2009-1956">APR-util off-by-one
- overflow</name></strong>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1956">CVE-2009-1956</a> </p>
-</dd>
+</dl>
+<h2 id="moderate-wzxhzdk64apr-util-off-by-one"><strong>moderate:</strong> **<name name="CVE-2009-1956">APR-util off-by-one</h2>
+<div class="codehilite"><pre> <span class="n">overflow</span><span class="sr"></name></span><span class="o">**</span>
+ <span class="p">[</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2009</span><span class="o">-</span><span class="mi">1956</span><span class="p">](</span><span class="n">http:</span><span class="sr">//c</span><span class="n">ve</span><span class="o">.</span><span class="n">mitre</span><span class="o">.</span><span class="n">org</span><span class="sr">/cgi-bin/c</span><span class="n">vename</span><span class="o">.</span><span class="n">cgi</span><span class="p">?</span><span class="n">name</span><span class="o">=</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2009</span><span class="o">-</span><span class="mi">1956</span><span class="p">)</span>
+</pre></div>
+
+
+<dl>
<dt>An off-by-one overflow flaw was found in the way the bundled copy of the</dt>
<dt>APR-util library processed a variable list of arguments. An attacker could</dt>
<dt>provide a specially-crafted string as input for the formatted output</dt>
@@ -620,14 +667,17 @@ trigger this issue, resulting in denial
<p>Affected: 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3,
2.2.2, 2.2.0</p>
</dd>
-<dd>
-<p><strong>moderate:</strong> <strong><name name="CVE-2009-1955">APR-util XML DoS</name></strong></p>
-<p><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955">CVE-2009-1955</a>
-A denial of service flaw was found in the bundled copy of the APR-util
-library Extensible Markup Language (XML) parser. A remote attacker could
-create a specially-crafted XML document that would cause excessive memory
-consumption when processed by the XML decoding engine.</p>
-</dd>
+</dl>
+<h2 id="moderate-wzxhzdk65apr-util-xml-doswzxhzdk66"><strong>moderate:</strong> <strong><name name="CVE-2009-1955">APR-util XML DoS</name></strong></h2>
+<div class="codehilite"><pre> <span class="p">[</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2009</span><span class="o">-</span><span class="mi">1955</span><span class="p">](</span><span class="n">http:</span><span class="sr">//c</span><span class="n">ve</span><span class="o">.</span><span class="n">mitre</span><span class="o">.</span><span class="n">org</span><span class="sr">/cgi-bin/c</span><span class="n">vename</span><span class="o">.</span><span class="n">cgi</span><span class="p">?</span><span class="n">name</span><span class="o">=</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2009</span><span class="o">-</span><span class="mi">1955</span><span class="p">)</span>
+</pre></div>
+
+
+<dl>
+<dt>A denial of service flaw was found in the bundled copy of the APR-util</dt>
+<dt>library Extensible Markup Language (XML) parser. A remote attacker could</dt>
+<dt>create a specially-crafted XML document that would cause excessive memory</dt>
+<dt>consumption when processed by the XML decoding engine.</dt>
<dd>
<p>Issue public: 1st June 2009<br></br>Update released:
27th July 2009<br></br></p>
@@ -636,11 +686,14 @@ consumption when processed by the XML de
<p>Affected: 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3,
2.2.2, 2.2.0</p>
</dd>
-<dd>
-<p><strong>moderate:</strong> <strong><name name="CVE-2009-0023">APR-util heap
- underwrite</name></strong>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0023">CVE-2009-0023</a> </p>
-</dd>
+</dl>
+<h2 id="moderate-wzxhzdk67apr-util-heap"><strong>moderate:</strong> **<name name="CVE-2009-0023">APR-util heap</h2>
+<div class="codehilite"><pre> <span class="n">underwrite</span><span class="sr"></name></span><span class="o">**</span>
+ <span class="p">[</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2009</span><span class="o">-</span><span class="mo">0023</span><span class="p">](</span><span class="n">http:</span><span class="sr">//c</span><span class="n">ve</span><span class="o">.</span><span class="n">mitre</span><span class="o">.</span><span class="n">org</span><span class="sr">/cgi-bin/c</span><span class="n">vename</span><span class="o">.</span><span class="n">cgi</span><span class="p">?</span><span class="n">name</span><span class="o">=</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2009</span><span class="o">-</span><span class="mo">0023</span><span class="p">)</span>
+</pre></div>
+
+
+<dl>
<dt>A heap-based underwrite flaw was found in the way the bundled copy of the</dt>
<dt>APR-util library created compiled forms of particular search patterns. An</dt>
<dt>attacker could formulate a specially-crafted search keyword, that would</dt>
@@ -676,11 +729,14 @@ The simplest workaround is to globally c
<dd>
<p>Affected: 2.2.9</p>
</dd>
-<dd>
-<p><strong>low:</strong> <strong><name name="CVE-2008-2939">mod_proxy_ftp globbing
- XSS</name></strong>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939">CVE-2008-2939</a> </p>
-</dd>
+</dl>
+<h2 id="low-wzxhzdk68mod_proxy_ftp-globbing"><strong>low:</strong> **<name name="CVE-2008-2939">mod_proxy_ftp globbing</h2>
+<div class="codehilite"><pre> <span class="n">XSS</span><span class="sr"></name></span><span class="o">**</span>
+ <span class="p">[</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2008</span><span class="o">-</span><span class="mi">2939</span><span class="p">](</span><span class="n">http:</span><span class="sr">//c</span><span class="n">ve</span><span class="o">.</span><span class="n">mitre</span><span class="o">.</span><span class="n">org</span><span class="sr">/cgi-bin/c</span><span class="n">vename</span><span class="o">.</span><span class="n">cgi</span><span class="p">?</span><span class="n">name</span><span class="o">=</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2008</span><span class="o">-</span><span class="mi">2939</span><span class="p">)</span>
+</pre></div>
+
+
+<dl>
<dt>A flaw was found in the handling of wildcards in the path of a FTP URL with</dt>
<dt>mod_proxy_ftp. If mod_proxy_ftp is enabled to support FTP-over-HTTP,</dt>
<dt>requests containing globbing characters could lead to cross-site scripting</dt>
@@ -695,10 +751,13 @@ The simplest workaround is to globally c
</dd>
</dl>
<h1 id="2.2.9">Fixed in Apache httpd 2.2.9</h1>
+<h2 id="low-wzxhzdk69mod_proxy_balancer"><strong>low:</strong> **<name name="CVE-2007-6420">mod_proxy_balancer</h2>
+<div class="codehilite"><pre> <span class="n">CSRF</span><span class="sr"></name></span><span class="o">**</span>
+ <span class="p">[</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2007</span><span class="o">-</span><span class="mi">6420</span><span class="p">](</span><span class="n">http:</span><span class="sr">//c</span><span class="n">ve</span><span class="o">.</span><span class="n">mitre</span><span class="o">.</span><span class="n">org</span><span class="sr">/cgi-bin/c</span><span class="n">vename</span><span class="o">.</span><span class="n">cgi</span><span class="p">?</span><span class="n">name</span><span class="o">=</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2007</span><span class="o">-</span><span class="mi">6420</span><span class="p">)</span>
+</pre></div>
+
+
<dl>
-<dd><strong>low:</strong> <strong><name name="CVE-2007-6420">mod_proxy_balancer
- CSRF</name></strong>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6420">CVE-2007-6420</a> </dd>
<dt>The mod_proxy_balancer provided an administrative interface that could be</dt>
<dt>vulnerable to cross-site request forgery (CSRF) attacks.</dt>
<dd>
@@ -708,11 +767,14 @@ The simplest workaround is to globally c
<dd>
<p>Affected: 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
</dd>
-<dd>
-<p><strong>moderate:</strong> <strong><name name="CVE-2008-2364">mod_proxy_http
- DoS</name></strong>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364">CVE-2008-2364</a> </p>
-</dd>
+</dl>
+<h2 id="moderate-wzxhzdk70mod_proxy_http"><strong>moderate:</strong> **<name name="CVE-2008-2364">mod_proxy_http</h2>
+<div class="codehilite"><pre> <span class="n">DoS</span><span class="sr"></name></span><span class="o">**</span>
+ <span class="p">[</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2008</span><span class="o">-</span><span class="mi">2364</span><span class="p">](</span><span class="n">http:</span><span class="sr">//c</span><span class="n">ve</span><span class="o">.</span><span class="n">mitre</span><span class="o">.</span><span class="n">org</span><span class="sr">/cgi-bin/c</span><span class="n">vename</span><span class="o">.</span><span class="n">cgi</span><span class="p">?</span><span class="n">name</span><span class="o">=</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2008</span><span class="o">-</span><span class="mi">2364</span><span class="p">)</span>
+</pre></div>
+
+
+<dl>
<dt>A flaw was found in the handling of excessive interim responses from an</dt>
<dt>origin server when using mod_proxy_http. A remote attacker could cause a</dt>
<dt>denial of service or high memory usage.</dt>
@@ -725,10 +787,13 @@ The simplest workaround is to globally c
</dd>
</dl>
<h1 id="2.2.8">Fixed in Apache httpd 2.2.8</h1>
+<h2 id="low-wzxhzdk71mod_proxy_ftp-utf-7"><strong>low:</strong> **<name name="CVE-2008-0005">mod_proxy_ftp UTF-7</h2>
+<div class="codehilite"><pre> <span class="n">XSS</span><span class="sr"></name></span><span class="o">**</span>
+ <span class="p">[</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2008</span><span class="o">-</span><span class="mo">0005</span><span class="p">](</span><span class="n">http:</span><span class="sr">//c</span><span class="n">ve</span><span class="o">.</span><span class="n">mitre</span><span class="o">.</span><span class="n">org</span><span class="sr">/cgi-bin/c</span><span class="n">vename</span><span class="o">.</span><span class="n">cgi</span><span class="p">?</span><span class="n">name</span><span class="o">=</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2008</span><span class="o">-</span><span class="mo">0005</span><span class="p">)</span>
+</pre></div>
+
+
<dl>
-<dd><strong>low:</strong> <strong><name name="CVE-2008-0005">mod_proxy_ftp UTF-7
- XSS</name></strong>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005">CVE-2008-0005</a> </dd>
<dt>A workaround was added in the mod_proxy_ftp module. On sites where</dt>
<dt>mod_proxy_ftp is enabled and a forward proxy is configured, a cross-site</dt>
<dt>scripting attack is possible against Web browsers which do not correctly</dt>
@@ -741,11 +806,14 @@ The simplest workaround is to globally c
<dd>
<p>Affected: 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
</dd>
-<dd>
-<p><strong>low:</strong> <strong><name name="CVE-2007-6422">mod_proxy_balancer
- DoS</name></strong>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6422">CVE-2007-6422</a> </p>
-</dd>
+</dl>
+<h2 id="low-wzxhzdk72mod_proxy_balancer"><strong>low:</strong> **<name name="CVE-2007-6422">mod_proxy_balancer</h2>
+<div class="codehilite"><pre> <span class="n">DoS</span><span class="sr"></name></span><span class="o">**</span>
+ <span class="p">[</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2007</span><span class="o">-</span><span class="mi">6422</span><span class="p">](</span><span class="n">http:</span><span class="sr">//c</span><span class="n">ve</span><span class="o">.</span><span class="n">mitre</span><span class="o">.</span><span class="n">org</span><span class="sr">/cgi-bin/c</span><span class="n">vename</span><span class="o">.</span><span class="n">cgi</span><span class="p">?</span><span class="n">name</span><span class="o">=</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2007</span><span class="o">-</span><span class="mi">6422</span><span class="p">)</span>
+</pre></div>
+
+
+<dl>
<dt>A flaw was found in the mod_proxy_balancer module. On sites where</dt>
<dt>mod_proxy_balancer is enabled, an authorized user could send a carefully</dt>
<dt>crafted request that would cause the Apache child process handling that</dt>
@@ -759,11 +827,14 @@ The simplest workaround is to globally c
<dd>
<p>Affected: 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
</dd>
-<dd>
-<p><strong>low:</strong> <strong><name name="CVE-2007-6421">mod_proxy_balancer
- XSS</name></strong>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6421">CVE-2007-6421</a> </p>
-</dd>
+</dl>
+<h2 id="low-wzxhzdk73mod_proxy_balancer"><strong>low:</strong> **<name name="CVE-2007-6421">mod_proxy_balancer</h2>
+<div class="codehilite"><pre> <span class="n">XSS</span><span class="sr"></name></span><span class="o">**</span>
+ <span class="p">[</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2007</span><span class="o">-</span><span class="mi">6421</span><span class="p">](</span><span class="n">http:</span><span class="sr">//c</span><span class="n">ve</span><span class="o">.</span><span class="n">mitre</span><span class="o">.</span><span class="n">org</span><span class="sr">/cgi-bin/c</span><span class="n">vename</span><span class="o">.</span><span class="n">cgi</span><span class="p">?</span><span class="n">name</span><span class="o">=</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2007</span><span class="o">-</span><span class="mi">6421</span><span class="p">)</span>
+</pre></div>
+
+
+<dl>
<dt>A flaw was found in the mod_proxy_balancer module. On sites where</dt>
<dt>mod_proxy_balancer is enabled, a cross-site scripting attack against an</dt>
<dt>authorized user is possible.</dt>
@@ -775,10 +846,13 @@ The simplest workaround is to globally c
<dd>
<p>Affected: 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
</dd>
-<dd>
-<p><strong>moderate:</strong> <strong><name name="CVE-2007-6388">mod_status XSS</name></strong>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388">CVE-2007-6388</a> </p>
-</dd>
+</dl>
+<h2 id="moderate-wzxhzdk74mod_status-xsswzxhzdk75"><strong>moderate:</strong> <strong><name name="CVE-2007-6388">mod_status XSS</name></strong></h2>
+<div class="codehilite"><pre> <span class="p">[</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2007</span><span class="o">-</span><span class="mi">6388</span><span class="p">](</span><span class="n">http:</span><span class="sr">//c</span><span class="n">ve</span><span class="o">.</span><span class="n">mitre</span><span class="o">.</span><span class="n">org</span><span class="sr">/cgi-bin/c</span><span class="n">vename</span><span class="o">.</span><span class="n">cgi</span><span class="p">?</span><span class="n">name</span><span class="o">=</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2007</span><span class="o">-</span><span class="mi">6388</span><span class="p">)</span>
+</pre></div>
+
+
+<dl>
<dt>A flaw was found in the mod_status module. On sites where mod_status is</dt>
<dt>enabled and the status pages were publicly accessible, a cross-site</dt>
<dt>scripting attack is possible. Note that the server-status page is not</dt>
@@ -792,13 +866,16 @@ The simplest workaround is to globally c
<dd>
<p>Affected: 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
</dd>
-<dd>
-<p><strong>moderate:</strong> <strong><name name="CVE-2007-5000">mod_imagemap XSS</name></strong></p>
-<p><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000">CVE-2007-5000</a>
-A flaw was found in the mod_imagemap module. On sites where mod_imagemap is
-enabled and an imagemap file is publicly available, a cross-site scripting
-attack is possible.</p>
-</dd>
+</dl>
+<h2 id="moderate-wzxhzdk76mod_imagemap-xsswzxhzdk77"><strong>moderate:</strong> <strong><name name="CVE-2007-5000">mod_imagemap XSS</name></strong></h2>
+<div class="codehilite"><pre> <span class="p">[</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2007</span><span class="o">-</span><span class="mi">5000</span><span class="p">](</span><span class="n">http:</span><span class="sr">//c</span><span class="n">ve</span><span class="o">.</span><span class="n">mitre</span><span class="o">.</span><span class="n">org</span><span class="sr">/cgi-bin/c</span><span class="n">vename</span><span class="o">.</span><span class="n">cgi</span><span class="p">?</span><span class="n">name</span><span class="o">=</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2007</span><span class="o">-</span><span class="mi">5000</span><span class="p">)</span>
+</pre></div>
+
+
+<dl>
+<dt>A flaw was found in the mod_imagemap module. On sites where mod_imagemap is</dt>
+<dt>enabled and an imagemap file is publicly available, a cross-site scripting</dt>
+<dt>attack is possible.</dt>
<dd>
<p>Reported to security team: 23rd October 2007<br></br>Issue public:
11th December 2007<br></br>Update released:
@@ -809,9 +886,12 @@ attack is possible.</p>
</dd>
</dl>
<h1 id="2.2.6">Fixed in Apache httpd 2.2.6</h1>
+<h2 id="moderate-wzxhzdk78mod_proxy-crashwzxhzdk79"><strong>moderate:</strong> <strong><name name="CVE-2007-3847">mod_proxy crash</name></strong></h2>
+<div class="codehilite"><pre> <span class="p">[</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2007</span><span class="o">-</span><span class="mi">3847</span><span class="p">](</span><span class="n">http:</span><span class="sr">//c</span><span class="n">ve</span><span class="o">.</span><span class="n">mitre</span><span class="o">.</span><span class="n">org</span><span class="sr">/cgi-bin/c</span><span class="n">vename</span><span class="o">.</span><span class="n">cgi</span><span class="p">?</span><span class="n">name</span><span class="o">=</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2007</span><span class="o">-</span><span class="mi">3847</span><span class="p">)</span>
+</pre></div>
+
+
<dl>
-<dd><strong>moderate:</strong> <strong><name name="CVE-2007-3847">mod_proxy crash</name></strong>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847">CVE-2007-3847</a> </dd>
<dt>A flaw was found in the Apache HTTP Server mod_proxy module. On sites where</dt>
<dt>a reverse proxy is configured, a remote attacker could send a carefully</dt>
<dt>crafted request that would cause the Apache child process handling that</dt>
@@ -826,11 +906,14 @@ attack is possible.</p>
<dd>
<p>Affected: 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
</dd>
-<dd>
-<p><strong>moderate:</strong> <strong><name name="CVE-2006-5752">mod_status cross-site
- scripting</name></strong>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752">CVE-2006-5752</a> </p>
-</dd>
+</dl>
+<h2 id="moderate-wzxhzdk80mod_status-cross-site"><strong>moderate:</strong> **<name name="CVE-2006-5752">mod_status cross-site</h2>
+<div class="codehilite"><pre> <span class="n">scripting</span><span class="sr"></name></span><span class="o">**</span>
+ <span class="p">[</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2006</span><span class="o">-</span><span class="mi">5752</span><span class="p">](</span><span class="n">http:</span><span class="sr">//c</span><span class="n">ve</span><span class="o">.</span><span class="n">mitre</span><span class="o">.</span><span class="n">org</span><span class="sr">/cgi-bin/c</span><span class="n">vename</span><span class="o">.</span><span class="n">cgi</span><span class="p">?</span><span class="n">name</span><span class="o">=</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2006</span><span class="o">-</span><span class="mi">5752</span><span class="p">)</span>
+</pre></div>
+
+
+<dl>
<dt>A flaw was found in the mod_status module. On sites where the server-status</dt>
<dt>page is publicly accessible and ExtendedStatus is enabled this could lead</dt>
<dt>to a cross-site scripting attack. Note that the server-status page is not</dt>
@@ -844,11 +927,14 @@ attack is possible.</p>
<dd>
<p>Affected: 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
</dd>
-<dd>
-<p><strong>moderate:</strong> <strong><name name="CVE-2007-3304">Signals to arbitrary
- processes</name></strong>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304">CVE-2007-3304</a> </p>
-</dd>
+</dl>
+<h2 id="moderate-wzxhzdk81signals-to-arbitrary"><strong>moderate:</strong> **<name name="CVE-2007-3304">Signals to arbitrary</h2>
+<div class="codehilite"><pre> <span class="n">processes</span><span class="sr"></name></span><span class="o">**</span>
+ <span class="p">[</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2007</span><span class="o">-</span><span class="mi">3304</span><span class="p">](</span><span class="n">http:</span><span class="sr">//c</span><span class="n">ve</span><span class="o">.</span><span class="n">mitre</span><span class="o">.</span><span class="n">org</span><span class="sr">/cgi-bin/c</span><span class="n">vename</span><span class="o">.</span><span class="n">cgi</span><span class="p">?</span><span class="n">name</span><span class="o">=</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2007</span><span class="o">-</span><span class="mi">3304</span><span class="p">)</span>
+</pre></div>
+
+
+<dl>
<dt>The Apache HTTP server did not verify that a process was an Apache child</dt>
<dt>process before sending it signals. A local attacker with the ability to run</dt>
<dt>scripts on the HTTP server could manipulate the scoreboard and cause</dt>
@@ -862,11 +948,14 @@ attack is possible.</p>
<dd>
<p>Affected: 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
</dd>
-<dd>
-<p><strong>moderate:</strong> <strong><name name="CVE-2007-1862">mod_cache information
- leak</name></strong>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1862">CVE-2007-1862</a> </p>
-</dd>
+</dl>
+<h2 id="moderate-wzxhzdk82mod_cache-information"><strong>moderate:</strong> **<name name="CVE-2007-1862">mod_cache information</h2>
+<div class="codehilite"><pre> <span class="n">leak</span><span class="sr"></name></span><span class="o">**</span>
+ <span class="p">[</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2007</span><span class="o">-</span><span class="mi">1862</span><span class="p">](</span><span class="n">http:</span><span class="sr">//c</span><span class="n">ve</span><span class="o">.</span><span class="n">mitre</span><span class="o">.</span><span class="n">org</span><span class="sr">/cgi-bin/c</span><span class="n">vename</span><span class="o">.</span><span class="n">cgi</span><span class="p">?</span><span class="n">name</span><span class="o">=</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2007</span><span class="o">-</span><span class="mi">1862</span><span class="p">)</span>
+</pre></div>
+
+
+<dl>
<dt>The recall_headers function in mod_mem_cache in Apache 2.2.4 did not</dt>
<dt>properly copy all levels of header data, which can cause Apache to return</dt>
<dt>HTTP headers containing previously used data, which could be used by remote</dt>
@@ -878,11 +967,14 @@ attack is possible.</p>
<dd>
<p>Affected: 2.2.4</p>
</dd>
-<dd>
-<p><strong>moderate:</strong> <strong><name name="CVE-2007-1863">mod_cache proxy
- DoS</name></strong>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863">CVE-2007-1863</a> </p>
-</dd>
+</dl>
+<h2 id="moderate-wzxhzdk83mod_cache-proxy"><strong>moderate:</strong> **<name name="CVE-2007-1863">mod_cache proxy</h2>
+<div class="codehilite"><pre> <span class="n">DoS</span><span class="sr"></name></span><span class="o">**</span>
+ <span class="p">[</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2007</span><span class="o">-</span><span class="mi">1863</span><span class="p">](</span><span class="n">http:</span><span class="sr">//c</span><span class="n">ve</span><span class="o">.</span><span class="n">mitre</span><span class="o">.</span><span class="n">org</span><span class="sr">/cgi-bin/c</span><span class="n">vename</span><span class="o">.</span><span class="n">cgi</span><span class="p">?</span><span class="n">name</span><span class="o">=</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2007</span><span class="o">-</span><span class="mi">1863</span><span class="p">)</span>
+</pre></div>
+
+
+<dl>
<dt>A bug was found in the mod_cache module. On sites where caching is enabled,</dt>
<dt>a remote attacker could send a carefully crafted request that would cause</dt>
<dt>the Apache child process handling that request to crash. This could lead to</dt>
@@ -917,10 +1009,13 @@ attack is possible.</p>
</dd>
</dl>
<h1 id="2.2.2">Fixed in Apache httpd 2.2.2</h1>
+<h2 id="low-wzxhzdk84mod_ssl-access-control"><strong>low:</strong> **<name name="CVE-2005-3357">mod_ssl access control</h2>
+<div class="codehilite"><pre> <span class="n">DoS</span><span class="sr"></name></span><span class="o">**</span>
+ <span class="p">[</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2005</span><span class="o">-</span><span class="mi">3357</span><span class="p">](</span><span class="n">http:</span><span class="sr">//c</span><span class="n">ve</span><span class="o">.</span><span class="n">mitre</span><span class="o">.</span><span class="n">org</span><span class="sr">/cgi-bin/c</span><span class="n">vename</span><span class="o">.</span><span class="n">cgi</span><span class="p">?</span><span class="n">name</span><span class="o">=</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2005</span><span class="o">-</span><span class="mi">3357</span><span class="p">)</span>
+</pre></div>
+
+
<dl>
-<dd><strong>low:</strong> <strong><name name="CVE-2005-3357">mod_ssl access control
- DoS</name></strong>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3357">CVE-2005-3357</a> </dd>
<dt>A NULL pointer dereference flaw in mod_ssl was discovered affecting server</dt>
<dt>configurations where an SSL virtual host is configured with access control</dt>
<dt>and a custom 400 error document. A remote attacker could send a carefully</dt>
@@ -933,11 +1028,14 @@ attack is possible.</p>
<dd>
<p>Affected: 2.2.0</p>
</dd>
-<dd>
-<p><strong>moderate:</strong> <strong><name name="CVE-2005-3352">mod_imap Referer
- Cross-Site Scripting</name></strong>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352">CVE-2005-3352</a> </p>
-</dd>
+</dl>
+<h2 id="moderate-wzxhzdk85mod_imap-referer"><strong>moderate:</strong> **<name name="CVE-2005-3352">mod_imap Referer</h2>
+<div class="codehilite"><pre> <span class="n">Cross</span><span class="o">-</span><span class="n">Site</span> <span class="n">Scripting</span><span class="sr"></name></span><span class="o">**</span>
+ <span class="p">[</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2005</span><span class="o">-</span><span class="mi">3352</span><span class="p">](</span><span class="n">http:</span><span class="sr">//c</span><span class="n">ve</span><span class="o">.</span><span class="n">mitre</span><span class="o">.</span><span class="n">org</span><span class="sr">/cgi-bin/c</span><span class="n">vename</span><span class="o">.</span><span class="n">cgi</span><span class="p">?</span><span class="n">name</span><span class="o">=</span><span class="n">CVE</span><span class="o">-</span><span class="mi">2005</span><span class="o">-</span><span class="mi">3352</span><span class="p">)</span>
+</pre></div>
+
+
+<dl>
<dt>A flaw in mod_imap when using the Referer directive with image maps. In</dt>
<dt>certain site configurations a remote attacker could perform a cross-site</dt>
<dt>scripting attack if a victim can be forced to visit a malicious URL using</dt>