You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by bu...@apache.org on 2012/05/06 20:48:42 UTC
svn commit: r816110 [1/2] - in /websites/staging/httpd/trunk/content: ./
security/vulnerabilities_13.html security/vulnerabilities_20.html
Author: buildbot
Date: Sun May 6 18:48:41 2012
New Revision: 816110
Log:
Staging update by buildbot for httpd
Modified:
websites/staging/httpd/trunk/content/ (props changed)
websites/staging/httpd/trunk/content/security/vulnerabilities_13.html
websites/staging/httpd/trunk/content/security/vulnerabilities_20.html
Propchange: websites/staging/httpd/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Sun May 6 18:48:41 2012
@@ -1 +1 @@
-1334736
+1334737
Modified: websites/staging/httpd/trunk/content/security/vulnerabilities_13.html
==============================================================================
--- websites/staging/httpd/trunk/content/security/vulnerabilities_13.html (original)
+++ websites/staging/httpd/trunk/content/security/vulnerabilities_13.html Sun May 6 18:48:41 2012
@@ -5,7 +5,7 @@
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<link href="/css/apsite.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
<meta name="author" content="Documentation Group" /><meta name="email" content="docs@httpd.apache.org" />
- <title>Apache httpd 1.3 vulnerabilities - The Apache HTTP Server Project</title>
+ <title> - The Apache HTTP Server Project</title>
</head>
<body>
@@ -72,7 +72,690 @@
<!-- RIGHT SIDE INFORMATION -->
<div id="apcontents">
-
+ <p>Title: Apache httpd 1.3 vulnerabilities
+Notice: Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ .
+ http://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.</p>
+<h1 id="top">Apache httpd 1.3 vulnerabilities</h1>
+<p>This page lists all security vulnerabilities fixed in released versions of
+Apache httpd 1.3. Each vulnerability is given a security <a href="/security/impact_levels.html">impact
+rating</a> by the Apache security team - please
+note that this rating may well vary from platform to platform. We also list
+the versions of Apache httpd the flaw is known to affect, and where a flaw
+has not been verified list the version with a question mark.</p>
+<p>Please note that if a vulnerability is shown below as being fixed in a
+"-dev" release then this means that a fix has been applied to the
+development source tree and will be part of an upcoming full release.</p>
+<p>This page is created from a database of vulnerabilities originally
+populated by Apache Week. Please send comments or corrections for these
+vulnerabilities to the <a href="/security_report.html">Security Team</a>.</p>
+<h1 id="1.3-never">Not fixed in Apache httpd 1.3</h1>
+<dl>
+<dd><strong>moderate:</strong> <strong><name name="CVE-2011-3368">mod_proxy reverse proxy
+ exposure</name></strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368">CVE-2011-3368</a> </dd>
+</dl>
+<p>An exposure was found when using mod_proxy in reverse proxy mode. In
+certain configurations using RewriteRule with proxy flag, a remote attacker
+could cause the reverse proxy to connect to an arbitrary server, possibly
+disclosing sensitive information from internal web servers not directly
+accessible to attacker.</p>
+<p>No update of 1.3 will be released. Patches will be published to
+<a href="http://archive.apache.org/dist/httpd/patches/apply_to_1.3.42/">http://archive.apache.org/dist/httpd/patches/apply_to_1.3.42/</a> </p>
+<dl>
+<dt>Acknowledgements: This issue was reported by Context Information Security</dt>
+<dt>Ltd</dt>
+<dd>
+<p>Reported to security team: 16th September 2011<br></br>Issue public:
+ 5th October 2011<br></br></p>
+</dd>
+<dd>
+<p>Affected: 1.3.42, 1.3.41, 1.3.39, 1.3.37, 1.3.36, 1.3.35, 1.3.34,
+ 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24,
+ 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6,
+ 1.3.4, 1.3.3, 1.3.2</p>
+</dd>
+</dl>
+<h1 id="1.3.42">Fixed in Apache httpd 1.3.42</h1>
+<dl>
+<dd><strong>moderate:</strong> <strong><name name="CVE-2010-0010">mod_proxy overflow on
+ 64-bit systems</name></strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0010">CVE-2010-0010</a> </dd>
+<dt>An incorrect conversion between numeric types flaw was found in the</dt>
+<dt>mod_proxy module which affects some 64-bit architecture systems. A</dt>
+<dt>malicious HTTP server to which requests are being proxied could use this</dt>
+<dt>flaw to trigger a heap buffer overflow in an httpd child process via a</dt>
+<dt>carefully crafted response.</dt>
+<dd>
+<p>Reported to security team: 30th December 2009<br></br>Issue public:
+ 7th December 2010<br></br>Update released:
+ 3rd February 2010<br></br></p>
+</dd>
+<dd>
+<p>Affected: 1.3.41, 1.3.39, 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33,
+ 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22,
+ 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4,
+ 1.3.3, 1.3.2</p>
+</dd>
+</dl>
+<h1 id="1.3.41">Fixed in Apache httpd 1.3.41</h1>
+<dl>
+<dd><strong>moderate:</strong> <strong><name name="CVE-2007-6388">mod_status XSS</name></strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388">CVE-2007-6388</a> </dd>
+<dt>A flaw was found in the mod_status module. On sites where mod_status is</dt>
+<dt>enabled and the status pages were publicly accessible, a cross-site</dt>
+<dt>scripting attack is possible. Note that the server-status page is not</dt>
+<dt>enabled by default and it is best practice to not make this publicly</dt>
+<dt>available.</dt>
+<dd>
+<p>Reported to security team: 15th December 2007<br></br>Issue public:
+ 2nd January 2008<br></br>Update released:
+ 19th January 2008<br></br></p>
+</dd>
+<dd>
+<p>Affected: 1.3.39, 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32,
+ 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20,
+ 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3,
+ 1.3.2</p>
+</dd>
+<dd>
+<p><strong>moderate:</strong> <strong><name name="CVE-2007-5000">mod_imap XSS</name></strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000">CVE-2007-5000</a> </p>
+</dd>
+<dt>A flaw was found in the mod_imap module. On sites where mod_imap is enabled</dt>
+<dt>and an imagemap file is publicly available, a cross-site scripting attack</dt>
+<dt>is possible.</dt>
+<dd>
+<p>Reported to security team: 23rd October 2007<br></br>Issue public:
+ 11th December 2007<br></br>Update released:
+ 19th January 2008<br></br></p>
+</dd>
+<dd>
+<p>Affected: 1.3.39, 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32,
+ 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20,
+ 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3,
+ 1.3.2, 1.3.1, 1.3.0</p>
+</dd>
+</dl>
+<h1 id="1.3.39">Fixed in Apache httpd 1.3.39</h1>
+<dl>
+<dd><strong>moderate:</strong> <strong><name name="CVE-2006-5752">mod_status cross-site
+ scripting</name></strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752">CVE-2006-5752</a> </dd>
+<dt>A flaw was found in the mod_status module. On sites where the server-status</dt>
+<dt>page is publicly accessible and ExtendedStatus is enabled this could lead</dt>
+<dt>to a cross-site scripting attack. Note that the server-status page is not</dt>
+<dt>enabled by default and it is best practice to not make this publicly</dt>
+<dt>available.</dt>
+<dd>
+<p>Reported to security team: 19th October 2006<br></br>Issue public:
+ 20th June 2007<br></br>Update released:
+ 7th September 2007<br></br></p>
+</dd>
+<dd>
+<p>Affected: 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31,
+ 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19,
+ 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2</p>
+</dd>
+<dd>
+<p><strong>moderate:</strong> <strong><name name="CVE-2007-3304">Signals to arbitrary
+ processes</name></strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304">CVE-2007-3304</a> </p>
+</dd>
+<dt>The Apache HTTP server did not verify that a process was an Apache child</dt>
+<dt>process before sending it signals. A local attacker with the ability to run</dt>
+<dt>scripts on the HTTP server could manipulate the scoreboard and cause</dt>
+<dt>arbitrary processes to be terminated which could lead to a denial of</dt>
+<dt>service.</dt>
+<dd>
+<p>Reported to security team: 15th May 2006<br></br>Issue public:
+ 19th June 2007<br></br>Update released:
+ 7th September 2007<br></br></p>
+</dd>
+<dd>
+<p>Affected: 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31,
+ 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19,
+ 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2,
+ 1.3.1, 1.3.0</p>
+</dd>
+</dl>
+<h1 id="1.3.37">Fixed in Apache httpd 1.3.37</h1>
+<dl>
+<dd><strong>important:</strong> <strong><name name="CVE-2006-3747">mod_rewrite off-by-one
+ error</name></strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3747">CVE-2006-3747</a> </dd>
+<dt>An off-by-one flaw exists in the Rewrite module, mod_rewrite. Depending on</dt>
+<dt>the manner in which Apache httpd was compiled, this software defect may</dt>
+<dt>result in a vulnerability which, in combination with certain types of</dt>
+<dt>Rewrite rules in the web server configuration files, could be triggered</dt>
+<dt>remotely. For vulnerable builds, the nature of the vulnerability can be</dt>
+<dt>denial of service (crashing of web server processes) or potentially allow</dt>
+<dt>arbitrary code execution.</dt>
+<dd>
+<p>Reported to security team: 21st July 2006<br></br>Issue public:
+ 27th July 2006<br></br>Update released: 27th July 2006<br></br></p>
+</dd>
+<dd>
+<p>Affected: 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29,
+ 1.3.28</p>
+</dd>
+</dl>
+<h1 id="1.3.35">Fixed in Apache httpd 1.3.35</h1>
+<dl>
+<dd><strong>moderate:</strong> <strong><name name="CVE-2006-3918">Expect header Cross-Site
+ Scripting</name></strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3918">CVE-2006-3918</a> </dd>
+<dt>A flaw in the handling of invalid Expect headers. If an attacker can</dt>
+<dt>influence the Expect header that a victim sends to a target site they could</dt>
+<dt>perform a cross-site scripting attack. It is known that some versions of</dt>
+<dt>Flash can set an arbitrary Expect header which can trigger this flaw. Not</dt>
+<dt>marked as a security issue for 2.0 or 2.2 as the cross-site scripting is</dt>
+<dt>only returned to the victim after the server times out a connection.</dt>
+<dd>
+<p>Issue public: 8th May 2006<br></br>Update released:
+ 1st May 2006<br></br></p>
+</dd>
+<dd>
+<p>Affected: 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27,
+ 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12,
+ 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3</p>
+</dd>
+<dd>
+<p><strong>moderate:</strong> <strong><name name="CVE-2005-3352">mod_imap Referer
+ Cross-Site Scripting</name></strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352">CVE-2005-3352</a> </p>
+</dd>
+<dt>A flaw in mod_imap when using the Referer directive with image maps. In</dt>
+<dt>certain site configurations a remote attacker could perform a cross-site</dt>
+<dt>scripting attack if a victim can be forced to visit a malicious URL using</dt>
+<dt>certain web browsers.</dt>
+<dd>
+<p>Reported to security team: 1st November 2005<br></br>Issue public:
+ 12th December 2005<br></br>Update released: 1st May 2006<br></br></p>
+</dd>
+<dd>
+<p>Affected: 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27,
+ 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12,
+ 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0</p>
+</dd>
+</dl>
+<h1 id="1.3.33">Fixed in Apache httpd 1.3.33</h1>
+<dl>
+<dd><strong>moderate:</strong> <strong><name name="CVE-2004-0940">mod_include
+ overflow</name></strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0940">CVE-2004-0940</a> </dd>
+<dt>A buffer overflow in mod_include could allow a local user who is authorised</dt>
+<dt>to create server side include (SSI) files to gain the privileges of a httpd</dt>
+<dt>child.</dt>
+<dd>
+<p>Issue public: 21st October 2004<br></br>Update released:
+ 28th October 2004<br></br></p>
+</dd>
+<dd>
+<p>Affected: 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24,
+ 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6,
+ 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0</p>
+</dd>
+</dl>
+<h1 id="1.3.32">Fixed in Apache httpd 1.3.32</h1>
+<dl>
+<dd><strong>moderate:</strong> <strong><name name="CVE-2004-0492">mod_proxy buffer
+ overflow</name></strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0492">CVE-2004-0492</a> </dd>
+<dt>A buffer overflow was found in the Apache proxy module, mod_proxy, which</dt>
+<dt>can be triggered by receiving an invalid Content-Length header. In order to</dt>
+<dt>exploit this issue an attacker would need to get an Apache installation</dt>
+<dt>that was configured as a proxy to connect to a malicious site. This would</dt>
+<dt>cause the Apache child processing the request to crash, although this does</dt>
+<dt>not represent a significant Denial of Service attack as requests will</dt>
+<dt>continue to be handled by other Apache child processes. This issue may lead</dt>
+<dt>to remote arbitrary code execution on some BSD platforms.</dt>
+<dd>
+<p>Reported to security team: 8th June 2003<br></br>Issue public:
+ 10th June 2003<br></br>Update released: 20th October 2004<br></br></p>
+</dd>
+<dd>
+<p>Affected: 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26</p>
+</dd>
+</dl>
+<h1 id="1.3.31">Fixed in Apache httpd 1.3.31</h1>
+<dl>
+<dd><strong>important:</strong> <strong><name name="CVE-2004-0174">listening socket
+ starvation</name></strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0174">CVE-2004-0174</a> </dd>
+<dt>A starvation issue on listening sockets occurs when a short-lived</dt>
+<dt>connection on a rarely-accessed listening socket will cause a child to hold</dt>
+<dt>the accept mutex and block out new connections until another connection</dt>
+<dt>arrives on that rarely-accessed listening socket. This issue is known to</dt>
+<dt>affect some versions of AIX, Solaris, and Tru64; it is known to not affect</dt>
+<dt>FreeBSD or Linux.</dt>
+<dd>
+<p>Reported to security team: 25th February 2004<br></br>Issue public:
+ 18th March 2004<br></br>Update released: 12th May 2004<br></br></p>
+</dd>
+<dd>
+<p>Affected: 1.3.29, 1.3.28?, 1.3.27?, 1.3.26?, 1.3.24?, 1.3.22?,
+ 1.3.20?, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?, 1.3.6?,
+ 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?</p>
+</dd>
+<dd>
+<p><strong>important:</strong> <strong><name name="CVE-2003-0993">Allow/Deny parsing on
+ big-endian 64-bit platforms</name></strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0993">CVE-2003-0993</a> </p>
+</dd>
+<dt>A bug in the parsing of Allow/Deny rules using IP addresses without a</dt>
+<dt>netmask on big-endian 64-bit platforms causes the rules to fail to match.</dt>
+<dd>
+<p>Issue public: 15th October 2003<br></br>Update released:
+ 12th May 2004<br></br></p>
+</dd>
+<dd>
+<p>Affected: 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20,
+ 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3,
+ 1.3.2, 1.3.1, 1.3.0</p>
+</dd>
+<dd>
+<p><strong>low:</strong> <strong><name name="CVE-2003-0020">Error log escape
+ filtering</name></strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0020">CVE-2003-0020</a> </p>
+</dd>
+<dt>Apache does not filter terminal escape sequences from error logs, which</dt>
+<dt>could make it easier for attackers to insert those sequences into terminal</dt>
+<dt>emulators containing vulnerabilities related to escape sequences.</dt>
+<dd>
+<p>Issue public: 24th February 2003<br></br>Update released:
+ 12th May 2004<br></br></p>
+</dd>
+<dd>
+<p>Affected: 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20,
+ 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3,
+ 1.3.2, 1.3.1, 1.3.0</p>
+</dd>
+<dd>
+<p><strong>low:</strong> <strong><name name="CVE-2003-0987">mod_digest nonce
+ checking</name></strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0987">CVE-2003-0987</a> </p>
+</dd>
+<dt>mod_digest does not properly verify the nonce of a client response by using</dt>
+<dt>a AuthNonce secret. This could allow a malicious user who is able to sniff</dt>
+<dt>network traffic to conduct a replay attack against a website using Digest</dt>
+<dt>protection. Note that mod_digest implements an older version of the MD5</dt>
+<dt>Digest Authentication specification which is known not to work with modern</dt>
+<dt>browsers. This issue does not affect mod_auth_digest.</dt>
+<dd>
+<p>Issue public: 18th December 2003<br></br>Update released:
+ 12th May 2004<br></br></p>
+</dd>
+<dd>
+<p>Affected: 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20,
+ 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3,
+ 1.3.2, 1.3.1, 1.3.0</p>
+</dd>
+</dl>
+<h1 id="1.3.29">Fixed in Apache httpd 1.3.29</h1>
+<dl>
+<dd><strong>low:</strong> <strong><name name="CVE-2003-0542">Local configuration regular
+ expression overflow</name></strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0542">CVE-2003-0542</a> </dd>
+<dt>By using a regular expression with more than 9 captures a buffer overflow</dt>
+<dt>can occur in mod_alias or mod_rewrite. To exploit this an attacker would</dt>
+<dt>need to be able to create a carefully crafted configuration file (.htaccess</dt>
+<dt>or httpd.conf)</dt>
+<dd>
+<p>Reported to security team: 4th August 2003<br></br>Issue public:
+ 27th October 2003<br></br>Update released:
+ 27th October 2003<br></br></p>
+</dd>
+<dd>
+<p>Affected: 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19,
+ 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2,
+ 1.3.1, 1.3.0</p>
+</dd>
+</dl>
+<h1 id="1.3.28">Fixed in Apache httpd 1.3.28</h1>
+<dl>
+<dd><strong>important:</strong> <strong><name name="CVE-2003-0460">RotateLogs DoS</name></strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0460">CVE-2003-0460</a> </dd>
+<dt>The rotatelogs support program on Win32 and OS/2 would quit logging and</dt>
+<dt>exit if it received special control characters such as 0x1A.</dt>
+<dd>
+<p>Reported to security team: 4th July 2003<br></br>Issue public:
+ 18th July 2003<br></br>Update released: 18th July 2003<br></br></p>
+</dd>
+<dd>
+<p>Affected: 1.3.27, 1.3.26?, 1.3.24?, 1.3.22?, 1.3.20?, 1.3.19?,
+ 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?,
+ 1.3.2?, 1.3.1?, 1.3.0?</p>
+</dd>
+</dl>
+<h1 id="1.3.27">Fixed in Apache httpd 1.3.27</h1>
+<dl>
+<dd><strong>important:</strong> <strong><name name="CVE-2002-0843">Buffer overflows in ab
+ utility</name></strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0843">CVE-2002-0843</a> </dd>
+<dt>Buffer overflows in the benchmarking utility ab could be exploited if ab is</dt>
+<dt>run against a malicious server</dt>
+<dd>
+<p>Reported to security team: 23rd September 2002<br></br>Issue public:
+ 3rd October 2002<br></br>Update released:
+ 3rd October 2002<br></br></p>
+</dd>
+<dd>
+<p>Affected: 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14,
+ 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0</p>
+</dd>
+<dd>
+<p><strong>important:</strong> <strong><name name="CVE-2002-0839">Shared memory
+ permissions lead to local privilege escalation</name></strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0839">CVE-2002-0839</a> </p>
+</dd>
+<dt>The permissions of the shared memory used for the scoreboard allows an</dt>
+<dt>attacker who can execute under the Apache UID to send a signal to any</dt>
+<dt>process as root or cause a local denial of service attack.</dt>
+<dd>
+<p>Reported to security team: 11th November 2001<br></br>Issue public:
+ 3rd October 2002<br></br>Update released:
+ 3rd October 2002<br></br></p>
+</dd>
+<dd>
+<p>Affected: 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14,
+ 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0</p>
+</dd>
+<dd>
+<p><strong>low:</strong> <strong><name name="CVE-2002-0840">Error page XSS using wildcard
+ DNS</name></strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0840">CVE-2002-0840</a> </p>
+</dd>
+<dt>Cross-site scripting (XSS) vulnerability in the default error page of</dt>
+<dt>Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is</dt>
+<dt>"Off" and support for wildcard DNS is present, allows remote attackers to</dt>
+<dt>execute script as other web page visitors via the Host: header.</dt>
+<dd>
+<p>Reported to security team: 20th September 2002<br></br>Issue public:
+ 2nd October 2002<br></br>Update released:
+ 3rd October 2002<br></br></p>
+</dd>
+<dd>
+<p>Affected: 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14,
+ 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0</p>
+</dd>
+</dl>
+<h1 id="1.3.26">Fixed in Apache httpd 1.3.26</h1>
+<dl>
+<dd><strong>critical:</strong> <strong><name name="CVE-2002-0392">Apache Chunked encoding
+ vulnerability</name></strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0392">CVE-2002-0392</a> </dd>
+<dt>Requests to all versions of Apache 1.3 can cause various effects ranging</dt>
+<dt>from a relatively harmless increase in system resources through to denial</dt>
+<dt>of service attacks and in some cases the ability to be remotely exploited.</dt>
+<dd>
+<p>Reported to security team: 27th May 2002<br></br>Issue public:
+ 17th June 2002<br></br>Update released: 18th June 2002<br></br></p>
+</dd>
+<dd>
+<p>Affected: 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12,
+ 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0</p>
+</dd>
+<dd>
+<p><strong>low:</strong> <strong><name name="CVE-2003-0083">Filtered escape
+ sequences</name></strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0083">CVE-2003-0083</a> </p>
+</dd>
+<dt>Apache does not filter terminal escape sequences from its access logs,</dt>
+<dt>which could make it easier for attackers to insert those sequences into</dt>
+<dt>terminal emulators containing vulnerabilities related to escape sequences,</dt>
+<dd>
+<p>Issue public: 24th February 2003<br></br>Update released:
+ 18th June 2002<br></br></p>
+</dd>
+<dd>
+<p>Affected: 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12,
+ 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0</p>
+</dd>
+</dl>
+<h1 id="1.3.24">Fixed in Apache httpd 1.3.24</h1>
+<dl>
+<dd><strong>critical:</strong> <strong><name name="CVE-2002-0061">Win32 Apache Remote
+ command execution</name></strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0061">CVE-2002-0061</a> </dd>
+<dt>Apache for Win32 before 1.3.24 and 2.0.34-beta allows remote attackers to</dt>
+<dt>execute arbitrary commands via parameters passed to batch file CGI scripts.</dt>
+<dd>
+<p>Update released: 22nd March 2002<br></br></p>
+</dd>
+<dd>
+<p>Affected: 1.3.22, 1.3.20?, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?,
+ 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?</p>
+</dd>
+</dl>
+<h1 id="1.3.22">Fixed in Apache httpd 1.3.22</h1>
+<dl>
+<dd><strong>important:</strong> <strong><name name="CVE-2001-0729">Requests can cause
+ directory listing to be displayed</name></strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0729">CVE-2001-0729</a> </dd>
+<dt>A vulnerability was found in the Win32 port of Apache 1.3.20. A client</dt>
+<dt>submitting a very long URI could cause a directory listing to be returned</dt>
+<dt>rather than the default index page.</dt>
+<dd>
+<p>Reported to security team: 18th September 2001<br></br>Issue public:
+ 28th September 2001<br></br>Update released:
+ 12th October 2001<br></br></p>
+</dd>
+<dd>
+<p>Affected: 1.3.20</p>
+</dd>
+<dd>
+<p><strong>important:</strong> <strong><name name="CVE-2001-0731">Multiviews can cause a
+ directory listing to be displayed</name></strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0731">CVE-2001-0731</a> </p>
+</dd>
+<dt>A vulnerability was found when<directive>Multiviews</directive>are used to</dt>
+<dt>negotiate the directory index. In some configurations, requesting a URI</dt>
+<dt>with a<samp>QUERY_STRING</samp>of<samp>M=D</samp>could return a directory</dt>
+<dt>listing rather than the expected index page.</dt>
+<dd>
+<p>Issue public: 9th July 2001<br></br>Update released:
+ 12th October 2001<br></br></p>
+</dd>
+<dd>
+<p>Affected: 1.3.20, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?,
+ 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?</p>
+</dd>
+<dd>
+<p><strong>moderate:</strong> <strong><name name="CVE-2001-0730">split-logfile can cause
+ arbitrary log files to be written to</name></strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0730">CVE-2001-0730</a> </p>
+</dd>
+<dt>A vulnerability was found in the<samp>split-logfile</samp>support program.</dt>
+<dt>A request with a specially crafted<samp>Host:</samp>header could allow any</dt>
+<dt>file with a<samp>.log</samp>extension on the system to be written to.</dt>
+<dd>
+<p>Issue public: 28th September 2001<br></br>Update released:
+ 12th October 2001<br></br></p>
+</dd>
+<dd>
+<p>Affected: 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9,
+ 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0</p>
+</dd>
+</dl>
+<h1 id="1.3.20">Fixed in Apache httpd 1.3.20</h1>
+<dl>
+<dd><strong>important:</strong> <strong><name name="CVE-2001-1342">Denial of service attack
+ on Win32 and OS2</name></strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1342">CVE-2001-1342</a> </dd>
+<dt>A vulnerability was found in the Win32 and OS2 ports of Apache 1.3. A</dt>
+<dt>client submitting a carefully constructed URI could cause a General</dt>
+<dt>Protection Fault in a child process, bringing up a message box which would</dt>
+<dt>have to be cleared by the operator to resume operation. This vulnerability</dt>
+<dt>introduced no identified means to compromise the server other than</dt>
+<dt>introducing a possible denial of service.</dt>
+<dd>
+<p>Update released: 22nd May 2001<br></br></p>
+</dd>
+<dd>
+<p>Affected: 1.3.20, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?,
+ 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?</p>
+</dd>
+</dl>
+<h1 id="1.3.19">Fixed in Apache httpd 1.3.19</h1>
+<dl>
+<dd><strong>important:</strong> <strong><name name="CVE-2001-0925">Requests can cause
+ directory listing to be displayed</name></strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0925">CVE-2001-0925</a> </dd>
+<dt>The default installation can</dt>
+<dt>lead<samp>mod_negotiation</samp>and<samp>mod_dir</samp>or<samp>mod_autoindex</samp>to</dt>
+<dt>display a directory listing instead of the multiview index.html file if a</dt>
+<dt>very long path was created artificially by using many slashes.</dt>
+<dd>
+<p>Update released: 28th February 2001<br></br></p>
+</dd>
+<dd>
+<p>Affected: 1.3.17, 1.3.14, 1.3.12, 1.3.11</p>
+</dd>
+</dl>
+<h1 id="1.3.14">Fixed in Apache httpd 1.3.14</h1>
+<dl>
+<dd><strong>important:</strong> <strong><name name="CVE-2000-0913">Rewrite rules that
+ include references allow access to any file</name></strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0913">CVE-2000-0913</a> </dd>
+<dt>The Rewrite module,<samp>mod_rewrite</samp>, can allow access to any file</dt>
+<dt>on the web server. The vulnerability occurs only with certain specific</dt>
+<dt>cases of using regular expression references</dt>
+<dt>in<samp>RewriteRule</samp>directives: If the destination of</dt>
+<dt>a<samp>RewriteRule</samp>contains regular expression references then an</dt>
+<dt>attacker will be able to access any file on the server.</dt>
+<dd>
+<p>Issue public: 29th September 2000<br></br>Update released:
+ 13th October 2000<br></br></p>
+</dd>
+<dd>
+<p>Affected: 1.3.12, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?,
+ 1.3.1?, 1.3.0?</p>
+</dd>
+<dd>
+<p><strong>important:</strong> <strong><name name="CVE-2000-1204">Mass virtual hosting can
+ display CGI source</name></strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1204">CVE-2000-1204</a> </p>
+</dd>
+<dt>A security problem for users of the mass virtual hosting</dt>
+<dt>module,<samp>mod_vhost_alias</samp>, causes the source to a CGI to be sent</dt>
+<dt>if the<samp>cgi-bin</samp>directory is under the document root. However, it</dt>
+<dt>is not normal to have your cgi-bin directory under a document root.</dt>
+<dd>
+<p>Update released: 13th October 2000<br></br></p>
+</dd>
+<dd>
+<p>Affected: 1.3.12, 1.3.11, 1.3.9</p>
+</dd>
+<dd>
+<p><strong>moderate:</strong> <strong><name name="CVE-2000-0505">Requests can cause
+ directory listing to be displayed on NT</name></strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0505">CVE-2000-0505</a> </p>
+</dd>
+<dt>A security hole on Apache for Windows allows a user to view the listing of</dt>
+<dt>a directory instead of the default HTML page by sending a carefully</dt>
+<dt>constructed request.</dt>
+<dd>
+<p>Update released: 13th October 2000<br></br></p>
+</dd>
+<dd>
+<p>Affected: 1.3.12, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?,
+ 1.3.1?, 1.3.0?</p>
+</dd>
+</dl>
+<h1 id="1.3.12">Fixed in Apache httpd 1.3.12</h1>
+<dl>
+<dd><strong>important:</strong> <strong><name name="CVE-2000-1205">Cross-site scripting can
+ reveal private session information</name></strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1205">CVE-2000-1205</a> </dd>
+<dt>Apache was vulnerable to cross site scripting issues. It was shown that</dt>
+<dt>malicious HTML tags can be embedded in client web requests if the server or</dt>
+<dt>script handling the request does not carefully encode all information</dt>
+<dt>displayed to the user. Using these vulnerabilities attackers could, for</dt>
+<dt>example, obtain copies of your private cookies used to authenticate you to</dt>
+<dt>other sites.</dt>
+<dd>
+<p>Update released: 25th February 2000<br></br></p>
+</dd>
+<dd>
+<p>Affected: 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0</p>
+</dd>
+</dl>
+<h1 id="1.3.11">Fixed in Apache httpd 1.3.11</h1>
+<dl>
+<dd><strong>moderate:</strong> <strong><name name="CVE-2000-1206">Mass virtual hosting
+ security issue</name></strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1206">CVE-2000-1206</a> </dd>
+<dt>A security problem can occur for sites using mass name-based virtual</dt>
+<dt>hosting (using the new<samp>mod_vhost_alias</samp>module) or with</dt>
+<dt>special<samp>mod_rewrite</samp>rules.</dt>
+<dd>
+<p>Update released: 21st January 2000<br></br></p>
+</dd>
+<dd>
+<p>Affected: 1.3.9, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?</p>
+</dd>
+</dl>
+<h1 id="1.3.4">Fixed in Apache httpd 1.3.4</h1>
+<dl>
+<dd><strong>important:</strong> <strong><name name="">Denial of service attack on
+ Win32</name></strong> </dd>
+<dt>There have been a number of important security fixes to Apache on Windows.</dt>
+<dt>The most important is that there is much better protection against people</dt>
+<dt>trying to access special DOS device names (such as "nul").</dt>
+<dd>
+<p>Update released: 11th January 1999<br></br></p>
+</dd>
+<dd>
+<p>Affected: 1.3.3, 1.3.2, 1.3.1, 1.3.0</p>
+</dd>
+</dl>
+<h1 id="1.3.2">Fixed in Apache httpd 1.3.2</h1>
+<dl>
+<dd><strong>important:</strong> <strong><name name="CVE-1999-1199">Multiple header Denial
+ of Service vulnerability</name></strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1199">CVE-1999-1199</a> </dd>
+<dt>A serious problem exists when a client sends a large number of headers with</dt>
+<dt>the same header name. Apache uses up memory faster than the amount of</dt>
+<dt>memory required to simply store the received data itself. That is, memory</dt>
+<dt>use increases faster and faster as more headers are received, rather than</dt>
+<dt>increasing at a constant rate. This makes a denial of service attack based</dt>
+<dt>on this method more effective than methods which cause Apache to use memory</dt>
+<dt>at a constant rate, since the attacker has to send less data.</dt>
+<dd>
+<p>Update released: 23rd September 1998<br></br></p>
+</dd>
+<dd>
+<p>Affected: 1.3.1, 1.3.0</p>
+</dd>
+<dd>
+<p><strong>important:</strong> <strong><name name="">Denial of service attacks</name></strong>
+Apache 1.3.2 has better protection against denial of service attacks. These
+are when people make excessive requests to the server to try and prevent
+other people using it. In 1.3.2 there are several new directives which can
+limit the size of requests (these directives all start with the
+word<SAMP>Limit</SAMP>).</p>
+</dd>
+<dd>
+<p>Update released: 23rd September 1998<br></br></p>
+</dd>
+<dd>
+<p>Affected: 1.3.1, 1.3.0</p>
+</dd>
+</dl>
<!-- FOOTER -->