You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by hu...@apache.org on 2012/05/06 20:47:32 UTC
svn commit: r1334736 [2/2] - in /httpd/site/trunk/content/security:
vulnerabilities_13.mdtext vulnerabilities_13.xml vulnerabilities_20.mdtext
vulnerabilities_20.xml
Copied: httpd/site/trunk/content/security/vulnerabilities_20.mdtext (from r1334734, httpd/site/trunk/content/security/vulnerabilities_20.xml)
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/security/vulnerabilities_20.mdtext?p2=httpd/site/trunk/content/security/vulnerabilities_20.mdtext&p1=httpd/site/trunk/content/security/vulnerabilities_20.xml&r1=1334734&r2=1334736&rev=1334736&view=diff
==============================================================================
--- httpd/site/trunk/content/security/vulnerabilities_20.xml (original)
+++ httpd/site/trunk/content/security/vulnerabilities_20.mdtext Sun May 6 18:47:31 2012
@@ -1,1606 +1,982 @@
-<?xml version="1.0" encoding="ISO-8859-1"?>
-<document>
-<properties>
-<author email="security@httpd.apache.org">Apache HTTP Server Security Team</author>
-<title>Apache httpd 2.0 vulnerabilities</title>
-</properties>
-<body>
-<section id="top">
-<title>Apache httpd 2.0 vulnerabilities</title>
-<p>This page lists all security vulnerabilities fixed in released
-versions of Apache httpd 2.0. Each
-vulnerability is given a security <a href="/security/impact_levels.html">impact rating</a> by the Apache
-security team - please note that this rating may well vary from
-platform to platform. We also list the versions of Apache httpd the
-flaw is known to affect, and where a flaw has not been verified list
-the version with a question mark. </p>
-<p> Please note that if a vulnerability is shown below as being fixed
-in a "-dev" release then this means that a fix has been applied to
-the development source tree and will be part of an upcoming full release.</p>
-<p> This page is created from a database of vulnerabilities originally
-populated by Apache Week. Please send comments or corrections for
-these vulnerabilities to the <a href="/security_report.html">Security
-Team</a>. </p>
-</section>
-<section id="2.0.65-dev">
-<title>
-Fixed in Apache httpd 2.0.65-dev</title>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2011-3192">Range header remote DoS</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192">CVE-2011-3192</a>
-<p>
+Title: Apache httpd 2.0 vulnerabilities
+Notice: Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ .
+ http://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+
+# Apache httpd 2.0 vulnerabilities # {#top}
+
+This page lists all security vulnerabilities fixed in released versions of
+Apache httpd 2.0. Each vulnerability is given a security [impact
+rating](/security/impact_levels.html) by the Apache security team - please
+note that this rating may well vary from platform to platform. We also list
+the versions of Apache httpd the flaw is known to affect, and where a flaw
+has not been verified list the version with a question mark.
+
+Please note that if a vulnerability is shown below as being fixed in a
+"-dev" release then this means that a fix has been applied to the
+development source tree and will be part of an upcoming full release.
+
+This page is created from a database of vulnerabilities originally
+populated by Apache Week. Please send comments or corrections for these
+vulnerabilities to the [Security Team](/security_report.html).
+
+# Fixed in Apache httpd 2.0.65-dev # {#2.0.65-dev}
+
+: **important:** **<name name="CVE-2011-3192">Range header remote
+ DoS</name>**
+ [CVE-2011-3192](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192)
A flaw was found in the way the Apache HTTP Server handled Range HTTP
-headers. A remote attacker could use this flaw to cause httpd to use
-an excessive amount of memory and CPU time via HTTP requests with a
-specially-crafted Range header. This could be used in a denial of
-service attack. </p>
-<p>
-Advisory: <a href="CVE-2011-3192.txt">CVE-2011-3192.txt</a>
-</p>
-</dd>
-<dd>
- Issue public: 20th August 2011<br/>
- Update released: 30th August 2011<br/>
-</dd>
-<dd>
- Affected:
- 2.0.64, 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
-</dd>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2011-3368">mod_proxy reverse proxy exposure</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368">CVE-2011-3368</a>
-<p>
-An exposure was found when using mod_proxy in reverse proxy mode.
-In certain configurations using RewriteRule with proxy flag or
-ProxyPassMatch, a remote attacker could cause the reverse proxy to
-connect to an arbitrary server, possibly disclosing sensitive
-information from internal web servers not directly accessible to
-attacker.</p>
-</dd>
-<dd>
-<p>Acknowledgements:
-This issue was reported by Context Information Security Ltd
-</p>
-</dd>
-<dd>
- Reported to security team: 16th September 2011<br/>
- Issue public: 5th October 2011<br/>
-</dd>
-<dd>
- Affected:
- 2.0.64, 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
-</dd>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2011-0419">apr_fnmatch flaw leads to mod_autoindex remote DoS</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0419">CVE-2011-0419</a>
-<p>
-A flaw was found in the apr_fnmatch() function of the bundled APR
-library. Where mod_autoindex is enabled, and a directory indexed by
-mod_autoindex contained files with sufficiently long names, a
-remote attacker could send a carefully crafted request which would
-cause excessive CPU usage. This could be used in a denial of service
+headers. A remote attacker could use this flaw to cause httpd to use an
+excessive amount of memory and CPU time via HTTP requests with a
+specially-crafted Range header. This could be used in a denial of service
attack.
-</p>
-<p>
+
+Advisory: [CVE-2011-3192.txt](CVE-2011-3192.txt)
+
+: Issue public: 20th August 2011<br></br>Update released:
+ 30th August 2011<br></br>
+: Affected: 2.0.64, 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54,
+ 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46,
+ 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
+
+: **moderate:** **<name name="CVE-2011-3368">mod_proxy reverse proxy
+ exposure</name>**
+ [CVE-2011-3368](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368)
+An exposure was found when using mod_proxy in reverse proxy mode. In
+certain configurations using RewriteRule with proxy flag or ProxyPassMatch,
+a remote attacker could cause the reverse proxy to connect to an arbitrary
+server, possibly disclosing sensitive information from internal web servers
+not directly accessible to attacker.
+
+Acknowledgements: This issue was reported by Context Information Security
+Ltd
+
+: Reported to security team: 16th September 2011<br></br>Issue public:
+ 5th October 2011<br></br>
+: Affected: 2.0.64, 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54,
+ 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46,
+ 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
+
+: **moderate:** **<name name="CVE-2011-0419">apr_fnmatch flaw leads to
+ mod_autoindex remote DoS</name>**
+ [CVE-2011-0419](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0419)
+A flaw was found in the apr_fnmatch() function of the bundled APR library.
+Where mod_autoindex is enabled, and a directory indexed by mod_autoindex
+contained files with sufficiently long names, a remote attacker could send
+a carefully crafted request which would cause excessive CPU usage. This
+could be used in a denial of service attack.
+
Workaround: Setting the 'IgnoreClient' option to the 'IndexOptions'
directive disables processing of the client-supplied request query
arguments, preventing this attack.
-</p>
-<p>
+
Resolution: Update APR to release 0.9.20 (to be bundled with httpd 2.0.65)
-</p>
-</dd>
-<dd>
-<p>Acknowledgements:
-This issue was reported by Maksymilian Arciemowicz
-</p>
-</dd>
-<dd>
- Reported to security team: 2nd March 2011<br/>
- Issue public: 10th May 2011<br/>
- Update released: 21st May 2011<br/>
-</dd>
-<dd>
- Affected:
- 2.0.64, 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
-</dd>
-</dl>
-</section>
-<section id="2.0.64">
-<title>
-Fixed in Apache httpd 2.0.64</title>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2010-0425">mod_isapi module unload flaw</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0425">CVE-2010-0425</a>
-<p>
-A flaw was found with within mod_isapi which would attempt to unload the ISAPI dll when it
-encountered various error states. This could leave the callbacks in an
-undefined state and result in a segfault. On Windows platforms using mod_isapi, a
-remote attacker could send a malicious request to trigger this issue, and as win32 MPM runs only one
-process, this would result in a denial of service, and potentially allow
-arbitrary code execution.
-</p>
-</dd>
-<dd>
-<p>Acknowledgements:
-We would like to thank Brett Gervasoni of Sense of Security for reporting and
-proposing a patch fix for this issue.
-</p>
-</dd>
-<dd>
- Reported to security team: 9th February 2010<br/>
- Issue public: 2nd March 2010<br/>
- Update released: 19th October 2010<br/>
-</dd>
-<dd>
- Affected:
- 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37<p/>
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2009-3720">expat DoS</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720">CVE-2009-3720</a>
-<p>
-A buffer over-read flaw was found in the bundled expat
-library. An attacker who is able to get Apache to parse
-an untrused XML document (for example through mod_dav) may
-be able to cause a crash. This crash would only
-be a denial of service if using the worker MPM.
-</p>
-</dd>
-<dd>
- Reported to security team: 21st August 2009<br/>
- Issue public: 17th January 2009<br/>
- Update released: 19th October 2010<br/>
-</dd>
-<dd>
- Affected:
- 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2009-3560">expat DoS</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560">CVE-2009-3560</a>
-<p>
-A buffer over-read flaw was found in the bundled expat
-library. An attacker who is able to get Apache to parse
-an untrused XML document (for example through mod_dav) may
-be able to cause a crash. This crash would only
-be a denial of service if using the worker MPM.
-</p>
-</dd>
-<dd>
- Issue public: 2nd December 2009<br/>
- Update released: 19th October 2010<br/>
-</dd>
-<dd>
- Affected:
- 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2010-1623">apr_bridage_split_line DoS</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1623">CVE-2010-1623</a>
-<p>
+
+Acknowledgements: This issue was reported by Maksymilian Arciemowicz
+
+: Reported to security team: 2nd March 2011<br></br>Issue public:
+ 10th May 2011<br></br>Update released: 21st May 2011<br></br>
+: Affected: 2.0.64, 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54,
+ 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46,
+ 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
+
+# Fixed in Apache httpd 2.0.64 # {#2.0.64}
+
+: **important:** **<name name="CVE-2010-0425">mod_isapi module unload
+ flaw</name>**
+ [CVE-2010-0425](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0425)
+A flaw was found with within mod_isapi which would attempt to unload the
+ISAPI dll when it encountered various error states. This could leave the
+callbacks in an undefined state and result in a segfault. On Windows
+platforms using mod_isapi, a remote attacker could send a malicious request
+to trigger this issue, and as win32 MPM runs only one process, this would
+result in a denial of service, and potentially allow arbitrary code
+execution.
+
+Acknowledgements: We would like to thank Brett Gervasoni of Sense of
+Security for reporting and proposing a patch fix for this issue.
+
+: Reported to security team: 9th February 2010<br></br>Issue public:
+ 2nd March 2010<br></br>Update released: 19th October 2010<br></br>
+: Affected: 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53,
+ 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45,
+ 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37
+
+: **low:** **<name name="CVE-2009-3720">expat DoS</name>**
+ [CVE-2009-3720](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720)
+A buffer over-read flaw was found in the bundled expat library. An attacker
+who is able to get Apache to parse an untrused XML document (for example
+through mod_dav) may be able to cause a crash. This crash would only be a
+denial of service if using the worker MPM.
+
+: Reported to security team: 21st August 2009<br></br>Issue public:
+ 17th January 2009<br></br>Update released:
+ 19th October 2010<br></br>
+: Affected: 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53,
+ 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45,
+ 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
+
+: **low:** **<name name="CVE-2009-3560">expat DoS</name>**
+ [CVE-2009-3560](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560)
+A buffer over-read flaw was found in the bundled expat library. An attacker
+who is able to get Apache to parse an untrused XML document (for example
+through mod_dav) may be able to cause a crash. This crash would only be a
+denial of service if using the worker MPM.
+
+: Issue public: 2nd December 2009<br></br>Update released:
+ 19th October 2010<br></br>
+: Affected: 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53,
+ 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45,
+ 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
+
+: **low:** **<name name="CVE-2010-1623">apr_bridage_split_line
+ DoS</name>**
+ [CVE-2010-1623](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1623)
A flaw was found in the apr_brigade_split_line() function of the bundled
-APR-util library, used to process non-SSL requests. A remote attacker
-could send requests, carefully crafting the timing of individual bytes,
-which would slowly consume memory, potentially leading to a denial of
-service.
-</p>
-</dd>
-<dd>
- Reported to security team: 3rd March 2010<br/>
- Issue public: 1st October 2010<br/>
- Update released: 19th October 2010<br/>
-</dd>
-<dd>
- Affected:
- 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2010-1452">mod_dav DoS</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1452">CVE-2010-1452</a>
-<p>
-A flaw was found in the handling of requests by mod_dav. A malicious remote
-attacker could send a carefully crafted request and cause a httpd child process
-to crash. This crash would only be a denial of service if using the worker MPM.
-This issue is further mitigated as mod_dav is only affected by requests that are
-most likely to be authenticated.
-</p>
-</dd>
-<dd>
-<p>Acknowledgements:
-This issue was reported by Mark Drayton.
-</p>
-</dd>
-<dd>
- Reported to security team: 4th May 2010<br/>
- Issue public: 25th July 2010<br/>
- Update released: 19th October 2010<br/>
-</dd>
-<dd>
- Affected:
- 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2009-2412">APR apr_palloc heap overflow</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412">CVE-2009-2412</a>
-<p>
-A flaw in apr_palloc() in the bundled copy of APR could
-cause heap overflows in programs that try to apr_palloc() a user
-controlled size. The Apache HTTP Server itself does not pass
-unsanitized user-provided sizes to this function, so it could only
-be triggered through some other application which uses apr_palloc()
-in a vulnerable way.
-</p>
-</dd>
-<dd>
- Reported to security team: 27th July 2009<br/>
- Issue public: 4th August 2009<br/>
- Update released: 19th October 2010<br/>
-</dd>
-<dd>
- Affected:
- 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2009-1891">mod_deflate DoS</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891">CVE-2009-1891</a>
-<p>
-A denial of service flaw was found in the mod_deflate module. This
-module continued to compress large files until compression was
-complete, even if the network connection that requested the content
-was closed before compression completed. This would cause mod_deflate
-to consume large amounts of CPU if mod_deflate was enabled for a large
-file.</p>
-</dd>
-<dd>
- Issue public: 26th June 2009<br/>
- Update released: 19th October 2010<br/>
-</dd>
-<dd>
- Affected:
- 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2009-3095">mod_proxy_ftp FTP command injection</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095">CVE-2009-3095</a>
-<p>
+APR-util library, used to process non-SSL requests. A remote attacker could
+send requests, carefully crafting the timing of individual bytes, which
+would slowly consume memory, potentially leading to a denial of service.
+
+: Reported to security team: 3rd March 2010<br></br>Issue public:
+ 1st October 2010<br></br>Update released:
+ 19th October 2010<br></br>
+: Affected: 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53,
+ 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45,
+ 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
+
+: **low:** **<name name="CVE-2010-1452">mod_dav DoS</name>**
+ [CVE-2010-1452](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1452)
+A flaw was found in the handling of requests by mod_dav. A malicious remote
+attacker could send a carefully crafted request and cause a httpd child
+process to crash. This crash would only be a denial of service if using the
+worker MPM. This issue is further mitigated as mod_dav is only affected by
+requests that are most likely to be authenticated.
+
+Acknowledgements: This issue was reported by Mark Drayton.
+
+: Reported to security team: 4th May 2010<br></br>Issue public:
+ 25th July 2010<br></br>Update released: 19th October 2010<br></br>
+: Affected: 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53,
+ 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45,
+ 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
+
+: **low:** **<name name="CVE-2009-2412">APR apr_palloc heap
+ overflow</name>**
+ [CVE-2009-2412](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412)
+A flaw in apr_palloc() in the bundled copy of APR could cause heap
+overflows in programs that try to apr_palloc() a user controlled size. The
+Apache HTTP Server itself does not pass unsanitized user-provided sizes to
+this function, so it could only be triggered through some other application
+which uses apr_palloc() in a vulnerable way.
+
+: Reported to security team: 27th July 2009<br></br>Issue public:
+ 4th August 2009<br></br>Update released:
+ 19th October 2010<br></br>
+: Affected: 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53,
+ 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45,
+ 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
+
+: **low:** **<name name="CVE-2009-1891">mod_deflate DoS</name>**
+ [CVE-2009-1891](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891)
+A denial of service flaw was found in the mod_deflate module. This module
+continued to compress large files until compression was complete, even if
+the network connection that requested the content was closed before
+compression completed. This would cause mod_deflate to consume large
+amounts of CPU if mod_deflate was enabled for a large file.
+
+: Issue public: 26th June 2009<br></br>Update released:
+ 19th October 2010<br></br>
+: Affected: 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53,
+ 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45,
+ 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
+
+: **low:** **<name name="CVE-2009-3095">mod_proxy_ftp FTP command
+ injection</name>**
+ [CVE-2009-3095](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095)
A flaw was found in the mod_proxy_ftp module. In a reverse proxy
-configuration, a remote attacker could use this flaw to bypass
-intended access restrictions by creating a carefully-crafted HTTP
-Authorization header, allowing the attacker to send arbitrary commands
-to the FTP server.
-</p>
-</dd>
-<dd>
- Reported to security team: 3rd September 2009<br/>
- Issue public: 3rd August 2009<br/>
- Update released: 19th October 2010<br/>
-</dd>
-<dd>
- Affected:
- 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2009-3094">mod_proxy_ftp DoS</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094">CVE-2009-3094</a>
-<p>
-A NULL pointer dereference flaw was found in the mod_proxy_ftp
-module. A malicious FTP server to which requests are being proxied
-could use this flaw to crash an httpd child process via a malformed
-reply to the EPSV or PASV commands, resulting in a limited denial of
-service.
-</p>
-</dd>
-<dd>
- Reported to security team: 4th September 2009<br/>
- Issue public: 2nd August 2009<br/>
- Update released: 19th October 2010<br/>
-</dd>
-<dd>
- Affected:
- 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2010-0434">Subrequest handling of request headers (mod_headers)</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0434">CVE-2010-0434</a>
-<p>
-A flaw in the core subrequest process code was fixed, to always provide a shallow copy of the headers_in
-array to the subrequest, instead of a pointer to the parent request's array
-as it had for requests without request bodies. This meant all modules such
-as mod_headers which may manipulate the input headers for a subrequest would
-poison the parent request in two ways, one by modifying the parent request,
-which might not be intended, and second by leaving pointers to modified header
-fields in memory allocated to the subrequest scope, which could be freed
-before the main request processing was finished, resulting in a segfault or
-in revealing data from another request on threaded servers, such as the worker
+configuration, a remote attacker could use this flaw to bypass intended
+access restrictions by creating a carefully-crafted HTTP Authorization
+header, allowing the attacker to send arbitrary commands to the FTP server.
+
+: Reported to security team: 3rd September 2009<br></br>Issue public:
+ 3rd August 2009<br></br>Update released:
+ 19th October 2010<br></br>
+: Affected: 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53,
+ 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45,
+ 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
+
+: **low:** **<name name="CVE-2009-3094">mod_proxy_ftp DoS</name>**
+ [CVE-2009-3094](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094)
+A NULL pointer dereference flaw was found in the mod_proxy_ftp module. A
+malicious FTP server to which requests are being proxied could use this
+flaw to crash an httpd child process via a malformed reply to the EPSV or
+PASV commands, resulting in a limited denial of service.
+
+: Reported to security team: 4th September 2009<br></br>Issue public:
+ 2nd August 2009<br></br>Update released:
+ 19th October 2010<br></br>
+: Affected: 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53,
+ 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45,
+ 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
+
+: **low:** **<name name="CVE-2010-0434">Subrequest handling of request
+ headers (mod_headers)</name>**
+ [CVE-2010-0434](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0434)
+A flaw in the core subrequest process code was fixed, to always provide a
+shallow copy of the headers_in array to the subrequest, instead of a
+pointer to the parent request's array as it had for requests without
+request bodies. This meant all modules such as mod_headers which may
+manipulate the input headers for a subrequest would poison the parent
+request in two ways, one by modifying the parent request, which might not
+be intended, and second by leaving pointers to modified header fields in
+memory allocated to the subrequest scope, which could be freed before the
+main request processing was finished, resulting in a segfault or in
+revealing data from another request on threaded servers, such as the worker
or winnt MPMs.
-</p>
-</dd>
-<dd>
-<p>Acknowledgements:
-We would like to thank Philip Pickett of VMware for reporting and proposing a
-fix for this issue.
-</p>
-</dd>
-<dd>
- Issue public: 9th December 2009<br/>
- Update released: 19th October 2010<br/>
-</dd>
-<dd>
- Affected:
- 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2008-2939">mod_proxy_ftp globbing XSS</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939">CVE-2008-2939</a>
-<p>
-A flaw was found in the handling of wildcards in the path of a FTP
-URL with mod_proxy_ftp. If mod_proxy_ftp is enabled to support
-FTP-over-HTTP, requests containing globbing characters could lead
-to cross-site scripting (XSS) attacks.</p>
-</dd>
-<dd>
- Reported to security team: 28th July 2008<br/>
- Issue public: 5th August 2008<br/>
- Update released: 19th October 2010<br/>
-</dd>
-<dd>
- Affected:
- 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
-</dd>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2008-2364">mod_proxy_http DoS</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364">CVE-2008-2364</a>
-<p>
-A flaw was found in the handling of excessive interim responses
-from an origin server when using mod_proxy_http. A remote attacker
-could cause a denial of service or high memory usage.</p>
-</dd>
-<dd>
- Reported to security team: 29th May 2008<br/>
- Issue public: 10th June 2008<br/>
- Update released: 19th October 2010<br/>
-</dd>
-<dd>
- Affected:
- 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
-</dd>
-</dl>
-</section>
-<section id="2.0.63">
-<title>
-Fixed in Apache httpd 2.0.63</title>
-<dl>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2008-0005">mod_proxy_ftp UTF-7 XSS</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005">CVE-2008-0005</a>
-<p>
+
+Acknowledgements: We would like to thank Philip Pickett of VMware for
+reporting and proposing a fix for this issue.
+
+: Issue public: 9th December 2009<br></br>Update released:
+ 19th October 2010<br></br>
+: Affected: 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53,
+ 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45,
+ 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
+
+: **low:** **<name name="CVE-2008-2939">mod_proxy_ftp globbing
+ XSS</name>**
+ [CVE-2008-2939](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939)
+A flaw was found in the handling of wildcards in the path of a FTP URL with
+mod_proxy_ftp. If mod_proxy_ftp is enabled to support FTP-over-HTTP,
+requests containing globbing characters could lead to cross-site scripting
+(XSS) attacks.
+
+: Reported to security team: 28th July 2008<br></br>Issue public:
+ 5th August 2008<br></br>Update released:
+ 19th October 2010<br></br>
+: Affected: 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53,
+ 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45,
+ 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
+
+: **moderate:** **<name name="CVE-2008-2364">mod_proxy_http
+ DoS</name>**
+ [CVE-2008-2364](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364)
+A flaw was found in the handling of excessive interim responses from an
+origin server when using mod_proxy_http. A remote attacker could cause a
+denial of service or high memory usage.
+
+: Reported to security team: 29th May 2008<br></br>Issue public:
+ 10th June 2008<br></br>Update released: 19th October 2010<br></br>
+: Affected: 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53,
+ 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45,
+ 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
+
+# Fixed in Apache httpd 2.0.63 # {#2.0.63}
+
+: **low:** **<name name="CVE-2008-0005">mod_proxy_ftp UTF-7
+ XSS</name>**
+ [CVE-2008-0005](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005)
A workaround was added in the mod_proxy_ftp module. On sites where
-mod_proxy_ftp is enabled and a forward proxy is configured, a
-cross-site scripting attack is possible against Web browsers which do
-not correctly derive the response character set following the rules in
-RFC 2616.
-</p>
-</dd>
-<dd>
- Reported to security team: 15th December 2007<br/>
- Issue public: 8th January 2008<br/>
- Update released: 19th January 2008<br/>
-</dd>
-<dd>
- Affected:
- 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
-</dd>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2007-6388">mod_status XSS</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388">CVE-2007-6388</a>
-<p>
+mod_proxy_ftp is enabled and a forward proxy is configured, a cross-site
+scripting attack is possible against Web browsers which do not correctly
+derive the response character set following the rules in RFC 2616.
+
+: Reported to security team: 15th December 2007<br></br>Issue public:
+ 8th January 2008<br></br>Update released:
+ 19th January 2008<br></br>
+: Affected: 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52,
+ 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44,
+ 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
+
+: **moderate:** **<name name="CVE-2007-6388">mod_status XSS</name>**
+ [CVE-2007-6388](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388)
A flaw was found in the mod_status module. On sites where mod_status is
enabled and the status pages were publicly accessible, a cross-site
-scripting attack is possible.
-Note that the server-status page is not enabled by default and it is best practice to not make this publicly available.</p>
-</dd>
-<dd>
- Reported to security team: 15th December 2007<br/>
- Issue public: 2nd January 2008<br/>
- Update released: 19th January 2008<br/>
-</dd>
-<dd>
- Affected:
- 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
-</dd>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2007-5000">mod_imap XSS</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000">CVE-2007-5000</a>
-<p>
-A flaw was found in the mod_imap module. On sites where
-mod_imap is enabled and an imagemap file is publicly available, a
-cross-site scripting attack is possible.</p>
-</dd>
-<dd>
- Reported to security team: 23rd October 2007<br/>
- Issue public: 11th December 2007<br/>
- Update released: 19th January 2008<br/>
-</dd>
-<dd>
- Affected:
- 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
-</dd>
-</dl>
-</section>
-<section id="2.0.61">
-<title>
-Fixed in Apache httpd 2.0.61</title>
-<dl>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2007-3847">mod_proxy crash</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847">CVE-2007-3847</a>
-<p>
+scripting attack is possible. Note that the server-status page is not
+enabled by default and it is best practice to not make this publicly
+available.
+
+: Reported to security team: 15th December 2007<br></br>Issue public:
+ 2nd January 2008<br></br>Update released:
+ 19th January 2008<br></br>
+: Affected: 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52,
+ 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44,
+ 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
+
+: **moderate:** **<name name="CVE-2007-5000">mod_imap XSS</name>**
+ [CVE-2007-5000](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000)
+A flaw was found in the mod_imap module. On sites where mod_imap is enabled
+and an imagemap file is publicly available, a cross-site scripting attack
+is possible.
+
+: Reported to security team: 23rd October 2007<br></br>Issue public:
+ 11th December 2007<br></br>Update released:
+ 19th January 2008<br></br>
+: Affected: 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52,
+ 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44,
+ 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
+
+# Fixed in Apache httpd 2.0.61 # {#2.0.61}
+
+: **moderate:** **<name name="CVE-2007-3847">mod_proxy crash</name>**
+ [CVE-2007-3847](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847)
A flaw was found in the Apache HTTP Server mod_proxy module. On sites where
a reverse proxy is configured, a remote attacker could send a carefully
crafted request that would cause the Apache child process handling that
request to crash. On sites where a forward proxy is configured, an attacker
could cause a similar crash if a user could be persuaded to visit a
malicious site using the proxy. This could lead to a denial of service if
-using a threaded Multi-Processing Module.</p>
-</dd>
-<dd>
- Issue public: 10th December 2006<br/>
- Update released: 7th September 2007<br/>
-</dd>
-<dd>
- Affected:
- 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
-</dd>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2006-5752">mod_status cross-site scripting</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752">CVE-2006-5752</a>
-<p>
-A flaw was found in the mod_status module. On sites where the
-server-status page is publicly accessible and ExtendedStatus is
-enabled this could lead to a cross-site scripting attack.
-Note that the server-status
-page is not enabled by default and it is best practice to not make
-this publicly available.</p>
-</dd>
-<dd>
- Reported to security team: 19th October 2006<br/>
- Issue public: 20th June 2007<br/>
- Update released: 7th September 2007<br/>
-</dd>
-<dd>
- Affected:
- 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
-</dd>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2007-3304">Signals to arbitrary processes</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304">CVE-2007-3304</a>
-<p>The Apache HTTP server did not verify that a process
-was an Apache child process before sending it signals. A local
-attacker with the ability to run scripts on the HTTP server could
-manipulate the scoreboard and cause arbitrary processes to be
-terminated which could lead to a denial of service.</p>
-</dd>
-<dd>
- Reported to security team: 15th May 2006<br/>
- Issue public: 19th June 2007<br/>
- Update released: 7th September 2007<br/>
-</dd>
-<dd>
- Affected:
- 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
-</dd>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2007-1863">mod_cache proxy DoS</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863">CVE-2007-1863</a>
-<p>A bug was found in the mod_cache module. On sites where
-caching is enabled, a remote attacker could send a carefully crafted
-request that would cause the Apache child process handling that request to
-crash. This could lead to a denial of service if using a threaded
-Multi-Processing Module.</p>
-</dd>
-<dd>
- Reported to security team: 2nd May 2007<br/>
- Issue public: 18th June 2007<br/>
- Update released: 7th September 2007<br/>
-</dd>
-<dd>
- Affected:
- 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37<p/>
-</dd>
-</dl>
-</section>
-<section id="2.0.59">
-<title>
-Fixed in Apache httpd 2.0.59</title>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2006-3747">mod_rewrite off-by-one error</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3747">CVE-2006-3747</a>
-<p>
-An off-by-one flaw exists in the Rewrite module, mod_rewrite.
-Depending on the manner in which Apache httpd was compiled, this
-software defect may result in a vulnerability which, in combination
-with certain types of Rewrite rules in the web server configuration
-files, could be triggered remotely. For vulnerable builds, the nature
-of the vulnerability can be denial of service (crashing of web server
-processes) or potentially allow arbitrary code execution.
-</p>
-</dd>
-<dd>
- Reported to security team: 21st July 2006<br/>
- Issue public: 27th July 2006<br/>
- Update released: 27th July 2006<br/>
-</dd>
-<dd>
- Affected:
- 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46<p/>
-</dd>
-</dl>
-</section>
-<section id="2.0.58">
-<title>
-Fixed in Apache httpd 2.0.58</title>
-<dl>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2005-3357">mod_ssl access control DoS</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3357">CVE-2005-3357</a>
-<p>
+using a threaded Multi-Processing Module.
+
+: Issue public: 10th December 2006<br></br>Update released:
+ 7th September 2007<br></br>
+: Affected: 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51,
+ 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43,
+ 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
+
+: **moderate:** **<name name="CVE-2006-5752">mod_status cross-site
+ scripting</name>**
+ [CVE-2006-5752](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752)
+A flaw was found in the mod_status module. On sites where the server-status
+page is publicly accessible and ExtendedStatus is enabled this could lead
+to a cross-site scripting attack. Note that the server-status page is not
+enabled by default and it is best practice to not make this publicly
+available.
+
+: Reported to security team: 19th October 2006<br></br>Issue public:
+ 20th June 2007<br></br>Update released:
+ 7th September 2007<br></br>
+: Affected: 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51,
+ 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43,
+ 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
+
+: **moderate:** **<name name="CVE-2007-3304">Signals to arbitrary
+ processes</name>**
+ [CVE-2007-3304](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304)
+The Apache HTTP server did not verify that a process was an Apache child
+process before sending it signals. A local attacker with the ability to run
+scripts on the HTTP server could manipulate the scoreboard and cause
+arbitrary processes to be terminated which could lead to a denial of
+service.
+
+: Reported to security team: 15th May 2006<br></br>Issue public:
+ 19th June 2007<br></br>Update released:
+ 7th September 2007<br></br>
+: Affected: 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51,
+ 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43,
+ 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
+
+: **moderate:** **<name name="CVE-2007-1863">mod_cache proxy
+ DoS</name>**
+ [CVE-2007-1863](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863)
+A bug was found in the mod_cache module. On sites where caching is enabled,
+a remote attacker could send a carefully crafted request that would cause
+the Apache child process handling that request to crash. This could lead to
+a denial of service if using a threaded Multi-Processing Module.
+
+: Reported to security team: 2nd May 2007<br></br>Issue public:
+ 18th June 2007<br></br>Update released:
+ 7th September 2007<br></br>
+: Affected: 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51,
+ 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43,
+ 2.0.42, 2.0.40, 2.0.39, 2.0.37
+
+# Fixed in Apache httpd 2.0.59 # {#2.0.59}
+
+: **important:** **<name name="CVE-2006-3747">mod_rewrite off-by-one
+ error</name>**
+ [CVE-2006-3747](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3747)
+An off-by-one flaw exists in the Rewrite module, mod_rewrite. Depending on
+the manner in which Apache httpd was compiled, this software defect may
+result in a vulnerability which, in combination with certain types of
+Rewrite rules in the web server configuration files, could be triggered
+remotely. For vulnerable builds, the nature of the vulnerability can be
+denial of service (crashing of web server processes) or potentially allow
+arbitrary code execution.
+
+: Reported to security team: 21st July 2006<br></br>Issue public:
+ 27th July 2006<br></br>Update released: 27th July 2006<br></br>
+: Affected: 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50,
+ 2.0.49, 2.0.48, 2.0.47, 2.0.46
+
+# Fixed in Apache httpd 2.0.58 # {#2.0.58}
+
+: **low:** **<name name="CVE-2005-3357">mod_ssl access control
+ DoS</name>**
+ [CVE-2005-3357](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3357)
A NULL pointer dereference flaw in mod_ssl was discovered affecting server
configurations where an SSL virtual host is configured with access control
and a custom 400 error document. A remote attacker could send a carefully
crafted request to trigger this issue which would lead to a crash. This
crash would only be a denial of service if using the worker MPM.
-</p>
-</dd>
-<dd>
- Reported to security team: 5th December 2005<br/>
- Issue public: 12th December 2005<br/>
- Update released: 1st May 2006<br/>
-</dd>
-<dd>
- Affected:
- 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
-</dd>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2005-3352">mod_imap Referer Cross-Site Scripting</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352">CVE-2005-3352</a>
-<p>
-A flaw in mod_imap when using the Referer directive with image maps.
-In certain site configurations a remote attacker could perform a cross-site
-scripting attack if a victim can be forced to visit a malicious
-URL using certain web browsers.
-</p>
-</dd>
-<dd>
- Reported to security team: 1st November 2005<br/>
- Issue public: 12th December 2005<br/>
- Update released: 1st May 2006<br/>
-</dd>
-<dd>
- Affected:
- 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
-</dd>
-</dl>
-</section>
-<section id="2.0.55">
-<title>
-Fixed in Apache httpd 2.0.55</title>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2005-2700">SSLVerifyClient bypass</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2700">CVE-2005-2700</a>
-<p>
-A flaw in the mod_ssl handling of the "SSLVerifyClient"
-directive. This flaw would occur if a virtual host has been configured
-using "SSLVerifyClient optional" and further a directive "SSLVerifyClient
-required" is set for a specific location. For servers configured in this
+
+: Reported to security team: 5th December 2005<br></br>Issue public:
+ 12th December 2005<br></br>Update released: 1st May 2006<br></br>
+: Affected: 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49,
+ 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40,
+ 2.0.39, 2.0.37, 2.0.36, 2.0.35
+
+: **moderate:** **<name name="CVE-2005-3352">mod_imap Referer
+ Cross-Site Scripting</name>**
+ [CVE-2005-3352](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352)
+A flaw in mod_imap when using the Referer directive with image maps. In
+certain site configurations a remote attacker could perform a cross-site
+scripting attack if a victim can be forced to visit a malicious URL using
+certain web browsers.
+
+: Reported to security team: 1st November 2005<br></br>Issue public:
+ 12th December 2005<br></br>Update released: 1st May 2006<br></br>
+: Affected: 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49,
+ 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40,
+ 2.0.39, 2.0.37, 2.0.36, 2.0.35
+
+# Fixed in Apache httpd 2.0.55 # {#2.0.55}
+
+: **important:** **<name name="CVE-2005-2700">SSLVerifyClient
+ bypass</name>**
+ [CVE-2005-2700](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2700)
+A flaw in the mod_ssl handling of the "SSLVerifyClient" directive. This
+flaw would occur if a virtual host has been configured using
+"SSLVerifyClient optional" and further a directive "SSLVerifyClient
+required" is set for a specific location. For servers configured in this
fashion, an attacker may be able to access resources that should otherwise
be protected, by not supplying a client certificate when connecting.
-</p>
-</dd>
-<dd>
- Issue public: 30th August 2005<br/>
- Update released: 14th October 2005<br/>
-</dd>
-<dd>
- Affected:
- 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2005-2970">Worker MPM memory leak</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2970">CVE-2005-2970</a>
-<p>
-A memory leak in the worker MPM would allow remote attackers to cause
-a denial of service (memory consumption) via aborted connections,
-which prevents the memory for the transaction pool from being reused
-for other connections. This issue was downgraded in severity to low
-(from moderate) as sucessful exploitation of the race condition would
-be difficult.
-</p>
-</dd>
-<dd>
- Update released: 14th October 2005<br/>
-</dd>
-<dd>
- Affected:
- 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36<p/>
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2005-2491">PCRE overflow</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2491">CVE-2005-2491</a>
-<p>
+
+: Issue public: 30th August 2005<br></br>Update released:
+ 14th October 2005<br></br>
+: Affected: 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48,
+ 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39,
+ 2.0.37, 2.0.36, 2.0.35
+
+: **low:** **<name name="CVE-2005-2970">Worker MPM memory
+ leak</name>**
+ [CVE-2005-2970](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2970)
+A memory leak in the worker MPM would allow remote attackers to cause a
+denial of service (memory consumption) via aborted connections, which
+prevents the memory for the transaction pool from being reused for other
+connections. This issue was downgraded in severity to low (from moderate)
+as sucessful exploitation of the race condition would be difficult.
+
+: Update released: 14th October 2005<br></br>
+: Affected: 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48,
+ 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39,
+ 2.0.37, 2.0.36
+
+: **low:** **<name name="CVE-2005-2491">PCRE overflow</name>**
+ [CVE-2005-2491](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2491)
An integer overflow flaw was found in PCRE, a Perl-compatible regular
-expression library included within httpd. A local user who has the
-ability to create .htaccess files could create a maliciously crafted
-regular expression in such as way that they could gain the privileges
-of a httpd child.
-</p>
-</dd>
-<dd>
- Issue public: 1st August 2005<br/>
- Update released: 14th October 2005<br/>
-</dd>
-<dd>
- Affected:
- 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2005-1268">Malicious CRL off-by-one</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1268">CVE-2005-1268</a>
-<p>
-An off-by-one stack overflow was discovered in the mod_ssl CRL
-verification callback. In order to exploit this issue the Apache
-server would need to be configured to use a malicious certificate
-revocation list (CRL)
-</p>
-</dd>
-<dd>
- Issue public: 8th June 2005<br/>
- Update released: 14th October 2005<br/>
-</dd>
-<dd>
- Affected:
- 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
-</dd>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2005-2728">Byterange filter DoS</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2728">CVE-2005-2728</a>
-<p>
+expression library included within httpd. A local user who has the ability
+to create.htaccess files could create a maliciously crafted regular
+expression in such as way that they could gain the privileges of a httpd
+child.
+
+: Issue public: 1st August 2005<br></br>Update released:
+ 14th October 2005<br></br>
+: Affected: 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48,
+ 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39,
+ 2.0.37, 2.0.36, 2.0.35
+
+: **low:** **<name name="CVE-2005-1268">Malicious CRL
+ off-by-one</name>**
+ [CVE-2005-1268](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1268)
+An off-by-one stack overflow was discovered in the mod_ssl CRL verification
+callback. In order to exploit this issue the Apache server would need to be
+configured to use a malicious certificate revocation list (CRL)
+
+: Issue public: 8th June 2005<br></br>Update released:
+ 14th October 2005<br></br>
+: Affected: 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48,
+ 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39,
+ 2.0.37, 2.0.36, 2.0.35
+
+: **moderate:** **<name name="CVE-2005-2728">Byterange filter
+ DoS</name>**
+ [CVE-2005-2728](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2728)
A flaw in the byterange filter would cause some responses to be buffered
-into memory. If a server has a dynamic resource such as a CGI
-script or PHP script which generates a large amount of data, an attacker
-could send carefully crafted requests in order to consume resources,
-potentially leading to a Denial of Service.
-</p>
-</dd>
-<dd>
- Issue public: 7th July 2005<br/>
- Update released: 14th October 2005<br/>
-</dd>
-<dd>
- Affected:
- 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
-</dd>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2005-2088">HTTP Request Spoofing</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2088">CVE-2005-2088</a>
-<p>
+into memory. If a server has a dynamic resource such as a CGI script or PHP
+script which generates a large amount of data, an attacker could send
+carefully crafted requests in order to consume resources, potentially
+leading to a Denial of Service.
+
+: Issue public: 7th July 2005<br></br>Update released:
+ 14th October 2005<br></br>
+: Affected: 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48,
+ 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39,
+ 2.0.37, 2.0.36, 2.0.35
+
+: **moderate:** **<name name="CVE-2005-2088">HTTP Request
+ Spoofing</name>**
+ [CVE-2005-2088](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2088)
A flaw occured when using the Apache server as a HTTP proxy. A remote
-attacker could send a HTTP request with both a "Transfer-Encoding:
-chunked" header and a Content-Length header, causing Apache to
-incorrectly handle and forward the body of the request in a way that
-causes the receiving server to process it as a separate HTTP request.
-This could allow the bypass of web application firewall protection or
-lead to cross-site scripting (XSS) attacks.
-</p>
-</dd>
-<dd>
- Issue public: 11th June 2005<br/>
- Update released: 14th October 2005<br/>
-</dd>
-<dd>
- Affected:
- 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
-</dd>
-</dl>
-</section>
-<section id="2.0.53">
-<title>
-Fixed in Apache httpd 2.0.53</title>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2004-0942">Memory consumption DoS</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0942">CVE-2004-0942</a>
-<p>
-An issue was discovered where the field length limit was not enforced
-for certain malicious requests. This could allow a remote attacker who
-is able to send large amounts of data to a server the ability to cause
-Apache children to consume proportional amounts of memory, leading to
-a denial of service.
-</p>
-</dd>
-<dd>
- Reported to security team: 28th October 2004<br/>
- Issue public: 1st November 2004<br/>
- Update released: 8th February 2005<br/>
-</dd>
-<dd>
- Affected:
- 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2004-1834">mod_disk_cache stores sensitive headers</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1834">CVE-2004-1834</a>
-<p>
+attacker could send a HTTP request with both a "Transfer-Encoding: chunked"
+header and a Content-Length header, causing Apache to incorrectly handle
+and forward the body of the request in a way that causes the receiving
+server to process it as a separate HTTP request. This could allow the
+bypass of web application firewall protection or lead to cross-site
+scripting (XSS) attacks.
+
+: Issue public: 11th June 2005<br></br>Update released:
+ 14th October 2005<br></br>
+: Affected: 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48,
+ 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39,
+ 2.0.37, 2.0.36, 2.0.35
+
+# Fixed in Apache httpd 2.0.53 # {#2.0.53}
+
+: **important:** **<name name="CVE-2004-0942">Memory consumption
+ DoS</name>**
+ [CVE-2004-0942](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0942)
+An issue was discovered where the field length limit was not enforced for
+certain malicious requests. This could allow a remote attacker who is able
+to send large amounts of data to a server the ability to cause Apache
+children to consume proportional amounts of memory, leading to a denial of
+service.
+
+: Reported to security team: 28th October 2004<br></br>Issue public:
+ 1st November 2004<br></br>Update released:
+ 8th February 2005<br></br>
+: Affected: 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46,
+ 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
+
+: **low:** **<name name="CVE-2004-1834">mod_disk_cache stores
+ sensitive headers</name>**
+ [CVE-2004-1834](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1834)
The experimental mod_disk_cache module stored client authentication
-credentials for cached objects such as proxy authentication credentials
-and Basic Authentication passwords on disk.
-</p>
-</dd>
-<dd>
- Reported to security team: 2nd March 2004<br/>
- Issue public: 20th March 2004<br/>
- Update released: 8th February 2005<br/>
-</dd>
-<dd>
- Affected:
- 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
-</dd>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2004-0885">SSLCipherSuite bypass</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0885">CVE-2004-0885</a>
-<p>
+credentials for cached objects such as proxy authentication credentials and
+Basic Authentication passwords on disk.
+
+: Reported to security team: 2nd March 2004<br></br>Issue public:
+ 20th March 2004<br></br>Update released:
+ 8th February 2005<br></br>
+: Affected: 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46,
+ 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
+
+: **moderate:** **<name name="CVE-2004-0885">SSLCipherSuite
+ bypass</name>**
+ [CVE-2004-0885](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0885)
An issue has been discovered in the mod_ssl module when configured to use
the "SSLCipherSuite" directive in directory or location context. If a
particular location context has been configured to require a specific set
of cipher suites, then a client will be able to access that location using
-any cipher suite allowed by the virtual host configuration.
-</p>
-</dd>
-<dd>
- Issue public: 1st October 2004<br/>
- Update released: 8th February 2005<br/>
-</dd>
-<dd>
- Affected:
- 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
-</dd>
-</dl>
-</section>
-<section id="2.0.52">
-<title>
-Fixed in Apache httpd 2.0.52</title>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2004-0811">Basic authentication bypass</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0811">CVE-2004-0811</a>
-<p>
-A flaw in Apache 2.0.51 (only) broke the merging of the Satisfy
-directive which could result in access being granted to
-resources despite any configured authentication
-</p>
-</dd>
-<dd>
- Issue public: 18th September 2004<br/>
- Update released: 28th September 2004<br/>
-</dd>
-<dd>
- Affected:
- 2.0.51<p/>
-</dd>
-</dl>
-</section>
-<section id="2.0.51">
-<title>
-Fixed in Apache httpd 2.0.51</title>
-<dl>
-<dd>
-<b>critical: </b>
-<b>
-<name name="CVE-2004-0786">IPv6 URI parsing heap overflow</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0786">CVE-2004-0786</a>
-<p>
+any cipher suite allowed by the virtual host configuration.
+
+: Issue public: 1st October 2004<br></br>Update released:
+ 8th February 2005<br></br>
+: Affected: 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46,
+ 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
+
+# Fixed in Apache httpd 2.0.52 # {#2.0.52}
+
+: **important:** **<name name="CVE-2004-0811">Basic authentication
+ bypass</name>**
+ [CVE-2004-0811](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0811)
+A flaw in Apache 2.0.51 (only) broke the merging of the Satisfy directive
+which could result in access being granted to resources despite any
+configured authentication
+
+: Issue public: 18th September 2004<br></br>Update released:
+ 28th September 2004<br></br>
+: Affected: 2.0.51
+
+# Fixed in Apache httpd 2.0.51 # {#2.0.51}
+
+: **critical:** **<name name="CVE-2004-0786">IPv6 URI parsing heap
+ overflow</name>**
+ [CVE-2004-0786](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0786)
Testing using the Codenomicon HTTP Test Tool performed by the Apache
Software Foundation security group and Red Hat uncovered an input
validation issue in the IPv6 URI parsing routines in the apr-util library.
If a remote attacker sent a request including a carefully crafted URI, an
-httpd child process could be made to crash. One some BSD systems it
-is believed this flaw may be able to lead to remote code execution.
-</p>
-</dd>
-<dd>
- Reported to security team: 25th August 2004<br/>
- Issue public: 15th September 2004<br/>
- Update released: 15th September 2004<br/>
-</dd>
-<dd>
- Affected:
- 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
-</dd>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2004-0748">SSL connection infinite loop</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0748">CVE-2004-0748</a>
-<p>
-An issue was discovered in the mod_ssl module in Apache 2.0.
-A remote attacker who forces an SSL connection to
-be aborted in a particular state may cause an Apache child process to
-enter an infinite loop, consuming CPU resources.
-</p>
-</dd>
-<dd>
- Issue public: 7th July 2004<br/>
- Update released: 15th September 2004<br/>
-</dd>
-<dd>
- Affected:
- 2.0.50, 2.0.49?, 2.0.48?, 2.0.47?, 2.0.46?, 2.0.45?, 2.0.44?, 2.0.43?, 2.0.42?, 2.0.40?, 2.0.39?, 2.0.37?, 2.0.36?, 2.0.35?<p/>
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2004-0747">Environment variable expansion flaw</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0747">CVE-2004-0747</a>
-<p>
-A buffer overflow was found in the
-expansion of environment variables during configuration file parsing. This
-issue could allow a local user to gain the privileges of a httpd
-child if a server can be forced to parse a carefully crafted .htaccess file
-written by a local user.
-</p>
-</dd>
-<dd>
-<p>Acknowledgements:
-We would like to thank the Swedish IT Incident Centre (SITIC) for reporting
-this issue.
-</p>
-</dd>
-<dd>
- Reported to security team: 5th August 2004<br/>
- Issue public: 15th September 2004<br/>
- Update released: 15th September 2004<br/>
-</dd>
-<dd>
- Affected:
- 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2004-0751">Malicious SSL proxy can cause crash</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0751">CVE-2004-0751</a>
-<p>
-An issue was discovered in the mod_ssl module in Apache 2.0.44-2.0.50
-which could be triggered if
-the server is configured to allow proxying to a remote SSL server. A
-malicious remote SSL server could force an httpd child process to crash by
-sending a carefully crafted response header. This issue is not believed to
-allow execution of arbitrary code and will only result in a denial
-of service where a threaded process model is in use.
-</p>
-</dd>
-<dd>
- Issue public: 7th July 2004<br/>
- Update released: 15th September 2004<br/>
-</dd>
-<dd>
- Affected:
- 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44<p/>
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2004-0809">WebDAV remote crash</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0809">CVE-2004-0809</a>
-<p>
-An issue was discovered in the mod_dav module which could be triggered
-for a location where WebDAV authoring access has been configured. A
-malicious remote client which is authorized to use the LOCK method
-could force an httpd child process to crash by sending a particular
-sequence of LOCK requests. This issue does not allow execution of
-arbitrary code. and will only result in a denial of service where a
-threaded process model is in use.
-</p>
-</dd>
-<dd>
- Issue public: 12th September 2004<br/>
- Update released: 15th September 2004<br/>
-</dd>
-<dd>
- Affected:
- 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
-</dd>
-</dl>
-</section>
-<section id="2.0.50">
-<title>
-Fixed in Apache httpd 2.0.50</title>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2004-0493">Header parsing memory leak</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0493">CVE-2004-0493</a>
-<p>
-A memory leak in parsing of HTTP headers which can be triggered
-remotely may allow a denial of service attack due to excessive memory
-consumption.
-</p>
-</dd>
-<dd>
- Reported to security team: 13th June 2004<br/>
- Issue public: 1st July 2004<br/>
- Update released: 1st July 2004<br/>
-</dd>
-<dd>
- Affected:
- 2.0.49, 2.0.48?, 2.0.47?, 2.0.46?, 2.0.45?, 2.0.44?, 2.0.43?, 2.0.42?, 2.0.40?, 2.0.39?, 2.0.37?, 2.0.36?, 2.0.35?<p/>
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2004-0488">FakeBasicAuth overflow</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0488">CVE-2004-0488</a>
-<p>
-A buffer overflow in the mod_ssl FakeBasicAuth code could be exploited
-by an attacker using a (trusted) client certificate with a subject DN
-field which exceeds 6K in length.
-</p>
-</dd>
-<dd>
- Issue public: 17th May 2004<br/>
- Update released: 1st July 2004<br/>
-</dd>
-<dd>
- Affected:
- 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
-</dd>
-</dl>
-</section>
-<section id="2.0.49">
-<title>
-Fixed in Apache httpd 2.0.49</title>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2004-0174">listening socket starvation</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0174">CVE-2004-0174</a>
-<p>
+httpd child process could be made to crash. One some BSD systems it is
+believed this flaw may be able to lead to remote code execution.
+
+: Reported to security team: 25th August 2004<br></br>Issue public:
+ 15th September 2004<br></br>Update released:
+ 15th September 2004<br></br>
+: Affected: 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44,
+ 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
+
+: **important:** **<name name="CVE-2004-0748">SSL connection infinite
+ loop</name>**
+ [CVE-2004-0748](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0748)
+An issue was discovered in the mod_ssl module in Apache 2.0. A remote
+attacker who forces an SSL connection to be aborted in a particular state
+may cause an Apache child process to enter an infinite loop, consuming CPU
+resources.
+
+: Issue public: 7th July 2004<br></br>Update released:
+ 15th September 2004<br></br>
+: Affected: 2.0.50, 2.0.49?, 2.0.48?, 2.0.47?, 2.0.46?, 2.0.45?,
+ 2.0.44?, 2.0.43?, 2.0.42?, 2.0.40?, 2.0.39?, 2.0.37?, 2.0.36?, 2.0.35?
+
+: **low:** **<name name="CVE-2004-0747">Environment variable expansion
+ flaw</name>**
+ [CVE-2004-0747](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0747)
+A buffer overflow was found in the expansion of environment variables
+during configuration file parsing. This issue could allow a local user to
+gain the privileges of a httpd child if a server can be forced to parse a
+carefully crafted.htaccess file written by a local user.
+
+Acknowledgements: We would like to thank the Swedish IT Incident Centre
+(SITIC) for reporting this issue.
+
+: Reported to security team: 5th August 2004<br></br>Issue public:
+ 15th September 2004<br></br>Update released:
+ 15th September 2004<br></br>
+: Affected: 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44,
+ 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
+
+: **low:** **<name name="CVE-2004-0751">Malicious SSL proxy can cause
+ crash</name>**
+ [CVE-2004-0751](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0751)
+An issue was discovered in the mod_ssl module in Apache 2.0.44-2.0.50 which
+could be triggered if the server is configured to allow proxying to a
+remote SSL server. A malicious remote SSL server could force an httpd child
+process to crash by sending a carefully crafted response header. This issue
+is not believed to allow execution of arbitrary code and will only result
+in a denial of service where a threaded process model is in use.
+
+: Issue public: 7th July 2004<br></br>Update released:
+ 15th September 2004<br></br>
+: Affected: 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44
+
+: **low:** **<name name="CVE-2004-0809">WebDAV remote crash</name>**
+ [CVE-2004-0809](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0809)
+An issue was discovered in the mod_dav module which could be triggered for
+a location where WebDAV authoring access has been configured. A malicious
+remote client which is authorized to use the LOCK method could force an
+httpd child process to crash by sending a particular sequence of LOCK
+requests. This issue does not allow execution of arbitrary code. and will
+only result in a denial of service where a threaded process model is in
+use.
+
+: Issue public: 12th September 2004<br></br>Update released:
+ 15th September 2004<br></br>
+: Affected: 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44,
+ 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
+
+# Fixed in Apache httpd 2.0.50 # {#2.0.50}
+
+: **important:** **<name name="CVE-2004-0493">Header parsing memory
+ leak</name>**
+ [CVE-2004-0493](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0493)
+A memory leak in parsing of HTTP headers which can be triggered remotely
+may allow a denial of service attack due to excessive memory consumption.
+
+: Reported to security team: 13th June 2004<br></br>Issue public:
+ 1st July 2004<br></br>Update released: 1st July 2004<br></br>
+: Affected: 2.0.49, 2.0.48?, 2.0.47?, 2.0.46?, 2.0.45?, 2.0.44?,
+ 2.0.43?, 2.0.42?, 2.0.40?, 2.0.39?, 2.0.37?, 2.0.36?, 2.0.35?
+
+: **low:** **<name name="CVE-2004-0488">FakeBasicAuth
+ overflow</name>**
+ [CVE-2004-0488](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0488)
+A buffer overflow in the mod_ssl FakeBasicAuth code could be exploited by
+an attacker using a (trusted) client certificate with a subject DN field
+which exceeds 6K in length.
+
+: Issue public: 17th May 2004<br></br>Update released:
+ 1st July 2004<br></br>
+: Affected: 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43,
+ 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
+
+# Fixed in Apache httpd 2.0.49 # {#2.0.49}
+
+: **important:** **<name name="CVE-2004-0174">listening socket
+ starvation</name>**
+ [CVE-2004-0174](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0174)
A starvation issue on listening sockets occurs when a short-lived
-connection on a rarely-accessed listening socket will cause a child to
-hold the accept mutex and block out new connections until another
-connection arrives on that rarely-accessed listening socket. This
-issue is known to affect some versions of AIX, Solaris, and Tru64; it
-is known to not affect FreeBSD or Linux.
-
-</p>
-</dd>
-<dd>
- Reported to security team: 25th February 2004<br/>
- Issue public: 18th March 2004<br/>
- Update released: 19th March 2004<br/>
-</dd>
-<dd>
- Affected:
- 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
-</dd>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2004-0113">mod_ssl memory leak</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0113">CVE-2004-0113</a>
-<p>
-A memory leak in mod_ssl allows a remote denial of service attack
-against an SSL-enabled server by sending plain HTTP requests to the
-SSL port.
-</p>
-</dd>
-<dd>
- Issue public: 20th February 2004<br/>
- Update released: 19th March 2004<br/>
-</dd>
-<dd>
- Affected:
- 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2003-0020">Error log escape filtering</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0020">CVE-2003-0020</a>
-<p>
-Apache does not filter terminal escape sequences from error logs,
-which could make it easier for attackers to insert those sequences
-into terminal emulators containing vulnerabilities related to escape
-sequences.
-</p>
-</dd>
-<dd>
- Issue public: 24th February 2003<br/>
- Update released: 19th March 2004<br/>
-</dd>
-<dd>
- Affected:
- 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
-</dd>
-</dl>
-</section>
-<section id="2.0.48">
-<title>
-Fixed in Apache httpd 2.0.48</title>
-<dl>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2003-0542">Local configuration regular expression overflow</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0542">CVE-2003-0542</a>
-<p>
-By using a regular expression with more than 9 captures a buffer
-overflow can occur in mod_alias or mod_rewrite. To exploit this an
-attacker would need to be able to create a carefully crafted configuration
-file (.htaccess or httpd.conf)
-</p>
-</dd>
-<dd>
- Reported to security team: 4th August 2003<br/>
- Issue public: 27th October 2003<br/>
- Update released: 27th October 2003<br/>
-</dd>
-<dd>
- Affected:
- 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
-</dd>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2003-0789">CGI output information leak</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0789">CVE-2003-0789</a>
-<p>
-A bug in mod_cgid mishandling of CGI redirect paths can result in
-CGI output going to the wrong client when a threaded MPM
-is used.
-</p>
-</dd>
-<dd>
- Reported to security team: 3rd October 2003<br/>
- Issue public: 27th October 2003<br/>
- Update released: 27th October 2003<br/>
-</dd>
-<dd>
- Affected:
- 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
-</dd>
-</dl>
-</section>
-<section id="2.0.47">
-<title>
-Fixed in Apache httpd 2.0.47</title>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2003-0253">Remote DoS with multiple Listen directives</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0253">CVE-2003-0253</a>
-<p>
-In a server with multiple listening sockets a certain error returned
-by accept() on a rarely access port can cause a temporary denial of
-service, due to a bug in the prefork MPM.
-</p>
-</dd>
-<dd>
- Reported to security team: 25th June 2003<br/>
- Issue public: 9th July 2003<br/>
- Update released: 9th July 2003<br/>
-</dd>
-<dd>
- Affected:
- 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2003-0192">mod_ssl renegotiation issue</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0192">CVE-2003-0192</a>
-<p>
-A bug in the optional renegotiation code in mod_ssl included with
-Apache httpd can cause cipher suite restrictions to be ignored.
-This is triggered if optional renegotiation is used (SSLOptions
-+OptRenegotiate) along with verification of client certificates
-and a change to the cipher suite over the renegotiation.
-</p>
-</dd>
-<dd>
- Reported to security team: 30th April 2003<br/>
- Issue public: 9th July 2003<br/>
- Update released: 9th July 2003<br/>
-</dd>
-<dd>
- Affected:
- 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
-</dd>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2003-0254">Remote DoS via IPv6 ftp proxy</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0254">CVE-2003-0254</a>
-<p>
-When a client requests that proxy ftp connect to a ftp server with
-IPv6 address, and the proxy is unable to create an IPv6 socket,
-an infinite loop occurs causing a remote Denial of Service.
-</p>
-</dd>
-<dd>
- Reported to security team: 25th June 2003<br/>
- Issue public: 9th July 2003<br/>
- Update released: 9th July 2003<br/>
-</dd>
-<dd>
- Affected:
- 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
-</dd>
-</dl>
-</section>
-<section id="2.0.46">
-<title>
-Fixed in Apache httpd 2.0.46</title>
-<dl>
-<dd>
-<b>critical: </b>
-<b>
-<name name="CVE-2003-0245">APR remote crash</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0245">CVE-2003-0245</a>
-<p>
-A vulnerability in the apr_psprintf function in the Apache Portable
-Runtime (APR) library allows remote
-attackers to cause a denial of service (crash) and possibly execute
-arbitrary code via long strings, as demonstrated using XML objects to
-mod_dav, and possibly other vectors.
-</p>
-</dd>
-<dd>
- Reported to security team: 9th April 2003<br/>
- Issue public: 28th May 2003<br/>
- Update released: 28th May 2003<br/>
-</dd>
-<dd>
- Affected:
- 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37<p/>
-</dd>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2003-0189">Basic Authentication DoS</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0189">CVE-2003-0189</a>
-<p>
-A build system problem in Apache 2.0.40 through 2.0.45 allows remote attackers
-to cause a denial of access to authenticated content when a threaded
-server is used.
-</p>
-</dd>
-<dd>
- Reported to security team: 25th April 2003<br/>
- Issue public: 28th May 2003<br/>
- Update released: 28th May 2003<br/>
-</dd>
-<dd>
- Affected:
- 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40<p/>
-</dd>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2003-0134">OS2 device name DoS</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0134">CVE-2003-0134</a>
-<p>
-Apache on OS2 up to and including Apache 2.0.45
-have a Denial of Service vulnerability caused by
-device names.
-</p>
-</dd>
-<dd>
- Issue public: 31st March 2003<br/>
- Update released: 28th May 2003<br/>
-</dd>
-<dd>
- Affected:
- 2.0.45, 2.0.44?, 2.0.43?, 2.0.42?, 2.0.40?, 2.0.39?, 2.0.37?, 2.0.36?, 2.0.35?<p/>
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2003-0083">Filtered escape sequences</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0083">CVE-2003-0083</a>
-<p>
-Apache did not filter terminal escape sequences from its
-access logs, which could make it easier for attackers to insert those
-sequences into terminal emulators containing vulnerabilities related
-to escape sequences.
-</p>
-</dd>
-<dd>
- Issue public: 24th February 2003<br/>
- Update released: 2nd April 2004<br/>
-</dd>
-<dd>
- Affected:
- 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p/>
-</dd>
-</dl>
-</section>
-<section id="2.0.45">
-<title>
-Fixed in Apache httpd 2.0.45</title>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2003-0132">Line feed memory leak DoS</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0132">CVE-2003-0132</a>
-<p>
+connection on a rarely-accessed listening socket will cause a child to hold
+the accept mutex and block out new connections until another connection
+arrives on that rarely-accessed listening socket. This issue is known to
+affect some versions of AIX, Solaris, and Tru64; it is known to not affect
+FreeBSD or Linux.
+
+: Reported to security team: 25th February 2004<br></br>Issue public:
+ 18th March 2004<br></br>Update released: 19th March 2004<br></br>
+: Affected: 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42,
+ 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
+
+: **important:** **<name name="CVE-2004-0113">mod_ssl memory
+ leak</name>**
+ [CVE-2004-0113](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0113)
+A memory leak in mod_ssl allows a remote denial of service attack against
+an SSL-enabled server by sending plain HTTP requests to the SSL port.
+
+: Issue public: 20th February 2004<br></br>Update released:
+ 19th March 2004<br></br>
+: Affected: 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42,
+ 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
+
+: **low:** **<name name="CVE-2003-0020">Error log escape
+ filtering</name>**
+ [CVE-2003-0020](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0020)
+Apache does not filter terminal escape sequences from error logs, which
+could make it easier for attackers to insert those sequences into terminal
+emulators containing vulnerabilities related to escape sequences.
+
+: Issue public: 24th February 2003<br></br>Update released:
+ 19th March 2004<br></br>
+: Affected: 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42,
+ 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
+
+# Fixed in Apache httpd 2.0.48 # {#2.0.48}
+
+: **low:** **<name name="CVE-2003-0542">Local configuration regular
+ expression overflow</name>**
+ [CVE-2003-0542](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0542)
+By using a regular expression with more than 9 captures a buffer overflow
+can occur in mod_alias or mod_rewrite. To exploit this an attacker would
+need to be able to create a carefully crafted configuration file (.htaccess
+or httpd.conf)
+
+: Reported to security team: 4th August 2003<br></br>Issue public:
+ 27th October 2003<br></br>Update released:
+ 27th October 2003<br></br>
+: Affected: 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40,
+ 2.0.39, 2.0.37, 2.0.36, 2.0.35
+
+: **moderate:** **<name name="CVE-2003-0789">CGI output information
+ leak</name>**
+ [CVE-2003-0789](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0789)
+A bug in mod_cgid mishandling of CGI redirect paths can result in CGI
+output going to the wrong client when a threaded MPM is used.
+
+: Reported to security team: 3rd October 2003<br></br>Issue public:
+ 27th October 2003<br></br>Update released:
+ 27th October 2003<br></br>
+: Affected: 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40,
+ 2.0.39, 2.0.37, 2.0.36, 2.0.35
+
+# Fixed in Apache httpd 2.0.47 # {#2.0.47}
+
+: **important:** **<name name="CVE-2003-0253">Remote DoS with multiple
+ Listen directives</name>**
+ [CVE-2003-0253](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0253)
+In a server with multiple listening sockets a certain error returned by
+accept() on a rarely access port can cause a temporary denial of service,
+due to a bug in the prefork MPM.
+
+: Reported to security team: 25th June 2003<br></br>Issue public:
+ 9th July 2003<br></br>Update released: 9th July 2003<br></br>
+: Affected: 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39,
+ 2.0.37, 2.0.36, 2.0.35
+
+: **low:** **<name name="CVE-2003-0192">mod_ssl renegotiation
+ issue</name>**
+ [CVE-2003-0192](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0192)
+A bug in the optional renegotiation code in mod_ssl included with Apache
+httpd can cause cipher suite restrictions to be ignored. This is triggered
+if optional renegotiation is used (SSLOptions +OptRenegotiate) along with
+verification of client certificates and a change to the cipher suite over
+the renegotiation.
+
+: Reported to security team: 30th April 2003<br></br>Issue public:
+ 9th July 2003<br></br>Update released: 9th July 2003<br></br>
+: Affected: 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39,
+ 2.0.37, 2.0.36, 2.0.35
+
+: **moderate:** **<name name="CVE-2003-0254">Remote DoS via IPv6 ftp
+ proxy</name>**
+ [CVE-2003-0254](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0254)
+When a client requests that proxy ftp connect to a ftp server with IPv6
+address, and the proxy is unable to create an IPv6 socket, an infinite loop
+occurs causing a remote Denial of Service.
+
+: Reported to security team: 25th June 2003<br></br>Issue public:
+ 9th July 2003<br></br>Update released: 9th July 2003<br></br>
+: Affected: 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39,
+ 2.0.37, 2.0.36, 2.0.35
+
+# Fixed in Apache httpd 2.0.46 # {#2.0.46}
+
+: **critical:** **<name name="CVE-2003-0245">APR remote crash</name>**
+
+ [CVE-2003-0245](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0245)
+A vulnerability in the apr_psprintf function in the Apache Portable Runtime
+(APR) library allows remote attackers to cause a denial of service (crash)
+and possibly execute arbitrary code via long strings, as demonstrated using
+XML objects to mod_dav, and possibly other vectors.
+
+: Reported to security team: 9th April 2003<br></br>Issue public:
+ 28th May 2003<br></br>Update released: 28th May 2003<br></br>
+: Affected: 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37
+
+: **important:** **<name name="CVE-2003-0189">Basic Authentication
+ DoS</name>**
+ [CVE-2003-0189](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0189)
+A build system problem in Apache 2.0.40 through 2.0.45 allows remote
+attackers to cause a denial of access to authenticated content when a
+threaded server is used.
+
+: Reported to security team: 25th April 2003<br></br>Issue public:
+ 28th May 2003<br></br>Update released: 28th May 2003<br></br>
+: Affected: 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40
+
+: **important:** **<name name="CVE-2003-0134">OS2 device name
+ DoS</name>**
+ [CVE-2003-0134](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0134)
+Apache on OS2 up to and including Apache 2.0.45 have a Denial of Service
+vulnerability caused by device names.
+
+: Issue public: 31st March 2003<br></br>Update released:
+ 28th May 2003<br></br>
+: Affected: 2.0.45, 2.0.44?, 2.0.43?, 2.0.42?, 2.0.40?, 2.0.39?,
+ 2.0.37?, 2.0.36?, 2.0.35?
+
[... 379 lines stripped ...]