You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by bu...@apache.org on 2012/07/21 23:16:46 UTC
svn commit: r826582 [3/3] - in /websites/staging/httpd/trunk/content: ./
security/ security/vulnerabilities-httpd.page/
Modified: websites/staging/httpd/trunk/content/security/vulnerabilities_22.html
==============================================================================
--- websites/staging/httpd/trunk/content/security/vulnerabilities_22.html (original)
+++ websites/staging/httpd/trunk/content/security/vulnerabilities_22.html Sat Jul 21 21:16:45 2012
@@ -5,7 +5,7 @@
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<link href="/css/apsite.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
<meta name="author" content="Documentation Group" /><meta name="email" content="docs@httpd.apache.org" />
- <title>Apache httpd 2.2 vulnerabilities - The Apache HTTP Server Project</title>
+ <title>httpd 2.2 vulnerabilities - The Apache HTTP Server Project</title>
</head>
<body>
@@ -72,693 +72,1089 @@
<!-- RIGHT SIDE INFORMATION -->
<div id="apcontents">
-
- <h1 id="top">Apache httpd 2.2 vulnerabilities</h1>
-<p>This page lists all security vulnerabilities fixed in released versions of
-Apache httpd 2.2. Each vulnerability is given a security <a href="/security/impact_levels.html">impact
-rating</a> by the Apache security team - please
-note that this rating may well vary from platform to platform. We also list
-the versions of Apache httpd the flaw is known to affect, and where a flaw
-has not been verified list the version with a question mark.</p>
-<p>Please note that if a vulnerability is shown below as being fixed in a
-"-dev" release then this means that a fix has been applied to the
-development source tree and will be part of an upcoming full release.</p>
-<p>This page is created from a database of vulnerabilities originally
-populated by Apache Week. Please send comments or corrections for these
-vulnerabilities to the <a href="/security_report.html">Security Team</a>.</p>
-<h1 id="2.2.22">Fixed in Apache httpd 2.2.22</h1>
-<h2 id="CVE-2011-3607">low: mod_setenvif.htaccess privilege escalation <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3607">CVE-2011-3607</a></h2>
-<p>An integer overflow flaw was found which, when the mod_setenvif module is
-enabled, could allow local users to gain privileges via a.htaccess file.</p>
-<table>
-<tr><td>Acknowledgements:</td><td>This issue was reported by halfdog </td></tr>
-<tr><td>Reported to security team:</td><td>4th October 2011</td></tr>
-<tr><td>Issue public:</td><td>2nd November 2011</td></tr>
-<tr><td>Update Released:</td><td>31st January 2012</td></tr>
-<tr><td>Affected:</td><td>2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</td></tr>
-</table>
-
-<h2 id="low-wzxhzdk1mod_log_config-crashwzxhzdk2">low: <name name="CVE-2012-0021">mod_log_config crash</name></h2>
-<dl>
-<dt><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0021">CVE-2012-0021</a></dt>
-<dd>
-<p>A flaw was found in mod_log_config. If the '%{cookiename}C' log format
-string is in use, a remote attacker could send a specific cookie causing a
-crash. This crash would only be a denial of service if using a threaded
-MPM.</p>
-<p>Reported to security team: 30th December 2011</p>
-<p>Issue public: 28th November 2011</p>
-<p>Update released: 31st January 2012</p>
-<p>Affected: 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17</p>
-</dd>
-<dt>low:<name name="CVE-2012-0031">scoreboard parent DoS</name></dt>
-<dt><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0031">CVE-2012-0031</a> </dt>
-<dd>
-<p>A flaw was found in the handling of the scoreboard. An unprivileged child
-process could cause the parent process to crash at shutdown rather than
-terminate cleanly.</p>
-<p>Acknowledgements: This issue was reported by halfdog<br></p>
-<p>Reported to security team: 30th December 2011</p>
-<p>Issue public: 11th January 2012</p>
-<p>Update released: 31st January 2012</p>
-<p>Affected: 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15,<br />
- 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5,<br />
- 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
-</dd>
-<dt>moderate: <name name="CVE-2011-4317">mod_proxy reverse proxy exposure</name></dt>
-<dt><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317">CVE-2011-4317</a></dt>
-<dd>
-<p>An additional exposure was found when using mod_proxy in reverse proxy
+ <h1 id="top">Apache httpd 2.2 vulnerabilities</h1><p>This page lists all security vulnerabilities fixed in released
+versions of Apache httpd 2.2. Each
+vulnerability is given a security <a href="/security/impact_levels.html">impact rating</a> by the Apache
+security team - please note that this rating may well vary from
+platform to platform. We also list the versions of Apache httpd the
+flaw is known to affect, and where a flaw has not been verified list
+the version with a question mark. </p><p> Please note that if a vulnerability is shown below as being fixed
+in a "-dev" release then this means that a fix has been applied to
+the development source tree and will be part of an upcoming full release.</p><p> This page is created from a database of vulnerabilities originally
+populated by Apache Week. Please send comments or corrections for
+these vulnerabilities to the <a href="/security_report.html">Security
+Team</a>. </p><h1 id="2.2.22">
+Fixed in Apache httpd 2.2.22</h1><dl>
+ <dd>
+ <b>low: </b>
+ <b>
+ <name name="CVE-2011-3607">mod_setenvif .htaccess privilege escalation</name>
+ </b>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3607">CVE-2011-3607</a>
+ <p>
+An integer overflow flaw was found which, when the mod_setenvif module
+is enabled, could allow local users to gain privileges via a .htaccess
+file.
+</p>
+ </dd>
+ <dd>
+ <p>Acknowledgements:
+This issue was reported by halfdog
+</p>
+ </dd>
+ <dd>
+ Reported to security team: 4th October 2011<br/>
+ Issue public: 2nd November 2011<br/></dd>
+ <dd>
+ Update Released: 31st January 2012<br/></dd>
+ <dd>
+ Affects:
+ 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
+ <dd>
+ <b>low: </b>
+ <b>
+ <name name="CVE-2012-0021">mod_log_config crash</name>
+ </b>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0021">CVE-2012-0021</a>
+ <p>
+A flaw was found in mod_log_config. If the '%{cookiename}C' log format string
+is in use, a remote attacker could send a specific cookie causing a crash.
+This crash would only be a denial of service if using a threaded MPM.
+</p>
+ </dd>
+ <dd>
+ Reported to security team: 30th December 2011<br/>
+ Issue public: 28th November 2011<br/></dd>
+ <dd>
+ Update Released: 31st January 2012<br/></dd>
+ <dd>
+ Affects:
+ 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17<p/></dd>
+ <dd>
+ <b>low: </b>
+ <b>
+ <name name="CVE-2012-0031">scoreboard parent DoS</name>
+ </b>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0031">CVE-2012-0031</a>
+ <p>
+A flaw was found in the handling of the scoreboard. An
+unprivileged child process could cause the parent process to crash at
+shutdown rather than terminate cleanly.
+</p>
+ </dd>
+ <dd>
+ <p>Acknowledgements:
+This issue was reported by halfdog
+</p>
+ </dd>
+ <dd>
+ Reported to security team: 30th December 2011<br/>
+ Issue public: 11th January 2012<br/></dd>
+ <dd>
+ Update Released: 31st January 2012<br/></dd>
+ <dd>
+ Affects:
+ 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
+ <dd>
+ <b>moderate: </b>
+ <b>
+ <name name="CVE-2011-4317">mod_proxy reverse proxy exposure </name>
+ </b>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317">CVE-2011-4317</a>
+ <p>
+An additional exposure was found when using mod_proxy in reverse proxy
mode. In certain configurations using RewriteRule with proxy flag or
-ProxyPassMatch, a remote attacker could cause the reverse proxy to connect
-to an arbitrary server, possibly disclosing sensitive information from
-internal web servers not directly accessible to attacker.</p>
-<p>Acknowledgements: This issue was reported by Prutha Parikh of Qualys</p>
-<p>Reported to security team: 20th October 2011</p>
-<p>Issue public: 22nd January 2012</p>
-<p>Update released: 31st January 2012
-Affected: 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15,<br />
- 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5,<br />
- 2.2.4, 2.2.3, 2.2.2, 2.2.0<br />
-</p>
-</dd>
-<dt>moderate: <name name="CVE-2012-0053">error responses can expose cookies</name></dt>
-<dt><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0053">CVE-2012-0053</a></dt>
-<dd>
-<p>A flaw was found in the default error response for status code 400. This
-flaw could be used by an attacker to expose "httpOnly" cookies when no
-custom ErrorDocument is specified.</p>
-<p>Acknowledgements: This issue was reported by Norman Hippert</p>
-<p>Reported to security team: 15th January 2012</p>
-<p>Issue public: 23rd January 2012</p>
-<p>Update released: 31st January 2012</p>
-<p>Affected: 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15,<br />
- 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5,<br />
- 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
-</dd>
-<dt>moderate: <name name="CVE-2011-3368">mod_proxy reverse proxy exposure</name></dt>
-<dt><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368">CVE-2011-3368</a></dt>
-<dd>
-<p>An exposure was found when using mod_proxy in reverse proxy mode. In
-certain configurations using RewriteRule with proxy flag or ProxyPassMatch,
-a remote attacker could cause the reverse proxy to connect to an arbitrary
-server, possibly disclosing sensitive information from internal web servers
-not directly accessible to attacker.</p>
-<p>Acknowledgements: This issue was reported by Context Information Security Ltd</p>
-<p>Reported to security team: 16th September 2011</p>
-<p>Issue public: 5th October 2011</p>
-<p>Update released: 31st January 2012</p>
-<p>Affected: 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15,<br />
-2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5,<br />
-2.2.4, 2.2.3, 2.2.2, 2.2.0<br />
+ProxyPassMatch, a remote attacker could cause the reverse proxy to
+connect to an arbitrary server, possibly disclosing sensitive
+information from internal web servers not directly accessible to
+attacker.
</p>
-</dd>
-</dl>
-<h1 id="2.2.21">Fixed in Apache httpd 2.2.21</h1>
-<dl>
-<dt>moderate: <name name="CVE-2011-3348">mod_proxy_ajp remote DoS</name></dt>
-<dt><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3348">CVE-2011-3348</a></dt>
-<dd>
-<p>A flaw was found when mod_proxy_ajp is used together with
-mod_proxy_balancer. Given a specific configuration, a remote attacker could
-send certain malformed HTTP requests, putting a backend server into an
-error state until the retry timeout expired. This could lead to a temporary
-denial of service.</p>
-<p>Reported to security team: 7th September 2011</p>
-<p>Issue public: 14th September 2011</p>
-<p>Update released: 14th September 2011</p>
-<p>Affected: 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, <br />
-2.2.13, 2.2.12</p>
-</dd>
-</dl>
-<h1 id="2.2.20">Fixed in Apache httpd 2.2.20</h1>
-<dl>
-<dt><strong>important: <name name="CVE-2011-3192">Range header remote DoS</name></strong></dt>
-<dt><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192">CVE-2011-3192</a></dt>
-<dd>
-<p>A flaw was found in the way the Apache HTTP Server handled Range HTTP
-headers. A remote attacker could use this flaw to cause httpd to use an
-excessive amount of memory and CPU time via HTTP requests with a
-specially-crafted Range header. This could be used in a denial of service
-attack.</p>
-<p>Advisory: <a href="CVE-2011-3192.txt">CVE-2011-3192.txt</a> </p>
-<p>Issue public: 20th August 2011</p>
-<p>Update released: 30th August 2011</p>
-<p>Affected: 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13,<br />
- 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3,<br />
- 2.2.2, 2.2.0</p>
-</dd>
-</dl>
-<h1 id="2.2.19">Fixed in Apache httpd 2.2.19</h1>
-<dl>
-<dt>moderate: <name name="CVE-2011-0419">apr_fnmatch flaw leads to mod_autoindex remote DoS</name></dt>
-<dt><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0419">CVE-2011-0419</a></dt>
-<dd>
-<p>A flaw was found in the apr_fnmatch() function of the bundled APR library.
-Where mod_autoindex is enabled, and a directory indexed by mod_autoindex
-contained files with sufficiently long names, a remote attacker could send
-a carefully crafted request which would cause excessive CPU usage. This
-could be used in a denial of service attack.</p>
-<p>Workaround: Setting the 'IgnoreClient' option to the 'IndexOptions'
+ </dd>
+ <dd>
+ <p>Acknowledgements:
+This issue was reported by Prutha Parikh of Qualys
+</p>
+ </dd>
+ <dd>
+ Reported to security team: 20th October 2011<br/>
+ Issue public: 22nd January 2012<br/></dd>
+ <dd>
+ Update Released: 31st January 2012<br/></dd>
+ <dd>
+ Affects:
+ 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
+ <dd>
+ <b>moderate: </b>
+ <b>
+ <name name="CVE-2012-0053">error responses can expose cookies</name>
+ </b>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0053">CVE-2012-0053</a>
+ <p>
+A flaw was found in the default error response for status code 400. This flaw could
+be used by an attacker to expose "httpOnly" cookies
+when no custom ErrorDocument is specified.
+</p>
+ </dd>
+ <dd>
+ <p>Acknowledgements:
+This issue was reported by Norman Hippert
+</p>
+ </dd>
+ <dd>
+ Reported to security team: 15th January 2012<br/>
+ Issue public: 23rd January 2012<br/></dd>
+ <dd>
+ Update Released: 31st January 2012<br/></dd>
+ <dd>
+ Affects:
+ 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
+ <dd>
+ <b>moderate: </b>
+ <b>
+ <name name="CVE-2011-3368">mod_proxy reverse proxy exposure</name>
+ </b>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368">CVE-2011-3368</a>
+ <p>
+An exposure was found when using mod_proxy in reverse proxy mode.
+In certain configurations using RewriteRule with proxy flag or
+ProxyPassMatch, a remote attacker could cause the reverse proxy to
+connect to an arbitrary server, possibly disclosing sensitive
+information from internal web servers not directly accessible to
+attacker.</p>
+ </dd>
+ <dd>
+ <p>Acknowledgements:
+This issue was reported by Context Information Security Ltd
+</p>
+ </dd>
+ <dd>
+ Reported to security team: 16th September 2011<br/>
+ Issue public: 5th October 2011<br/></dd>
+ <dd>
+ Update Released: 31st January 2012<br/></dd>
+ <dd>
+ Affects:
+ 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
+</dl><h1 id="2.2.21">
+Fixed in Apache httpd 2.2.21</h1><dl>
+ <dd>
+ <b>moderate: </b>
+ <b>
+ <name name="CVE-2011-3348">mod_proxy_ajp remote DoS</name>
+ </b>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3348">CVE-2011-3348</a>
+ <p>
+A flaw was found when mod_proxy_ajp is used together with
+mod_proxy_balancer. Given a specific configuration, a remote attacker
+could send certain malformed HTTP requests, putting a backend server
+into an error state until the retry timeout expired.
+This could lead to a temporary denial of service.</p>
+ </dd>
+ <dd>
+ Reported to security team: 7th September 2011<br/>
+ Issue public: 14th September 2011<br/></dd>
+ <dd>
+ Update Released: 14th September 2011<br/></dd>
+ <dd>
+ Affects:
+ 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12<p/></dd>
+</dl><h1 id="2.2.20">
+Fixed in Apache httpd 2.2.20</h1><dl>
+ <dd>
+ <b>important: </b>
+ <b>
+ <name name="CVE-2011-3192">Range header remote DoS</name>
+ </b>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192">CVE-2011-3192</a>
+ <p>
+A flaw was found in the way the Apache HTTP Server handled Range HTTP
+headers. A remote attacker could use this flaw to cause httpd to use
+an excessive amount of memory and CPU time via HTTP requests with a
+specially-crafted Range header. This could be used in a denial of
+service attack. </p>
+ <p>
+Advisory: <a href="CVE-2011-3192.txt">CVE-2011-3192.txt</a>
+</p>
+ </dd>
+ <dd>
+ Issue public: 20th August 2011<br/></dd>
+ <dd>
+ Update Released: 30th August 2011<br/></dd>
+ <dd>
+ Affects:
+ 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
+</dl><h1 id="2.2.19">
+Fixed in Apache httpd 2.2.19</h1><dl>
+ <dd>
+ <b>moderate: </b>
+ <b>
+ <name name="CVE-2011-0419">apr_fnmatch flaw leads to mod_autoindex remote DoS</name>
+ </b>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0419">CVE-2011-0419</a>
+ <p>
+A flaw was found in the apr_fnmatch() function of the bundled APR
+library. Where mod_autoindex is enabled, and a directory indexed by
+mod_autoindex contained files with sufficiently long names, a
+remote attacker could send a carefully crafted request which would
+cause excessive CPU usage. This could be used in a denial of service
+attack.
+</p>
+ <p>
+Workaround: Setting the 'IgnoreClient' option to the 'IndexOptions'
directive disables processing of the client-supplied request query
-arguments, preventing this attack.</p>
-<p>Resolution: Update APR to release 1.4.5 (bundled with httpd 2.2.19)</p>
-<p>Acknowledgements: This issue was reported by Maksymilian Arciemowicz</p>
-<p>Reported to security team: 2nd March 2011</p>
-<p>Issue public: 10th May 2011</p>
-<p>Update released: 21st May 2011</p>
-<p>Affected: 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12,<br />
-2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
-</dd>
-</dl>
-<h1 id="2.2.17">Fixed in Apache httpd 2.2.17</h1>
-<dl>
-<dt>low: <name name="CVE-2009-3720">expat DoS</name></dt>
-<dt><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720">CVE-2009-3720</a></dt>
-<dd>
-<p>A buffer over-read flaw was found in the bundled expat library. An attacker
-who is able to get Apache to parse an untrused XML document (for example
-through mod_dav) may be able to cause a crash. This crash would only be a
-denial of service if using the worker MPM.</p>
-<p>Reported to security team: 21st August 2009</p>
-<p>Issue public: 17th January 2009</p>
-<p>Update released: 19th October 2010</p>
-<p>Affected: 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10,<br />
- 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
-</dd>
-<dt>low: <name name="CVE-2009-3560">expat DoS</name></dt>
-<dt><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560">CVE-2009-3560</a></dt>
-<dd>
-<p>A buffer over-read flaw was found in the bundled expat library. An attacker
-who is able to get Apache to parse an untrused XML document (for example
-through mod_dav) may be able to cause a crash. This crash would only be a
-denial of service if using the worker MPM.</p>
-<p>Issue public: 2nd December 2009</p>
-<p>Update released: 19th October 2010</p>
-<p>Affected: 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10,<br />
- 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
-</dd>
-<dt>low: <name name="CVE-2010-1623">apr_bridage_split_line DoS</name></dt>
-<dt><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1623">CVE-2010-1623</a></dt>
-<dd>
-<p>A flaw was found in the apr_brigade_split_line() function of the bundled
-APR-util library, used to process non-SSL requests. A remote attacker could
-send requests, carefully crafting the timing of individual bytes, which
-would slowly consume memory, potentially leading to a denial of service.</p>
-<p>Reported to security team: 3rd March 2010</p>
-<p>Issue public: 1st October 2010</p>
-<p>Update released: 19th October 2010</p>
-<p>Affected: 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10,<br />
- 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
-</dd>
-</dl>
-<h1 id="2.2.16">Fixed in Apache httpd 2.2.16</h1>
-<dl>
-<dt><strong>important <name name="CVE-2010-2068">Timeout detection flaw (mod_proxy_http)</name></strong></dt>
-<dt><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2068">CVE-2010-2068</a></dt>
-<dd>
-<p>An information disclosure flaw was found in mod_proxy_http in versions
-2.2.9 through 2.2.15, 2.3.4-alpha and 2.3.5-alpha. Under certain timeout
+arguments, preventing this attack.
+</p>
+ <p>
+Resolution: Update APR to release 1.4.5 (bundled with httpd 2.2.19)
+</p>
+ </dd>
+ <dd>
+ <p>Acknowledgements:
+This issue was reported by Maksymilian Arciemowicz
+</p>
+ </dd>
+ <dd>
+ Reported to security team: 2nd March 2011<br/>
+ Issue public: 10th May 2011<br/></dd>
+ <dd>
+ Update Released: 21st May 2011<br/></dd>
+ <dd>
+ Affects:
+ 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
+</dl><h1 id="2.2.17">
+Fixed in Apache httpd 2.2.17</h1><dl>
+ <dd>
+ <b>low: </b>
+ <b>
+ <name name="CVE-2009-3720">expat DoS</name>
+ </b>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720">CVE-2009-3720</a>
+ <p>
+A buffer over-read flaw was found in the bundled expat
+library. An attacker who is able to get Apache to parse
+an untrused XML document (for example through mod_dav) may
+be able to cause a crash. This crash would only
+be a denial of service if using the worker MPM.
+</p>
+ </dd>
+ <dd>
+ Reported to security team: 21st August 2009<br/>
+ Issue public: 17th January 2009<br/></dd>
+ <dd>
+ Update Released: 19th October 2010<br/></dd>
+ <dd>
+ Affects:
+ 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
+ <dd>
+ <b>low: </b>
+ <b>
+ <name name="CVE-2009-3560">expat DoS</name>
+ </b>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560">CVE-2009-3560</a>
+ <p>
+A buffer over-read flaw was found in the bundled expat
+library. An attacker who is able to get Apache to parse
+an untrused XML document (for example through mod_dav) may
+be able to cause a crash. This crash would only
+be a denial of service if using the worker MPM.
+</p>
+ </dd>
+ <dd>
+ Issue public: 2nd December 2009<br/></dd>
+ <dd>
+ Update Released: 19th October 2010<br/></dd>
+ <dd>
+ Affects:
+ 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
+ <dd>
+ <b>low: </b>
+ <b>
+ <name name="CVE-2010-1623">apr_bridage_split_line DoS</name>
+ </b>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1623">CVE-2010-1623</a>
+ <p>
+A flaw was found in the apr_brigade_split_line() function of the bundled
+APR-util library, used to process non-SSL requests. A remote attacker
+could send requests, carefully crafting the timing of individual bytes,
+which would slowly consume memory, potentially leading to a denial of
+service.
+</p>
+ </dd>
+ <dd>
+ Reported to security team: 3rd March 2010<br/>
+ Issue public: 1st October 2010<br/></dd>
+ <dd>
+ Update Released: 19th October 2010<br/></dd>
+ <dd>
+ Affects:
+ 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
+</dl><h1 id="2.2.16">
+Fixed in Apache httpd 2.2.16</h1><dl>
+ <dd>
+ <b>important: </b>
+ <b>
+ <name name="CVE-2010-2068">Timeout detection flaw (mod_proxy_http)</name>
+ </b>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2068">CVE-2010-2068</a>
+ <p>
+An information disclosure flaw was found in mod_proxy_http in versions
+2.2.9 through 2.2.15, 2.3.4-alpha and 2.3.5-alpha. Under certain timeout
conditions, the server could return a response intended for another user.
-Only Windows, Netware and OS2 operating systems are affected. Only those
+Only Windows, Netware and OS2 operating systems are affected. Only those
configurations which trigger the use of proxy worker pools are affected.
-There was no vulnerability on earlier versions, as proxy pools were not yet
-introduced. </p>
-<p>The simplest workaround is to globally configure: "SetEnv proxy-nokeepalive 1"</p>
-<p>Source code patches are at;</p>
-<ul>
-<li>
-<p><a href="http://www.apache.org/dist/httpd/patches/apply_to_2.2.15/CVE-2010-2068-r953616.patch">http://www.apache.org/dist/httpd/patches/apply_to_2.2.15/CVE-2010-2068-r953616.patch</a> </p>
-</li>
-<li>
-<p><a href="http://www.apache.org/dist/httpd/patches/apply_to_2.3.5/CVE-2010-2068-r953418.patch">http://www.apache.org/dist/httpd/patches/apply_to_2.3.5/CVE-2010-2068-r953418.patch</a> </p>
-</li>
+There was no vulnerability on earlier versions, as proxy pools were not
+yet introduced. The simplest workaround is to globally configure;</p>
+ <p>SetEnv proxy-nokeepalive 1</p>
+ <p>Source code patches are at;</p>
+ <ul>
+<li><a href="http://www.apache.org/dist/httpd/patches/apply_to_2.2.15/CVE-2010-2068-r953616.patch">http://www.apache.org/dist/httpd/patches/apply_to_2.2.15/CVE-2010-2068-r953616.patch</a></li>
+<li><a href="http://www.apache.org/dist/httpd/patches/apply_to_2.3.5/CVE-2010-2068-r953418.patch">http://www.apache.org/dist/httpd/patches/apply_to_2.3.5/CVE-2010-2068-r953418.patch</a></li>
</ul>
-<p>Binary replacement modules are at</p>
-<ul>
-<li><a href="http://www.apache.org/dist/httpd/binaries/win32/mod_proxy_http-CVE-2010-2068.zip">http://www.apache.org/dist/httpd/binaries/win32/mod_proxy_http-CVE-2010-2068.zip</a> </li>
+ <p>Binary replacement modules are at</p>
+ <ul>
+<li><a href="http://www.apache.org/dist/httpd/binaries/win32/mod_proxy_http-CVE-2010-2068.zip">http://www.apache.org/dist/httpd/binaries/win32/mod_proxy_http-CVE-2010-2068.zip</a></li>
</ul>
-<p>Acknowledgements: We would like to thank Loren Anderson for the detailed
-analysis and reporting of this issue.</p>
-<p>Issue public: 9th June 2010</p>
-<p>Update released: 25th July 2010</p>
-<p>Affected: 2.3.5-alpha, 2.3.4-alpha, 2.2.15, 2.2.14, 2.2.13, 2.2.12,<br />
- 2.2.11, 2.2.10, 2.2.9</p>
-</dd>
-<dt>low: <name name="CVE-2010-1452">mod_cache and mod_dav DoS</name></dt>
-<dt><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1452">CVE-2010-1452</a></dt>
-<dd>
-<p>A flaw was found in the handling of requests by mod_cache and mod_dav. A
-malicious remote attacker could send a carefully crafted request and cause
-a httpd child process to crash. This crash would only be a denial of
-service if using the worker MPM. This issue is further mitigated as mod_dav
-is only affected by requests that are most likely to be authenticated, and
-mod_cache is only affected if the uncommon
-"CacheIgnoreURLSessionIdentifiers" directive, introduced in version 2.2.14,
-is used.</p>
-<p>Acknowledgements: This issue was reported by Mark Drayton.</p>
-<p>Reported to security team: 4th May 2010</p>
-<p>Issue public: 25th July 2010</p>
-<p>Update released: 25th July 2010 Affected: 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9,<br />
- 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
-</dd>
-</dl>
-<h1 id="2.2.15">Fixed in Apache httpd 2.2.15</h1>
-<dl>
-<dt><strong>important:</strong> <strong><name name="CVE-2010-0425">mod_isapi module unload flaw</name></strong></dt>
-<dt><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0425">CVE-2010-0425</a></dt>
-<dd>
-<p>A flaw was found with within mod_isapi which would attempt to unload the
-ISAPI dll when it encountered various error states. This could leave the
-callbacks in an undefined state and result in a segfault. On Windows
-platforms using mod_isapi, a remote attacker could send a malicious request
-to trigger this issue, and as win32 MPM runs only one process, this would
-result in a denial of service, and potentially allow arbitrary code
-execution.</p>
-<p>Acknowledgements: We would like to thank Brett Gervasoni of Sense of
-Security for reporting and proposing a patch fix for this issue.</p>
-<p>Reported to security team: 9th February 2010</p>
-<p>Issue public: 2nd March 2010</p>
-<p>Update released: 5th March 2010</p>
-<p>Affected: 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6,<br />
- 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
-</dd>
-<dt>low <name name="CVE-2010-0434">Subrequest handling of request headers (mod_headers)</name></dt>
-<dt><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0434">CVE-2010-0434</a></dt>
-<dd>
-<p>A flaw in the core subrequest process code was fixed, to always provide a
-shallow copy of the headers_in array to the subrequest, instead of a
-pointer to the parent request's array as it had for requests without
-request bodies. This meant all modules such as mod_headers which may
-manipulate the input headers for a subrequest would poison the parent
-request in two ways, one by modifying the parent request, which might not
-be intended, and second by leaving pointers to modified header fields in
-memory allocated to the subrequest scope, which could be freed before the
-main request processing was finished, resulting in a segfault or in
-revealing data from another request on threaded servers, such as the worker
-or winnt MPMs.</p>
-<p>Acknowledgements: We would like to thank Philip Pickett of VMware for
-reporting and proposing a fix for this issue.</p>
-<p>Issue public: 9th December 2009</p>
-<p>Update released: 5th March 2010</p>
-<p>Affected: 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6,<br />
- 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
-</dd>
-<dt>moderate: <name name="CVE-2010-0408">mod_proxy_ajp DoS</name></dt>
-<dt><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0408">CVE-2010-0408</a></dt>
-<dd>
-<p>mod_proxy_ajp would return the wrong status code if it encountered an
-error, causing a backend server to be put into an error state until the
-retry timeout expired. A remote attacker could send malicious requests to
-trigger this issue, resulting in denial of service.</p>
-<p>Acknowledgements: We would like to thank Niku Toivola of Sulake Corporation
-for reporting and proposing a patch fix for this issue.</p>
-<p>Reported to security team: 2nd February 2010</p>
-<p>Issue public: 2nd March 2010</p>
-<p>Update released: 5th March 2010<br></br></p>
-<p>Affected: 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6,<br />
- 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
-</dd>
-</dl>
-<h1 id="2.2.14">Fixed in Apache httpd 2.2.14</h1>
-<dl>
-<dt>low: <name name="CVE-2009-3094">mod_proxy_ftp DoS</name></dt>
-<dt><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094">CVE-2009-3094</a></dt>
-<dd>
-<p>A NULL pointer dereference flaw was found in the mod_proxy_ftp module. A
-malicious FTP server to which requests are being proxied could use this
-flaw to crash an httpd child process via a malformed reply to the EPSV or
-PASV commands, resulting in a limited denial of service.</p>
-<p>Reported to security team: 4th September 2009</p>
-<p>Issue public: 2nd August 2009</p>
-<p>Update released: 5th October 2009</p>
-<p>Affected: 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, <br />
- 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
-</dd>
-<dt>low: <name name="CVE-2009-3095">mod_proxy_ftp FTP command injection</name></dt>
-<dt><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095">CVE-2009-3095</a></dt>
-<dd>
-<p>A flaw was found in the mod_proxy_ftp module. In a reverse proxy
-configuration, a remote attacker could use this flaw to bypass intended
-access restrictions by creating a carefully-crafted HTTP Authorization
-header, allowing the attacker to send arbitrary commands to the FTP server.</p>
-<p>Reported to security team: 3rd September 2009</p>
-<p>Issue public: 3rd August 2009</p>
-<p>Update released: 5th October 2009</p>
-<p>Affected: 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5,<br />
- 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
-</dd>
-<dt>moderate: <name name="CVE-2009-2699">Solaris pollset DoS</name></dt>
-<dt><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2699">CVE-2009-2699</a></dt>
-<dd>
-<p>Faulty error handling was found affecting Solaris pollset support (Event
-Port backend) caused by a bug in APR. A remote attacker could trigger this
-issue on Solaris servers which used prefork or event MPMs, resulting in a
-denial of service.</p>
-<p>Reported to security team: 5th August 2009</p>
-<p>Issue public: 23rd September 2009</p>
-<p>Update released: 5th October 2009</p>
-<p>Affected: 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5,<br />
- 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
-</dd>
-</dl>
-<h1 id="2.2.13">Fixed in Apache httpd 2.2.13</h1>
-<dl>
-<dt>low: <name name="CVE-2009-2412">APR apr_palloc heap overflow</name></dt>
-<dt><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412">CVE-2009-2412</a></dt>
-<dd>
-<p>A flaw in apr_palloc() in the bundled copy of APR could cause heap
-overflows in programs that try to apr_palloc() a user controlled size. The
-Apache HTTP Server itself does not pass unsanitized user-provided sizes to
-this function, so it could only be triggered through some other application
-which uses apr_palloc() in a vulnerable way.</p>
-<p>Reported to security team: 27th July 2009</p>
-<p>Issue public: 4th August 2009</p>
-<p>Update released: 9th August 2009</p>
-<p>Affected: 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4,<br />
- 2.2.3, 2.2.2, 2.2.0</p>
-</dd>
-</dl>
-<h1 id="2.2.12">Fixed in Apache httpd 2.2.12</h1>
-<dl>
-<dt><strong>important <name name="CVE-2009-1890">mod_proxy reverse proxy DoS</name></strong></dt>
-<dt><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1890">CVE-2009-1890</a></dt>
-<dd>
-<p>A denial of service flaw was found in the mod_proxy module when it was used
-as a reverse proxy. A remote attacker could use this flaw to force a proxy
-process to consume large amounts of CPU time.</p>
-<p>Reported to security team: 30th June 2009</p>
-<p>Issue public: 2nd July 2009</p>
-<p>Update released: 27th July 2009</p>
-<p>Affected: 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3,<br />
- 2.2.2, 2.2.0</p>
-</dd>
-<dt><strong>important:</strong> <strong><name name="CVE-2009-1191">mod_proxy_ajp information disclosure</name></strong></dt>
-<dt><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1191">CVE-2009-1191</a></dt>
-<dd>
-<p>An information disclosure flaw was found in mod_proxy_ajp in version 2.2.11
-only. In certain situations, if a user sent a carefully crafted HTTP
-request, the server could return a response intended for another user.</p>
-<p>Reported to security team: 5th March 2009</p>
-<p>Issue public: 21st April 2009</p>
-<p>Update released: 27th July 2009</p>
-<p>Affected: 2.2.11</p>
-</dd>
-<dt>low: <name name="CVE-2009-1891">mod_deflate DoS</name></dt>
-<dt><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891">CVE-2009-1891</a></dt>
-<dd>
-<p>A denial of service flaw was found in the mod_deflate module. This module
-continued to compress large files until compression was complete, even if
-the network connection that requested the content was closed before
-compression completed. This would cause mod_deflate to consume large
-amounts of CPU if mod_deflate was enabled for a large file.</p>
-<p>Issue public: 26th June 2009</p>
-<p>Update released: 27th July 2009</p>
-<p>Affected: 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3,<br />
- 2.2.2, 2.2.0</p>
-</dd>
-<dt>low: <name name="CVE-2009-1195">AllowOverride Options handling bypass</name></dt>
-<dt><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1195">CVE-2009-1195</a></dt>
-<dd>
-<p>A flaw was found in the handling of the "Options" and "AllowOverride"
-directives. In configurations using the "AllowOverride" directive with
-certain "Options=" arguments, local users were not restricted from
-executing commands from a Server-Side-Include script as intended.</p>
-<p>Reported to security team: 9th March 2009</p>
-<p>Issue public: 22nd April 2009</p>
-<p>Update released: 27th July 2009</p>
-<p>Affected: 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3,<br />
- 2.2.2, 2.2.0</p>
-</dd>
-<dt>moderate: <name name="CVE-2009-1956">APR-util off-by-one overflow</name></dt>
-<dt><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1956">CVE-2009-1956</a></dt>
-<dd>
-<p>An off-by-one overflow flaw was found in the way the bundled copy of the
-APR-util library processed a variable list of arguments. An attacker could
-provide a specially-crafted string as input for the formatted output
-conversion routine, which could, on big-endian platforms, potentially lead
-to the disclosure of sensitive information or a denial of service.</p>
-<p>Issue public: 24th April 2009</p>
-<p>Update released: 72th  2009</p>
-<p>Affected: 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3,<br />
- 2.2.2, 2.2.0</p>
-</dd>
-<dt>moderate: <name name="CVE-2009-1955">APR-util XML DoS</name></dt>
-<dt><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955">CVE-2009-1955</a></dt>
-<dd>
-<p>A denial of service flaw was found in the bundled copy of the APR-util
-library Extensible Markup Language (XML) parser. A remote attacker could
-create a specially-crafted XML document that would cause excessive memory
-consumption when processed by the XML decoding engine.</p>
-<p>Issue public: 1st June 2009</p>
-<p>Update released: 27th July 2009</p>
-<p>Affected: 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3,<br />
- 2.2.2, 2.2.0</p>
-</dd>
-<dt>moderate: <name name="CVE-2009-0023">APR-util heap underwrite</name></dt>
-<dt><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0023">CVE-2009-0023</a></dt>
-<dd>
-<p>A heap-based underwrite flaw was found in the way the bundled copy of the
-APR-util library created compiled forms of particular search patterns. An
-attacker could formulate a specially-crafted search keyword, that would
-overwrite arbitrary heap memory locations when processed by the pattern
-preparation engine.</p>
-<p>Issue public: 1st June 2009</p>
-<p>Update released: 27th July 2009</p>
-<p>Affected: 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3,<br />
- 2.2.2, 2.2.0</p>
-</dd>
-</dl>
-<h1 id="2.2.10">Fixed in Apache httpd 2.2.10</h1>
-<dl>
-<dt><strong>important:</strong> <strong><name name="CVE-2010-2791">Timeout detection flaw (mod_proxy_http)</name></strong></dt>
-<dt><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2791">CVE-2010-2791</a></dt>
-<dd>
-<p>An information disclosure flaw was found in mod_proxy_http in version 2.2.9
-only, on Unix platforms. Under certain timeout conditions, the server could
-return a response intended for another user. Only those configurations
-which trigger the use of proxy worker pools are affected. There was no
-vulnerability on earlier versions, as proxy pools were not yet introduced.
-The simplest workaround is to globally configure:</p>
-<p>SetEnv proxy-nokeepalive 1</p>
-<p>Issue public: 23rd July 2010</p>
-<p>Update released: 31st October 2008</p>
-<p>Affected: 2.2.9</p>
-</dd>
-<dt>low: <name name="CVE-2008-2939">mod_proxy_ftp globbing XSS</name></dt>
-<dt><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939">CVE-2008-2939</a></dt>
-<dd>
-<p>A flaw was found in the handling of wildcards in the path of a FTP URL with
-mod_proxy_ftp. If mod_proxy_ftp is enabled to support FTP-over-HTTP,
-requests containing globbing characters could lead to cross-site scripting
-(XSS) attacks.</p>
-<p>Reported to security team: 28th July 2008</p>
-<p>Issue public: 5th August 2008</p>
-<p>Update released: 31st October 2008</p>
-<p>Affected: 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
-</dd>
-</dl>
-<h1 id="2.2.9">Fixed in Apache httpd 2.2.9</h1>
-<dl>
-<dt>low: <name name="CVE-2007-6420">mod_proxy_balancer CSRF</name></dt>
-<dt><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6420">CVE-2007-6420</a></dt>
-<dd>
-<p>The mod_proxy_balancer provided an administrative interface that could be
-vulnerable to cross-site request forgery (CSRF) attacks.</p>
-<p>Reported to security team: 12th October 2007</p>
-<p>Issue public: 9th January 2008</p>
-<p>Update released: 14th June 2008</p>
-<p>Affected: 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
-</dd>
-<dt>moderate: name name="CVE-2008-2364">mod_proxy_http DoS</name></dt>
-<dt><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364">CVE-2008-2364</a></dt>
-<dd>
-<p>A flaw was found in the handling of excessive interim responses from an
-origin server when using mod_proxy_http. A remote attacker could cause a
-denial of service or high memory usage.</p>
-<p>Reported to security team: 29th May 2008</p>
-<p>Issue public: 10th June 2008</p>
-<p>Update released: 14th June 2008</p>
-<p>Affected: 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
-</dd>
-</dl>
-<h1 id="2.2.8">Fixed in Apache httpd 2.2.8</h1>
-<dl>
-<dt>low: <name name="CVE-2008-0005">mod_proxy_ftp UTF-7 XSS</name></dt>
-<dt><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005">CVE-2008-0005</a></dt>
-<dd>
-<p>A workaround was added in the mod_proxy_ftp module. On sites where
-mod_proxy_ftp is enabled and a forward proxy is configured, a cross-site
-scripting attack is possible against Web browsers which do not correctly
-derive the response character set following the rules in RFC 2616.</p>
-<p>Reported to security team: 15th December 2007</p>
-<p>Issue public: 8th January 2008</p>
-<p>Update released: 19th January 2008</p>
-<p>Affected: 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
-</dd>
-<dt>low: <name name="CVE-2007-6422">mod_proxy_balancer DoS</name></dt>
-<dt><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6422">CVE-2007-6422</a></dt>
-<dd>
-<p>A flaw was found in the mod_proxy_balancer module. On sites where
+ </dd>
+ <dd>
+ <p>Acknowledgements:
+We would like to thank Loren Anderson for the detailed analysis and
+reporting of this issue.
+</p>
+ </dd>
+ <dd>
+ Issue public: 9th June 2010<br/></dd>
+ <dd>
+ Update Released: 25th July 2010<br/></dd>
+ <dd>
+ Affects:
+ 2.3.5-alpha, 2.3.4-alpha, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9<p/></dd>
+ <dd>
+ <b>low: </b>
+ <b>
+ <name name="CVE-2010-1452">mod_cache and mod_dav DoS</name>
+ </b>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1452">CVE-2010-1452</a>
+ <p>
+A flaw was found in the handling of requests by mod_cache and mod_dav.
+A malicious remote attacker could send a carefully crafted request and
+cause a httpd child process to crash. This crash would only
+be a denial of service if using the worker MPM. This issue is further
+mitigated as mod_dav is only affected by requests that are most likely
+to be authenticated, and mod_cache is only affected if the uncommon
+"CacheIgnoreURLSessionIdentifiers" directive, introduced in
+version 2.2.14, is used.
+</p>
+ </dd>
+ <dd>
+ <p>Acknowledgements:
+This issue was reported by Mark Drayton.
+</p>
+ </dd>
+ <dd>
+ Reported to security team: 4th May 2010<br/>
+ Issue public: 25th July 2010<br/></dd>
+ <dd>
+ Update Released: 25th July 2010<br/></dd>
+ <dd>
+ Affects:
+ 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
+</dl><h1 id="2.2.15">
+Fixed in Apache httpd 2.2.15</h1><dl>
+ <dd>
+ <b>important: </b>
+ <b>
+ <name name="CVE-2010-0425">mod_isapi module unload flaw</name>
+ </b>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0425">CVE-2010-0425</a>
+ <p>
+A flaw was found with within mod_isapi which would attempt to unload the ISAPI dll when it
+encountered various error states. This could leave the callbacks in an
+undefined state and result in a segfault. On Windows platforms using mod_isapi, a
+remote attacker could send a malicious request to trigger this issue, and as win32 MPM runs only one
+process, this would result in a denial of service, and potentially allow
+arbitrary code execution.
+</p>
+ </dd>
+ <dd>
+ <p>Acknowledgements:
+We would like to thank Brett Gervasoni of Sense of Security for reporting and
+proposing a patch fix for this issue.
+</p>
+ </dd>
+ <dd>
+ Reported to security team: 9th February 2010<br/>
+ Issue public: 2nd March 2010<br/></dd>
+ <dd>
+ Update Released: 5th March 2010<br/></dd>
+ <dd>
+ Affects:
+ 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
+ <dd>
+ <b>low: </b>
+ <b>
+ <name name="CVE-2010-0434">Subrequest handling of request headers (mod_headers)</name>
+ </b>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0434">CVE-2010-0434</a>
+ <p>
+A flaw in the core subrequest process code was fixed, to always provide a shallow copy of the headers_in
+array to the subrequest, instead of a pointer to the parent request's array
+as it had for requests without request bodies. This meant all modules such
+as mod_headers which may manipulate the input headers for a subrequest would
+poison the parent request in two ways, one by modifying the parent request,
+which might not be intended, and second by leaving pointers to modified header
+fields in memory allocated to the subrequest scope, which could be freed
+before the main request processing was finished, resulting in a segfault or
+in revealing data from another request on threaded servers, such as the worker
+or winnt MPMs.
+</p>
+ </dd>
+ <dd>
+ <p>Acknowledgements:
+We would like to thank Philip Pickett of VMware for reporting and proposing a
+fix for this issue.
+</p>
+ </dd>
+ <dd>
+ Issue public: 9th December 2009<br/></dd>
+ <dd>
+ Update Released: 5th March 2010<br/></dd>
+ <dd>
+ Affects:
+ 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
+ <dd>
+ <b>moderate: </b>
+ <b>
+ <name name="CVE-2010-0408">mod_proxy_ajp DoS</name>
+ </b>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0408">CVE-2010-0408</a>
+ <p>
+mod_proxy_ajp would return the wrong status code if it encountered
+an error, causing a backend server to be put into an error state until
+the retry timeout expired. A remote attacker could send malicious requests
+to trigger this issue, resulting in denial of service.
+</p>
+ </dd>
+ <dd>
+ <p>Acknowledgements:
+We would like to thank Niku Toivola of Sulake Corporation for reporting and
+proposing a patch fix for this issue.
+</p>
+ </dd>
+ <dd>
+ Reported to security team: 2nd February 2010<br/>
+ Issue public: 2nd March 2010<br/></dd>
+ <dd>
+ Update Released: 5th March 2010<br/></dd>
+ <dd>
+ Affects:
+ 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
+</dl><h1 id="2.2.14">
+Fixed in Apache httpd 2.2.14</h1><dl>
+ <dd>
+ <b>low: </b>
+ <b>
+ <name name="CVE-2009-3094">mod_proxy_ftp DoS</name>
+ </b>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094">CVE-2009-3094</a>
+ <p>
+A NULL pointer dereference flaw was found in the mod_proxy_ftp
+module. A malicious FTP server to which requests are being proxied
+could use this flaw to crash an httpd child process via a malformed
+reply to the EPSV or PASV commands, resulting in a limited denial of
+service.
+</p>
+ </dd>
+ <dd>
+ Reported to security team: 4th September 2009<br/>
+ Issue public: 2nd August 2009<br/></dd>
+ <dd>
+ Update Released: 5th October 2009<br/></dd>
+ <dd>
+ Affects:
+ 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
+ <dd>
+ <b>low: </b>
+ <b>
+ <name name="CVE-2009-3095">mod_proxy_ftp FTP command injection</name>
+ </b>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095">CVE-2009-3095</a>
+ <p>
+A flaw was found in the mod_proxy_ftp module. In a reverse proxy
+configuration, a remote attacker could use this flaw to bypass
+intended access restrictions by creating a carefully-crafted HTTP
+Authorization header, allowing the attacker to send arbitrary commands
+to the FTP server.
+</p>
+ </dd>
+ <dd>
+ Reported to security team: 3rd September 2009<br/>
+ Issue public: 3rd August 2009<br/></dd>
+ <dd>
+ Update Released: 5th October 2009<br/></dd>
+ <dd>
+ Affects:
+ 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
+ <dd>
+ <b>moderate: </b>
+ <b>
+ <name name="CVE-2009-2699">Solaris pollset DoS</name>
+ </b>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2699">CVE-2009-2699</a>
+ <p>Faulty error handling was found affecting Solaris pollset support
+(Event Port backend) caused by a bug in APR. A remote attacker
+could trigger this issue on Solaris servers which used prefork or
+event MPMs, resulting in a denial of service.
+</p>
+ </dd>
+ <dd>
+ Reported to security team: 5th August 2009<br/>
+ Issue public: 23rd September 2009<br/></dd>
+ <dd>
+ Update Released: 5th October 2009<br/></dd>
+ <dd>
+ Affects:
+ 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
+</dl><h1 id="2.2.13">
+Fixed in Apache httpd 2.2.13</h1><dl>
+ <dd>
+ <b>low: </b>
+ <b>
+ <name name="CVE-2009-2412">APR apr_palloc heap overflow</name>
+ </b>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412">CVE-2009-2412</a>
+ <p>
+A flaw in apr_palloc() in the bundled copy of APR could
+cause heap overflows in programs that try to apr_palloc() a user
+controlled size. The Apache HTTP Server itself does not pass
+unsanitized user-provided sizes to this function, so it could only
+be triggered through some other application which uses apr_palloc()
+in a vulnerable way.
+</p>
+ </dd>
+ <dd>
+ Reported to security team: 27th July 2009<br/>
+ Issue public: 4th August 2009<br/></dd>
+ <dd>
+ Update Released: 9th August 2009<br/></dd>
+ <dd>
+ Affects:
+ 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
+</dl><h1 id="2.2.12">
+Fixed in Apache httpd 2.2.12</h1><dl>
+ <dd>
+ <b>important: </b>
+ <b>
+ <name name="CVE-2009-1890">mod_proxy reverse proxy DoS</name>
+ </b>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1890">CVE-2009-1890</a>
+ <p>
+A denial of service flaw was found in the mod_proxy module when it was
+used as a reverse proxy. A remote attacker could use this flaw to
+force a proxy process to consume large amounts of CPU time.
+</p>
+ </dd>
+ <dd>
+ Reported to security team: 30th June 2009<br/>
+ Issue public: 2nd July 2009<br/></dd>
+ <dd>
+ Update Released: 27th July 2009<br/></dd>
+ <dd>
+ Affects:
+ 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
+ <dd>
+ <b>important: </b>
+ <b>
+ <name name="CVE-2009-1191">mod_proxy_ajp information disclosure</name>
+ </b>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1191">CVE-2009-1191</a>
+ <p>
+An information disclosure flaw was found in mod_proxy_ajp in version
+2.2.11 only. In certain
+situations, if a user sent a carefully crafted HTTP request, the server
+could return a response intended for another user.
+</p>
+ </dd>
+ <dd>
+ Reported to security team: 5th March 2009<br/>
+ Issue public: 21st April 2009<br/></dd>
+ <dd>
+ Update Released: 27th July 2009<br/></dd>
+ <dd>
+ Affects:
+ 2.2.11<p/></dd>
+ <dd>
+ <b>low: </b>
+ <b>
+ <name name="CVE-2009-1891">mod_deflate DoS</name>
+ </b>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891">CVE-2009-1891</a>
+ <p>
+A denial of service flaw was found in the mod_deflate module. This
+module continued to compress large files until compression was
+complete, even if the network connection that requested the content
+was closed before compression completed. This would cause mod_deflate
+to consume large amounts of CPU if mod_deflate was enabled for a large
+file.</p>
+ </dd>
+ <dd>
+ Issue public: 26th June 2009<br/></dd>
+ <dd>
+ Update Released: 27th July 2009<br/></dd>
+ <dd>
+ Affects:
+ 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
+ <dd>
+ <b>low: </b>
+ <b>
+ <name name="CVE-2009-1195">AllowOverride Options handling bypass</name>
+ </b>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1195">CVE-2009-1195</a>
+ <p>
+A flaw was found in the handling of the "Options" and "AllowOverride"
+directives. In configurations using the "AllowOverride" directive
+with certain "Options=" arguments, local users were not restricted
+from executing commands from a Server-Side-Include script as intended.
+</p>
+ </dd>
+ <dd>
+ Reported to security team: 9th March 2009<br/>
+ Issue public: 22nd April 2009<br/></dd>
+ <dd>
+ Update Released: 27th July 2009<br/></dd>
+ <dd>
+ Affects:
+ 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
+ <dd>
+ <b>moderate: </b>
+ <b>
+ <name name="CVE-2009-1956">APR-util off-by-one overflow</name>
+ </b>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1956">CVE-2009-1956</a>
+ <p>
+An off-by-one overflow flaw was found in the way the bundled copy of
+the APR-util library processed a variable list of arguments. An
+attacker could provide a specially-crafted string as input for the
+formatted output conversion routine, which could, on big-endian
+platforms, potentially lead to the disclosure of sensitive information
+or a denial of service.
+</p>
+ </dd>
+ <dd>
+ Issue public: 24th April 2009<br/></dd>
+ <dd>
+ Update Released: 72th 2009<br/></dd>
+ <dd>
+ Affects:
+ 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
+ <dd>
+ <b>moderate: </b>
+ <b>
+ <name name="CVE-2009-1955">APR-util XML DoS</name>
+ </b>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955">CVE-2009-1955</a>
+ <p>
+A denial of service flaw was found in the bundled copy of the APR-util
+library Extensible Markup Language (XML) parser. A remote attacker
+could create a specially-crafted XML document that would cause
+excessive memory consumption when processed by the XML decoding
+engine.
+</p>
+ </dd>
+ <dd>
+ Issue public: 1st June 2009<br/></dd>
+ <dd>
+ Update Released: 27th July 2009<br/></dd>
+ <dd>
+ Affects:
+ 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
+ <dd>
+ <b>moderate: </b>
+ <b>
+ <name name="CVE-2009-0023">APR-util heap underwrite</name>
+ </b>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0023">CVE-2009-0023</a>
+ <p>
+A heap-based underwrite flaw was found in the way the bundled copy of
+the APR-util library created compiled forms of particular search
+patterns. An attacker could formulate a specially-crafted search
+keyword, that would overwrite arbitrary heap memory locations when
+processed by the pattern preparation engine.
+</p>
+ </dd>
+ <dd>
+ Issue public: 1st June 2009<br/></dd>
+ <dd>
+ Update Released: 27th July 2009<br/></dd>
+ <dd>
+ Affects:
+ 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
+</dl><h1 id="2.2.10">
+Fixed in Apache httpd 2.2.10</h1><dl>
+ <dd>
+ <b>important: </b>
+ <b>
+ <name name="CVE-2010-2791">Timeout detection flaw (mod_proxy_http)</name>
+ </b>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2791">CVE-2010-2791</a>
+ <p>
+An information disclosure flaw was found in mod_proxy_http in version
+2.2.9 only, on Unix platforms. Under certain timeout
+conditions, the server could return a response intended for another user.
+Only those configurations which trigger the use of proxy worker pools
+are affected. There was no vulnerability on earlier versions, as
+proxy pools were not yet introduced. The simplest workaround is to
+globally configure:</p>
+ <p>SetEnv proxy-nokeepalive 1</p>
+ </dd>
+ <dd>
+ Issue public: 23rd July 2010<br/></dd>
+ <dd>
+ Update Released: 31st October 2008<br/></dd>
+ <dd>
+ Affects:
+ 2.2.9<p/></dd>
+ <dd>
+ <b>low: </b>
+ <b>
+ <name name="CVE-2008-2939">mod_proxy_ftp globbing XSS</name>
+ </b>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939">CVE-2008-2939</a>
+ <p>
+A flaw was found in the handling of wildcards in the path of a FTP
+URL with mod_proxy_ftp. If mod_proxy_ftp is enabled to support
+FTP-over-HTTP, requests containing globbing characters could lead
+to cross-site scripting (XSS) attacks.</p>
+ </dd>
+ <dd>
+ Reported to security team: 28th July 2008<br/>
+ Issue public: 5th August 2008<br/></dd>
+ <dd>
+ Update Released: 31st October 2008<br/></dd>
+ <dd>
+ Affects:
+ 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
+</dl><h1 id="2.2.9">
+Fixed in Apache httpd 2.2.9</h1><dl>
+ <dd>
+ <b>low: </b>
+ <b>
+ <name name="CVE-2007-6420">mod_proxy_balancer CSRF</name>
+ </b>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6420">CVE-2007-6420</a>
+ <p>
+The mod_proxy_balancer provided an administrative interface that could be
+vulnerable to cross-site request forgery (CSRF) attacks.
+</p>
+ </dd>
+ <dd>
+ Reported to security team: 12th October 2007<br/>
+ Issue public: 9th January 2008<br/></dd>
+ <dd>
+ Update Released: 14th June 2008<br/></dd>
+ <dd>
+ Affects:
+ 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
+ <dd>
+ <b>moderate: </b>
+ <b>
+ <name name="CVE-2008-2364">mod_proxy_http DoS</name>
+ </b>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364">CVE-2008-2364</a>
+ <p>
+A flaw was found in the handling of excessive interim responses
+from an origin server when using mod_proxy_http. A remote attacker
+could cause a denial of service or high memory usage.</p>
+ </dd>
+ <dd>
+ Reported to security team: 29th May 2008<br/>
+ Issue public: 10th June 2008<br/></dd>
+ <dd>
+ Update Released: 14th June 2008<br/></dd>
+ <dd>
+ Affects:
+ 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
+</dl><h1 id="2.2.8">
+Fixed in Apache httpd 2.2.8</h1><dl>
+ <dd>
+ <b>low: </b>
+ <b>
+ <name name="CVE-2008-0005">mod_proxy_ftp UTF-7 XSS</name>
+ </b>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005">CVE-2008-0005</a>
+ <p>
+A workaround was added in the mod_proxy_ftp module. On sites where
+mod_proxy_ftp is enabled and a forward proxy is configured, a
+cross-site scripting attack is possible against Web browsers which do
+not correctly derive the response character set following the rules in
+RFC 2616.
+</p>
+ </dd>
+ <dd>
+ Reported to security team: 15th December 2007<br/>
+ Issue public: 8th January 2008<br/></dd>
+ <dd>
+ Update Released: 19th January 2008<br/></dd>
+ <dd>
+ Affects:
+ 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
+ <dd>
+ <b>low: </b>
+ <b>
+ <name name="CVE-2007-6422">mod_proxy_balancer DoS</name>
+ </b>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6422">CVE-2007-6422</a>
+ <p>
+A flaw was found in the mod_proxy_balancer module. On sites where
mod_proxy_balancer is enabled, an authorized user could send a carefully
crafted request that would cause the Apache child process handling that
request to crash. This could lead to a denial of service if using a
-threaded Multi-Processing Module.</p>
-<p>Reported to security team: 12th December 2007</p>
-<p>Issue public: 2nd January 2008</p>
-<p>Update released: 19th January 2008</p>
-<p>Affected: 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
-</dd>
-<dt>low: <name name="CVE-2007-6421">mod_proxy_balancer XSS</name></dt>
-<dt><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6421">CVE-2007-6421</a></dt>
-<dd>
-<p>A flaw was found in the mod_proxy_balancer module. On sites where
+threaded Multi-Processing Module. </p>
+ </dd>
+ <dd>
+ Reported to security team: 12th December 2007<br/>
+ Issue public: 2nd January 2008<br/></dd>
+ <dd>
+ Update Released: 19th January 2008<br/></dd>
+ <dd>
+ Affects:
+ 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
+ <dd>
+ <b>low: </b>
+ <b>
+ <name name="CVE-2007-6421">mod_proxy_balancer XSS</name>
+ </b>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6421">CVE-2007-6421</a>
+ <p>
+A flaw was found in the mod_proxy_balancer module. On sites where
mod_proxy_balancer is enabled, a cross-site scripting attack against an
-authorized user is possible.</p>
-<p>Reported to security team: 12th December 2007</p>
-<p>Issue public: 2nd January 2008</p>
-<p>Update released: 19th January 2008</p>
-<p>Affected: 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
-</dd>
-<dt>moderate: <name name="CVE-2007-6388">mod_status XSS</name></dt>
-<dt><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388">*CVE-2007-6388</a></dt>
-<dd>
-<p>A flaw was found in the mod_status module. On sites where mod_status is
+authorized user is possible. </p>
+ </dd>
+ <dd>
+ Reported to security team: 12th December 2007<br/>
+ Issue public: 2nd January 2008<br/></dd>
+ <dd>
+ Update Released: 19th January 2008<br/></dd>
+ <dd>
+ Affects:
+ 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
+ <dd>
+ <b>moderate: </b>
+ <b>
+ <name name="CVE-2007-6388">mod_status XSS</name>
+ </b>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388">CVE-2007-6388</a>
+ <p>
+A flaw was found in the mod_status module. On sites where mod_status is
enabled and the status pages were publicly accessible, a cross-site
-scripting attack is possible. Note that the server-status page is not
-enabled by default and it is best practice to not make this publicly
-available.</p>
-<p>Reported to security team: 15th December 2007</p>
-<p>Issue public: 2nd January 2008</p>
-<p>Update released: 19th January 2008</p>
-<p>Affected: 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
-</dd>
-<dt>moderate: <name name="CVE-2007-5000">mod_imagemap XSS</name></dt>
-<dt><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000">CVE-2007-5000</a></dt>
-<dd>
-<p>A flaw was found in the mod_imagemap module. On sites where mod_imagemap is
-enabled and an imagemap file is publicly available, a cross-site scripting
-attack is possible.</p>
-<p>Reported to security team: 23rd October 2007</p>
-<p>Issue public: 11th December 2007</p>
-<p>Update released: 19th January 2008</p>
-<p>Affected: 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
-</dd>
-</dl>
-<h1 id="2.2.6">Fixed in Apache httpd 2.2.6</h1>
-<dl>
-<dt>moderate: <name name="CVE-2007-3847">mod_proxy crash</name></dt>
-<dt><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847">CVE-2007-3847</a></dt>
-<dd>
-<p>A flaw was found in the Apache HTTP Server mod_proxy module. On sites where
+scripting attack is possible.
+Note that the server-status page is not enabled by default and it is best practice to not make this publicly available.</p>
+ </dd>
+ <dd>
+ Reported to security team: 15th December 2007<br/>
+ Issue public: 2nd January 2008<br/></dd>
+ <dd>
+ Update Released: 19th January 2008<br/></dd>
+ <dd>
+ Affects:
+ 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
+ <dd>
+ <b>moderate: </b>
+ <b>
+ <name name="CVE-2007-5000">mod_imagemap XSS</name>
+ </b>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000">CVE-2007-5000</a>
+ <p>
+A flaw was found in the mod_imagemap module. On sites where
+mod_imagemap is enabled and an imagemap file is publicly available, a
+cross-site scripting attack is possible.</p>
+ </dd>
+ <dd>
+ Reported to security team: 23rd October 2007<br/>
+ Issue public: 11th December 2007<br/></dd>
+ <dd>
+ Update Released: 19th January 2008<br/></dd>
+ <dd>
+ Affects:
+ 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
+</dl><h1 id="2.2.6">
+Fixed in Apache httpd 2.2.6</h1><dl>
+ <dd>
+ <b>moderate: </b>
+ <b>
+ <name name="CVE-2007-3847">mod_proxy crash</name>
+ </b>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847">CVE-2007-3847</a>
+ <p>
+A flaw was found in the Apache HTTP Server mod_proxy module. On sites where
a reverse proxy is configured, a remote attacker could send a carefully
crafted request that would cause the Apache child process handling that
request to crash. On sites where a forward proxy is configured, an attacker
could cause a similar crash if a user could be persuaded to visit a
malicious site using the proxy. This could lead to a denial of service if
using a threaded Multi-Processing Module.</p>
-<p>Issue public: 10th December 2006</p>
-<p>Update released: 7th September 2007</p>
-<p>Affected: 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
-</dd>
-<dt>moderate: <name name="CVE-2006-5752">mod_status cross-site scripting</name></dt>
-<dt><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752">CVE-2006-5752</a></dt>
-<dd>
-<p>A flaw was found in the mod_status module. On sites where the server-status
-page is publicly accessible and ExtendedStatus is enabled this could lead
-to a cross-site scripting attack. Note that the server-status page is not
-enabled by default and it is best practice to not make this publicly
-available.</p>
-<p>Reported to security team: 19th October 2006</p>
-<p>Issue public: 20th June 2007</p>
-<p>Update released: 7th September 2007</p>
-<p>Affected: 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
-</dd>
-<dt>moderate: <name name="CVE-2007-3304">Signals to arbitrary processes</name></dt>
-<dt><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304">CVE-2007-3304</a></dt>
-<dd>
-<p>The Apache HTTP server did not verify that a process was an Apache child
-process before sending it signals. A local attacker with the ability to run
-scripts on the HTTP server could manipulate the scoreboard and cause
-arbitrary processes to be terminated which could lead to a denial of
-service.</p>
-<p>Reported to security team: 15th May 2006</p>
-<p>Issue public: 19th June 2007</p>
-<p>Update released: 7th September 2007</p>
-<p>Affected: 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
-</dd>
-<dt>moderate: <name name="CVE-2007-1862">mod_cache information leak</name></dt>
-<dt><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1862">CVE-2007-1862</a></dt>
-<dd>
-<p>The recall_headers function in mod_mem_cache in Apache 2.2.4 did not
-properly copy all levels of header data, which can cause Apache to return
-HTTP headers containing previously used data, which could be used by remote
-attackers to obtain potentially sensitive information.</p>
-<p>Reported to security team: 26th April 2007</p>
-<p>Issue public: 1st June 2007</p>
-<p>Update released: 7th September 2007</p>
-<p>Affected: 2.2.4</p>
-</dd>
-<dt>moderate: <name name="CVE-2007-1863">mod_cache proxy DoS</name></dt>
-<dt><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863">CVE-2007-1863</a></dt>
-<dd>
-<p>A bug was found in the mod_cache module. On sites where caching is enabled,
-a remote attacker could send a carefully crafted request that would cause
-the Apache child process handling that request to crash. This could lead to
-a denial of service if using a threaded Multi-Processing Module.</p>
-<p>Reported to security team: 2nd May 2007</p>
-<p>Issue public: 18th June 2007</p>
-<p>Update released: 7th September 2007</p>
-<p>Affected: 2.2.4, 2.2.3, 2.2.2, 2.2.0</p>
-</dd>
-</dl>
-<h1 id="2.2.3">Fixed in Apache httpd 2.2.3</h1>
-<dl>
-<dt><strong>important: <name name="CVE-2006-3747">mod_rewrite off-by-one error</name></strong></dt>
-<dt><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3747">CVE-2006-3747</a></dt>
-<dd>
-<p>An off-by-one flaw exists in the Rewrite module, mod_rewrite. Depending on
-the manner in which Apache httpd was compiled, this software defect may
-result in a vulnerability which, in combination with certain types of
-Rewrite rules in the web server configuration files, could be triggered
-remotely. For vulnerable builds, the nature of the vulnerability can be
-denial of service (crashing of web server processes) or potentially allow
-arbitrary code execution.</p>
-<p>Reported to security team: 21st July 2006</p>
-<p>Issue public: 27th July 2006</p>
-<p>Update released: 27th July 2006</p>
-<p>Affected: 2.2.2, 2.2.0</p>
-</dd>
-</dl>
-<h1 id="2.2.2">Fixed in Apache httpd 2.2.2</h1>
-<dl>
-<dt>low: <name name="CVE-2005-3357">mod_ssl access control DoS</name></dt>
-<dt><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3357">CVE-2005-3357</a></dt>
-<dd>
-<p>A NULL pointer dereference flaw in mod_ssl was discovered affecting server
+ </dd>
+ <dd>
+ Issue public: 10th December 2006<br/></dd>
+ <dd>
+ Update Released: 7th September 2007<br/></dd>
+ <dd>
+ Affects:
+ 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
+ <dd>
+ <b>moderate: </b>
+ <b>
+ <name name="CVE-2006-5752">mod_status cross-site scripting</name>
+ </b>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752">CVE-2006-5752</a>
+ <p>
+A flaw was found in the mod_status module. On sites where the
+server-status page is publicly accessible and ExtendedStatus is
+enabled this could lead to a cross-site scripting attack.
+Note that the server-status
+page is not enabled by default and it is best practice to not make
+this publicly available.</p>
+ </dd>
+ <dd>
+ Reported to security team: 19th October 2006<br/>
+ Issue public: 20th June 2007<br/></dd>
+ <dd>
+ Update Released: 7th September 2007<br/></dd>
+ <dd>
+ Affects:
+ 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
+ <dd>
+ <b>moderate: </b>
+ <b>
+ <name name="CVE-2007-3304">Signals to arbitrary processes</name>
+ </b>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304">CVE-2007-3304</a>
+ <p>The Apache HTTP server did not verify that a process
+was an Apache child process before sending it signals. A local
+attacker with the ability to run scripts on the HTTP server could
+manipulate the scoreboard and cause arbitrary processes to be
+terminated which could lead to a denial of service.</p>
+ </dd>
+ <dd>
+ Reported to security team: 15th May 2006<br/>
+ Issue public: 19th June 2007<br/></dd>
+ <dd>
+ Update Released: 7th September 2007<br/></dd>
+ <dd>
+ Affects:
+ 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
+ <dd>
+ <b>moderate: </b>
+ <b>
+ <name name="CVE-2007-1862">mod_cache information leak</name>
+ </b>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1862">CVE-2007-1862</a>
+ <p>The recall_headers function in mod_mem_cache in Apache 2.2.4 did not
+properly copy all levels of header data, which can cause Apache to
+return HTTP headers containing previously used data, which could be
+used by remote attackers to obtain potentially sensitive information.
+</p>
+ </dd>
+ <dd>
+ Reported to security team: 26th April 2007<br/>
+ Issue public: 1st June 2007<br/></dd>
+ <dd>
+ Update Released: 7th September 2007<br/></dd>
+ <dd>
+ Affects:
+ 2.2.4<p/></dd>
+ <dd>
+ <b>moderate: </b>
+ <b>
+ <name name="CVE-2007-1863">mod_cache proxy DoS</name>
+ </b>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863">CVE-2007-1863</a>
+ <p>A bug was found in the mod_cache module. On sites where
+caching is enabled, a remote attacker could send a carefully crafted
+request that would cause the Apache child process handling that request to
+crash. This could lead to a denial of service if using a threaded
+Multi-Processing Module.</p>
+ </dd>
+ <dd>
+ Reported to security team: 2nd May 2007<br/>
+ Issue public: 18th June 2007<br/></dd>
+ <dd>
+ Update Released: 7th September 2007<br/></dd>
+ <dd>
+ Affects:
+ 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
+</dl><h1 id="2.2.3">
+Fixed in Apache httpd 2.2.3</h1><dl>
+ <dd>
+ <b>important: </b>
+ <b>
+ <name name="CVE-2006-3747">mod_rewrite off-by-one error</name>
+ </b>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3747">CVE-2006-3747</a>
+ <p>
+An off-by-one flaw exists in the Rewrite module, mod_rewrite.
+Depending on the manner in which Apache httpd was compiled, this
+software defect may result in a vulnerability which, in combination
+with certain types of Rewrite rules in the web server configuration
+files, could be triggered remotely. For vulnerable builds, the nature
+of the vulnerability can be denial of service (crashing of web server
+processes) or potentially allow arbitrary code execution.
+</p>
+ </dd>
+ <dd>
+ Reported to security team: 21st July 2006<br/>
+ Issue public: 27th July 2006<br/></dd>
+ <dd>
+ Update Released: 27th July 2006<br/></dd>
+ <dd>
+ Affects:
+ 2.2.2, 2.2.0<p/></dd>
+</dl><h1 id="2.2.2">
+Fixed in Apache httpd 2.2.2</h1><dl>
+ <dd>
+ <b>low: </b>
+ <b>
+ <name name="CVE-2005-3357">mod_ssl access control DoS</name>
+ </b>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3357">CVE-2005-3357</a>
+ <p>
+A NULL pointer dereference flaw in mod_ssl was discovered affecting server
configurations where an SSL virtual host is configured with access control
and a custom 400 error document. A remote attacker could send a carefully
crafted request to trigger this issue which would lead to a crash. This
-crash would only be a denial of service if using the worker MPM.</p>
-<p>Reported to security team: 5th December 2005</p>
-<p>Issue public: 12th December 2005</p>
-<p>Update released: 1st May 2006</p>
-<p>Affected: 2.2.0</p>
-</dd>
-<dt>moderate: <name name="CVE-2005-3352">mod_imap Referer Cross-Site Scripting</name></dt>
-<dt><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352">CVE-2005-3352</a></dt>
-<dd>
-<p>A flaw in mod_imap when using the Referer directive with image maps. In
-certain site configurations a remote attacker could perform a cross-site
-scripting attack if a victim can be forced to visit a malicious URL using
-certain web browsers.</p>
-<p>Reported to security team: 1st November 2005</p>
-<p>Issue public: 12th December 2005</p>
-<p>Update released: 1st May 2006</p>
-<p>Affected: 2.2.0</p>
-</dd>
+crash would only be a denial of service if using the worker MPM.
+</p>
+ </dd>
+ <dd>
+ Reported to security team: 5th December 2005<br/>
+ Issue public: 12th December 2005<br/></dd>
+ <dd>
+ Update Released: 1st May 2006<br/></dd>
+ <dd>
+ Affects:
+ 2.2.0<p/></dd>
+ <dd>
+ <b>moderate: </b>
+ <b>
+ <name name="CVE-2005-3352">mod_imap Referer Cross-Site Scripting</name>
+ </b>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352">CVE-2005-3352</a>
+ <p>
+A flaw in mod_imap when using the Referer directive with image maps.
+In certain site configurations a remote attacker could perform a cross-site
+scripting attack if a victim can be forced to visit a malicious
+URL using certain web browsers.
+</p>
+ </dd>
+ <dd>
+ Reported to security team: 1st November 2005<br/>
+ Issue public: 12th December 2005<br/></dd>
+ <dd>
+ Update Released: 1st May 2006<br/></dd>
+ <dd>
+ Affects:
+ 2.2.0<p/></dd>
</dl>
-
+
<!-- FOOTER -->
<div id="footer">
Modified: websites/staging/httpd/trunk/content/security/vulnerabilities_24.html
==============================================================================
--- websites/staging/httpd/trunk/content/security/vulnerabilities_24.html (original)
+++ websites/staging/httpd/trunk/content/security/vulnerabilities_24.html Sat Jul 21 21:16:45 2012
@@ -5,7 +5,7 @@
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<link href="/css/apsite.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
<meta name="author" content="Documentation Group" /><meta name="email" content="docs@httpd.apache.org" />
- <title>Apache httpd 2.4 vulnerabilities - The Apache HTTP Server Project</title>
+ <title>httpd 2.4 vulnerabilities - The Apache HTTP Server Project</title>
</head>
<body>
@@ -72,39 +72,42 @@
<!-- RIGHT SIDE INFORMATION -->
<div id="apcontents">
-
- <h1 id="top">Apache httpd 2.4 vulnerabilities</h1>
-<p>This page lists all security vulnerabilities fixed in released versions of
-Apache httpd 2.4. Each vulnerability is given a security <a href="/security/impact_levels.html">impact
-rating</a> by the Apache security team - please
-note that this rating may well vary from platform to platform. We also list
-the versions of Apache httpd the flaw is known to affect, and where a flaw
-has not been verified list the version with a question mark.</p>
-<p>Please note that if a vulnerability is shown below as being fixed in a
-"-dev" release then this means that a fix has been applied to the
-development source tree and will be part of an upcoming full release.</p>
-<p>This page is created from a database of vulnerabilities originally
-populated by Apache Week. Please send comments or corrections for these
-vulnerabilities to the <a href="/security_report.html">Security Team</a>.</p>
-<p><em>The initial GA release, Apache httpd 2.4.1, includes fixes for all
-vulnerabilities which have been resolved in Apache httpd 2.2.22 and all
-older releases. Consult the <a href="vulnerabilities_22.html">Apache httpd 2.2 vulnerabilities
-list</a> for more information.</em> </p>
-<h1 id="2.4.2">Fixed in Apache httpd 2.4.2</h1>
-<dl>
-<dt><strong>low: <name name="CVE-2012-0883">insecure LD_LIBRARY_PATH handling</name> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0883">CVE-2012-0883</a></strong></dt>
-<dd>
-<p>Insecure handling of LD_LIBRARY_PATH was found that could lead to the
-current working directory to be searched for DSOs. This could allow a local
-user to execute code as root if an administrator runs apachectl from an
-untrusted directory.</p>
-<p><em>Reported to security team</em>: 14th February 2012<br/>
-<em>Issue public</em>: 2nd March 2012<br/>
-<em>Update released</em>: 17th April 2012<br/>
-<em>Affected</em>: 2.4.1<br/></p>
-</dd>
+ <h1 id="top">Apache httpd 2.4 vulnerabilities</h1><p>This page lists all security vulnerabilities fixed in released
+versions of Apache httpd 2.4. Each
+vulnerability is given a security <a href="/security/impact_levels.html">impact rating</a> by the Apache
+security team - please note that this rating may well vary from
+platform to platform. We also list the versions of Apache httpd the
+flaw is known to affect, and where a flaw has not been verified list
+the version with a question mark. </p><p> Please note that if a vulnerability is shown below as being fixed
+in a "-dev" release then this means that a fix has been applied to
+the development source tree and will be part of an upcoming full release.</p><p> This page is created from a database of vulnerabilities originally
+populated by Apache Week. Please send comments or corrections for
+these vulnerabilities to the <a href="/security_report.html">Security
+Team</a>. </p><p><em>The initial GA release, Apache httpd 2.4.1, includes fixes for all vulnerabilities which have been resolved in Apache httpd 2.2.22 and all older releases. Consult the <a href="vulnerabilities_22.html">Apache httpd 2.2 vulnerabilities list</a> for more information.</em></p><h1 id="2.4.2">
+Fixed in Apache httpd 2.4.2</h1><dl>
+ <dd>
+ <b>low: </b>
+ <b>
+ <name name="CVE-2012-0883">insecure LD_LIBRARY_PATH handling</name>
+ </b>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0883">CVE-2012-0883</a>
+ <p>
+Insecure handling of LD_LIBRARY_PATH was found that could
+lead to the current working directory to be searched for DSOs.
+This could allow a local user to execute code as root if an
+administrator runs apachectl from an untrusted directory.
+</p>
+ </dd>
+ <dd>
+ Reported to security team: 14th February 2012<br/>
+ Issue public: 2nd March 2012<br/></dd>
+ <dd>
+ Update Released: 17th April 2012<br/></dd>
+ <dd>
+ Affects:
+ 2.4.1<p/></dd>
</dl>
-
+
<!-- FOOTER -->
<div id="footer">