You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by hu...@apache.org on 2012/05/06 15:14:50 UTC
svn commit: r1334622 [26/29] - in /httpd/site/trunk: cgi-bin/ content/
content/apreq/ content/apreq/docs/ content/apreq/docs/libapreq2/
content/contributors/ content/css/ content/dev/ content/dev/images/
content/dev/whiteboard/ content/docs-project/ co...
Added: httpd/site/trunk/content/security/vulnerabilities_22.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/security/vulnerabilities_22.xml?rev=1334622&view=auto
==============================================================================
--- httpd/site/trunk/content/security/vulnerabilities_22.xml (added)
+++ httpd/site/trunk/content/security/vulnerabilities_22.xml Sun May 6 13:14:42 2012
@@ -0,0 +1,1211 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<document>
+<properties>
+<author email="security@httpd.apache.org">Apache HTTP Server Security Team</author>
+<title>Apache httpd 2.2 vulnerabilities</title>
+</properties>
+<body>
+<section id="top">
+<title>Apache httpd 2.2 vulnerabilities</title>
+<p>This page lists all security vulnerabilities fixed in released
+versions of Apache httpd 2.2. Each
+vulnerability is given a security <a href="/security/impact_levels.html">impact rating</a> by the Apache
+security team - please note that this rating may well vary from
+platform to platform. We also list the versions of Apache httpd the
+flaw is known to affect, and where a flaw has not been verified list
+the version with a question mark. </p>
+<p> Please note that if a vulnerability is shown below as being fixed
+in a "-dev" release then this means that a fix has been applied to
+the development source tree and will be part of an upcoming full release.</p>
+<p> This page is created from a database of vulnerabilities originally
+populated by Apache Week. Please send comments or corrections for
+these vulnerabilities to the <a href="/security_report.html">Security
+Team</a>. </p>
+</section>
+<section id="2.2.22">
+<title>
+Fixed in Apache httpd 2.2.22</title>
+<dl>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2011-3607">mod_setenvif .htaccess privilege escalation</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3607">CVE-2011-3607</a>
+<p>
+An integer overflow flaw was found which, when the mod_setenvif module
+is enabled, could allow local users to gain privileges via a .htaccess
+file.
+</p>
+</dd>
+<dd>
+<p>Acknowledgements:
+This issue was reported by halfdog
+</p>
+</dd>
+<dd>
+ Reported to security team: 4th October 2011<br/>
+ Issue public: 2nd November 2011<br/>
+ Update released: 31st January 2012<br/>
+</dd>
+<dd>
+ Affected:
+ 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/>
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2012-0021">mod_log_config crash</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0021">CVE-2012-0021</a>
+<p>
+A flaw was found in mod_log_config. If the '%{cookiename}C' log format string
+is in use, a remote attacker could send a specific cookie causing a crash.
+This crash would only be a denial of service if using a threaded MPM.
+</p>
+</dd>
+<dd>
+ Reported to security team: 30th December 2011<br/>
+ Issue public: 28th November 2011<br/>
+ Update released: 31st January 2012<br/>
+</dd>
+<dd>
+ Affected:
+ 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17<p/>
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2012-0031">scoreboard parent DoS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0031">CVE-2012-0031</a>
+<p>
+A flaw was found in the handling of the scoreboard. An
+unprivileged child process could cause the parent process to crash at
+shutdown rather than terminate cleanly.
+</p>
+</dd>
+<dd>
+<p>Acknowledgements:
+This issue was reported by halfdog
+</p>
+</dd>
+<dd>
+ Reported to security team: 30th December 2011<br/>
+ Issue public: 11th January 2012<br/>
+ Update released: 31st January 2012<br/>
+</dd>
+<dd>
+ Affected:
+ 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/>
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2011-4317">mod_proxy reverse proxy exposure </name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317">CVE-2011-4317</a>
+<p>
+An additional exposure was found when using mod_proxy in reverse proxy
+mode. In certain configurations using RewriteRule with proxy flag or
+ProxyPassMatch, a remote attacker could cause the reverse proxy to
+connect to an arbitrary server, possibly disclosing sensitive
+information from internal web servers not directly accessible to
+attacker.
+</p>
+</dd>
+<dd>
+<p>Acknowledgements:
+This issue was reported by Prutha Parikh of Qualys
+</p>
+</dd>
+<dd>
+ Reported to security team: 20th October 2011<br/>
+ Issue public: 22nd January 2012<br/>
+ Update released: 31st January 2012<br/>
+</dd>
+<dd>
+ Affected:
+ 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/>
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2012-0053">error responses can expose cookies</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0053">CVE-2012-0053</a>
+<p>
+A flaw was found in the default error response for status code 400. This flaw could
+be used by an attacker to expose "httpOnly" cookies
+when no custom ErrorDocument is specified.
+</p>
+</dd>
+<dd>
+<p>Acknowledgements:
+This issue was reported by Norman Hippert
+</p>
+</dd>
+<dd>
+ Reported to security team: 15th January 2012<br/>
+ Issue public: 23rd January 2012<br/>
+ Update released: 31st January 2012<br/>
+</dd>
+<dd>
+ Affected:
+ 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/>
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2011-3368">mod_proxy reverse proxy exposure</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368">CVE-2011-3368</a>
+<p>
+An exposure was found when using mod_proxy in reverse proxy mode.
+In certain configurations using RewriteRule with proxy flag or
+ProxyPassMatch, a remote attacker could cause the reverse proxy to
+connect to an arbitrary server, possibly disclosing sensitive
+information from internal web servers not directly accessible to
+attacker.</p>
+</dd>
+<dd>
+<p>Acknowledgements:
+This issue was reported by Context Information Security Ltd
+</p>
+</dd>
+<dd>
+ Reported to security team: 16th September 2011<br/>
+ Issue public: 5th October 2011<br/>
+ Update released: 31st January 2012<br/>
+</dd>
+<dd>
+ Affected:
+ 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/>
+</dd>
+</dl>
+</section>
+<section id="2.2.21">
+<title>
+Fixed in Apache httpd 2.2.21</title>
+<dl>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2011-3348">mod_proxy_ajp remote DoS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3348">CVE-2011-3348</a>
+<p>
+A flaw was found when mod_proxy_ajp is used together with
+mod_proxy_balancer. Given a specific configuration, a remote attacker
+could send certain malformed HTTP requests, putting a backend server
+into an error state until the retry timeout expired.
+This could lead to a temporary denial of service.</p>
+</dd>
+<dd>
+ Reported to security team: 7th September 2011<br/>
+ Issue public: 14th September 2011<br/>
+ Update released: 14th September 2011<br/>
+</dd>
+<dd>
+ Affected:
+ 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12<p/>
+</dd>
+</dl>
+</section>
+<section id="2.2.20">
+<title>
+Fixed in Apache httpd 2.2.20</title>
+<dl>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2011-3192">Range header remote DoS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192">CVE-2011-3192</a>
+<p>
+A flaw was found in the way the Apache HTTP Server handled Range HTTP
+headers. A remote attacker could use this flaw to cause httpd to use
+an excessive amount of memory and CPU time via HTTP requests with a
+specially-crafted Range header. This could be used in a denial of
+service attack. </p>
+<p>
+Advisory: <a href="CVE-2011-3192.txt">CVE-2011-3192.txt</a>
+</p>
+</dd>
+<dd>
+ Issue public: 20th August 2011<br/>
+ Update released: 30th August 2011<br/>
+</dd>
+<dd>
+ Affected:
+ 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/>
+</dd>
+</dl>
+</section>
+<section id="2.2.19">
+<title>
+Fixed in Apache httpd 2.2.19</title>
+<dl>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2011-0419">apr_fnmatch flaw leads to mod_autoindex remote DoS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0419">CVE-2011-0419</a>
+<p>
+A flaw was found in the apr_fnmatch() function of the bundled APR
+library. Where mod_autoindex is enabled, and a directory indexed by
+mod_autoindex contained files with sufficiently long names, a
+remote attacker could send a carefully crafted request which would
+cause excessive CPU usage. This could be used in a denial of service
+attack.
+</p>
+<p>
+Workaround: Setting the 'IgnoreClient' option to the 'IndexOptions'
+directive disables processing of the client-supplied request query
+arguments, preventing this attack.
+</p>
+<p>
+Resolution: Update APR to release 1.4.5 (bundled with httpd 2.2.19)
+</p>
+</dd>
+<dd>
+<p>Acknowledgements:
+This issue was reported by Maksymilian Arciemowicz
+</p>
+</dd>
+<dd>
+ Reported to security team: 2nd March 2011<br/>
+ Issue public: 10th May 2011<br/>
+ Update released: 21st May 2011<br/>
+</dd>
+<dd>
+ Affected:
+ 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/>
+</dd>
+</dl>
+</section>
+<section id="2.2.17">
+<title>
+Fixed in Apache httpd 2.2.17</title>
+<dl>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2009-3720">expat DoS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720">CVE-2009-3720</a>
+<p>
+A buffer over-read flaw was found in the bundled expat
+library. An attacker who is able to get Apache to parse
+an untrused XML document (for example through mod_dav) may
+be able to cause a crash. This crash would only
+be a denial of service if using the worker MPM.
+</p>
+</dd>
+<dd>
+ Reported to security team: 21st August 2009<br/>
+ Issue public: 17th January 2009<br/>
+ Update released: 19th October 2010<br/>
+</dd>
+<dd>
+ Affected:
+ 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/>
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2009-3560">expat DoS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560">CVE-2009-3560</a>
+<p>
+A buffer over-read flaw was found in the bundled expat
+library. An attacker who is able to get Apache to parse
+an untrused XML document (for example through mod_dav) may
+be able to cause a crash. This crash would only
+be a denial of service if using the worker MPM.
+</p>
+</dd>
+<dd>
+ Issue public: 2nd December 2009<br/>
+ Update released: 19th October 2010<br/>
+</dd>
+<dd>
+ Affected:
+ 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/>
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2010-1623">apr_bridage_split_line DoS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1623">CVE-2010-1623</a>
+<p>
+A flaw was found in the apr_brigade_split_line() function of the bundled
+APR-util library, used to process non-SSL requests. A remote attacker
+could send requests, carefully crafting the timing of individual bytes,
+which would slowly consume memory, potentially leading to a denial of
+service.
+</p>
+</dd>
+<dd>
+ Reported to security team: 3rd March 2010<br/>
+ Issue public: 1st October 2010<br/>
+ Update released: 19th October 2010<br/>
+</dd>
+<dd>
+ Affected:
+ 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/>
+</dd>
+</dl>
+</section>
+<section id="2.2.16">
+<title>
+Fixed in Apache httpd 2.2.16</title>
+<dl>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2010-2068">Timeout detection flaw (mod_proxy_http)</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2068">CVE-2010-2068</a>
+<p>
+An information disclosure flaw was found in mod_proxy_http in versions
+2.2.9 through 2.2.15, 2.3.4-alpha and 2.3.5-alpha. Under certain timeout
+conditions, the server could return a response intended for another user.
+Only Windows, Netware and OS2 operating systems are affected. Only those
+configurations which trigger the use of proxy worker pools are affected.
+There was no vulnerability on earlier versions, as proxy pools were not
+yet introduced. The simplest workaround is to globally configure;</p>
+<p>SetEnv proxy-nokeepalive 1</p>
+<p>Source code patches are at;</p>
+<ul>
+<li>
+<a href="http://www.apache.org/dist/httpd/patches/apply_to_2.2.15/CVE-2010-2068-r953616.patch">http://www.apache.org/dist/httpd/patches/apply_to_2.2.15/CVE-2010-2068-r953616.patch</a>
+</li>
+<li>
+<a href="http://www.apache.org/dist/httpd/patches/apply_to_2.3.5/CVE-2010-2068-r953418.patch">http://www.apache.org/dist/httpd/patches/apply_to_2.3.5/CVE-2010-2068-r953418.patch</a>
+</li>
+</ul>
+<p>Binary replacement modules are at</p>
+<ul>
+<li>
+<a href="http://www.apache.org/dist/httpd/binaries/win32/mod_proxy_http-CVE-2010-2068.zip">http://www.apache.org/dist/httpd/binaries/win32/mod_proxy_http-CVE-2010-2068.zip</a>
+</li>
+</ul>
+</dd>
+<dd>
+<p>Acknowledgements:
+We would like to thank Loren Anderson for the detailed analysis and
+reporting of this issue.
+</p>
+</dd>
+<dd>
+ Issue public: 9th June 2010<br/>
+ Update released: 25th July 2010<br/>
+</dd>
+<dd>
+ Affected:
+ 2.3.5-alpha, 2.3.4-alpha, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9<p/>
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2010-1452">mod_cache and mod_dav DoS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1452">CVE-2010-1452</a>
+<p>
+A flaw was found in the handling of requests by mod_cache and mod_dav.
+A malicious remote attacker could send a carefully crafted request and
+cause a httpd child process to crash. This crash would only
+be a denial of service if using the worker MPM. This issue is further
+mitigated as mod_dav is only affected by requests that are most likely
+to be authenticated, and mod_cache is only affected if the uncommon
+"CacheIgnoreURLSessionIdentifiers" directive, introduced in
+version 2.2.14, is used.
+</p>
+</dd>
+<dd>
+<p>Acknowledgements:
+This issue was reported by Mark Drayton.
+</p>
+</dd>
+<dd>
+ Reported to security team: 4th May 2010<br/>
+ Issue public: 25th July 2010<br/>
+ Update released: 25th July 2010<br/>
+</dd>
+<dd>
+ Affected:
+ 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/>
+</dd>
+</dl>
+</section>
+<section id="2.2.15">
+<title>
+Fixed in Apache httpd 2.2.15</title>
+<dl>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2010-0425">mod_isapi module unload flaw</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0425">CVE-2010-0425</a>
+<p>
+A flaw was found with within mod_isapi which would attempt to unload the ISAPI dll when it
+encountered various error states. This could leave the callbacks in an
+undefined state and result in a segfault. On Windows platforms using mod_isapi, a
+remote attacker could send a malicious request to trigger this issue, and as win32 MPM runs only one
+process, this would result in a denial of service, and potentially allow
+arbitrary code execution.
+</p>
+</dd>
+<dd>
+<p>Acknowledgements:
+We would like to thank Brett Gervasoni of Sense of Security for reporting and
+proposing a patch fix for this issue.
+</p>
+</dd>
+<dd>
+ Reported to security team: 9th February 2010<br/>
+ Issue public: 2nd March 2010<br/>
+ Update released: 5th March 2010<br/>
+</dd>
+<dd>
+ Affected:
+ 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/>
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2010-0434">Subrequest handling of request headers (mod_headers)</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0434">CVE-2010-0434</a>
+<p>
+A flaw in the core subrequest process code was fixed, to always provide a shallow copy of the headers_in
+array to the subrequest, instead of a pointer to the parent request's array
+as it had for requests without request bodies. This meant all modules such
+as mod_headers which may manipulate the input headers for a subrequest would
+poison the parent request in two ways, one by modifying the parent request,
+which might not be intended, and second by leaving pointers to modified header
+fields in memory allocated to the subrequest scope, which could be freed
+before the main request processing was finished, resulting in a segfault or
+in revealing data from another request on threaded servers, such as the worker
+or winnt MPMs.
+</p>
+</dd>
+<dd>
+<p>Acknowledgements:
+We would like to thank Philip Pickett of VMware for reporting and proposing a
+fix for this issue.
+</p>
+</dd>
+<dd>
+ Issue public: 9th December 2009<br/>
+ Update released: 5th March 2010<br/>
+</dd>
+<dd>
+ Affected:
+ 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/>
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2010-0408">mod_proxy_ajp DoS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0408">CVE-2010-0408</a>
+<p>
+mod_proxy_ajp would return the wrong status code if it encountered
+an error, causing a backend server to be put into an error state until
+the retry timeout expired. A remote attacker could send malicious requests
+to trigger this issue, resulting in denial of service.
+</p>
+</dd>
+<dd>
+<p>Acknowledgements:
+We would like to thank Niku Toivola of Sulake Corporation for reporting and
+proposing a patch fix for this issue.
+</p>
+</dd>
+<dd>
+ Reported to security team: 2nd February 2010<br/>
+ Issue public: 2nd March 2010<br/>
+ Update released: 5th March 2010<br/>
+</dd>
+<dd>
+ Affected:
+ 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/>
+</dd>
+</dl>
+</section>
+<section id="2.2.14">
+<title>
+Fixed in Apache httpd 2.2.14</title>
+<dl>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2009-3094">mod_proxy_ftp DoS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094">CVE-2009-3094</a>
+<p>
+A NULL pointer dereference flaw was found in the mod_proxy_ftp
+module. A malicious FTP server to which requests are being proxied
+could use this flaw to crash an httpd child process via a malformed
+reply to the EPSV or PASV commands, resulting in a limited denial of
+service.
+</p>
+</dd>
+<dd>
+ Reported to security team: 4th September 2009<br/>
+ Issue public: 2nd August 2009<br/>
+ Update released: 5th October 2009<br/>
+</dd>
+<dd>
+ Affected:
+ 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/>
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2009-3095">mod_proxy_ftp FTP command injection</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095">CVE-2009-3095</a>
+<p>
+A flaw was found in the mod_proxy_ftp module. In a reverse proxy
+configuration, a remote attacker could use this flaw to bypass
+intended access restrictions by creating a carefully-crafted HTTP
+Authorization header, allowing the attacker to send arbitrary commands
+to the FTP server.
+</p>
+</dd>
+<dd>
+ Reported to security team: 3rd September 2009<br/>
+ Issue public: 3rd August 2009<br/>
+ Update released: 5th October 2009<br/>
+</dd>
+<dd>
+ Affected:
+ 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/>
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2009-2699">Solaris pollset DoS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2699">CVE-2009-2699</a>
+<p>Faulty error handling was found affecting Solaris pollset support
+(Event Port backend) caused by a bug in APR. A remote attacker
+could trigger this issue on Solaris servers which used prefork or
+event MPMs, resulting in a denial of service.
+</p>
+</dd>
+<dd>
+ Reported to security team: 5th August 2009<br/>
+ Issue public: 23rd September 2009<br/>
+ Update released: 5th October 2009<br/>
+</dd>
+<dd>
+ Affected:
+ 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/>
+</dd>
+</dl>
+</section>
+<section id="2.2.13">
+<title>
+Fixed in Apache httpd 2.2.13</title>
+<dl>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2009-2412">APR apr_palloc heap overflow</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412">CVE-2009-2412</a>
+<p>
+A flaw in apr_palloc() in the bundled copy of APR could
+cause heap overflows in programs that try to apr_palloc() a user
+controlled size. The Apache HTTP Server itself does not pass
+unsanitized user-provided sizes to this function, so it could only
+be triggered through some other application which uses apr_palloc()
+in a vulnerable way.
+</p>
+</dd>
+<dd>
+ Reported to security team: 27th July 2009<br/>
+ Issue public: 4th August 2009<br/>
+ Update released: 9th August 2009<br/>
+</dd>
+<dd>
+ Affected:
+ 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/>
+</dd>
+</dl>
+</section>
+<section id="2.2.12">
+<title>
+Fixed in Apache httpd 2.2.12</title>
+<dl>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2009-1890">mod_proxy reverse proxy DoS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1890">CVE-2009-1890</a>
+<p>
+A denial of service flaw was found in the mod_proxy module when it was
+used as a reverse proxy. A remote attacker could use this flaw to
+force a proxy process to consume large amounts of CPU time.
+</p>
+</dd>
+<dd>
+ Reported to security team: 30th June 2009<br/>
+ Issue public: 2nd July 2009<br/>
+ Update released: 27th July 2009<br/>
+</dd>
+<dd>
+ Affected:
+ 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/>
+</dd>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2009-1191">mod_proxy_ajp information disclosure</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1191">CVE-2009-1191</a>
+<p>
+An information disclosure flaw was found in mod_proxy_ajp in version
+2.2.11 only. In certain
+situations, if a user sent a carefully crafted HTTP request, the server
+could return a response intended for another user.
+</p>
+</dd>
+<dd>
+ Reported to security team: 5th March 2009<br/>
+ Issue public: 21st April 2009<br/>
+ Update released: 27th July 2009<br/>
+</dd>
+<dd>
+ Affected:
+ 2.2.11<p/>
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2009-1891">mod_deflate DoS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891">CVE-2009-1891</a>
+<p>
+A denial of service flaw was found in the mod_deflate module. This
+module continued to compress large files until compression was
+complete, even if the network connection that requested the content
+was closed before compression completed. This would cause mod_deflate
+to consume large amounts of CPU if mod_deflate was enabled for a large
+file.</p>
+</dd>
+<dd>
+ Issue public: 26th June 2009<br/>
+ Update released: 27th July 2009<br/>
+</dd>
+<dd>
+ Affected:
+ 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/>
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2009-1195">AllowOverride Options handling bypass</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1195">CVE-2009-1195</a>
+<p>
+A flaw was found in the handling of the "Options" and "AllowOverride"
+directives. In configurations using the "AllowOverride" directive
+with certain "Options=" arguments, local users were not restricted
+from executing commands from a Server-Side-Include script as intended.
+</p>
+</dd>
+<dd>
+ Reported to security team: 9th March 2009<br/>
+ Issue public: 22nd April 2009<br/>
+ Update released: 27th July 2009<br/>
+</dd>
+<dd>
+ Affected:
+ 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/>
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2009-1956">APR-util off-by-one overflow</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1956">CVE-2009-1956</a>
+<p>
+An off-by-one overflow flaw was found in the way the bundled copy of
+the APR-util library processed a variable list of arguments. An
+attacker could provide a specially-crafted string as input for the
+formatted output conversion routine, which could, on big-endian
+platforms, potentially lead to the disclosure of sensitive information
+or a denial of service.
+</p>
+</dd>
+<dd>
+ Issue public: 24th April 2009<br/>
+ Update released: 72th 2009<br/>
+</dd>
+<dd>
+ Affected:
+ 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/>
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2009-1955">APR-util XML DoS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955">CVE-2009-1955</a>
+<p>
+A denial of service flaw was found in the bundled copy of the APR-util
+library Extensible Markup Language (XML) parser. A remote attacker
+could create a specially-crafted XML document that would cause
+excessive memory consumption when processed by the XML decoding
+engine.
+</p>
+</dd>
+<dd>
+ Issue public: 1st June 2009<br/>
+ Update released: 27th July 2009<br/>
+</dd>
+<dd>
+ Affected:
+ 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/>
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2009-0023">APR-util heap underwrite</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0023">CVE-2009-0023</a>
+<p>
+A heap-based underwrite flaw was found in the way the bundled copy of
+the APR-util library created compiled forms of particular search
+patterns. An attacker could formulate a specially-crafted search
+keyword, that would overwrite arbitrary heap memory locations when
+processed by the pattern preparation engine.
+</p>
+</dd>
+<dd>
+ Issue public: 1st June 2009<br/>
+ Update released: 27th July 2009<br/>
+</dd>
+<dd>
+ Affected:
+ 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/>
+</dd>
+</dl>
+</section>
+<section id="2.2.10">
+<title>
+Fixed in Apache httpd 2.2.10</title>
+<dl>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2010-2791">Timeout detection flaw (mod_proxy_http)</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2791">CVE-2010-2791</a>
+<p>
+An information disclosure flaw was found in mod_proxy_http in version
+2.2.9 only, on Unix platforms. Under certain timeout
+conditions, the server could return a response intended for another user.
+Only those configurations which trigger the use of proxy worker pools
+are affected. There was no vulnerability on earlier versions, as
+proxy pools were not yet introduced. The simplest workaround is to
+globally configure:</p>
+<p>SetEnv proxy-nokeepalive 1</p>
+</dd>
+<dd>
+ Issue public: 23rd July 2010<br/>
+ Update released: 31st October 2008<br/>
+</dd>
+<dd>
+ Affected:
+ 2.2.9<p/>
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2008-2939">mod_proxy_ftp globbing XSS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939">CVE-2008-2939</a>
+<p>
+A flaw was found in the handling of wildcards in the path of a FTP
+URL with mod_proxy_ftp. If mod_proxy_ftp is enabled to support
+FTP-over-HTTP, requests containing globbing characters could lead
+to cross-site scripting (XSS) attacks.</p>
+</dd>
+<dd>
+ Reported to security team: 28th July 2008<br/>
+ Issue public: 5th August 2008<br/>
+ Update released: 31st October 2008<br/>
+</dd>
+<dd>
+ Affected:
+ 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/>
+</dd>
+</dl>
+</section>
+<section id="2.2.9">
+<title>
+Fixed in Apache httpd 2.2.9</title>
+<dl>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2007-6420">mod_proxy_balancer CSRF</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6420">CVE-2007-6420</a>
+<p>
+The mod_proxy_balancer provided an administrative interface that could be
+vulnerable to cross-site request forgery (CSRF) attacks.
+</p>
+</dd>
+<dd>
+ Reported to security team: 12th October 2007<br/>
+ Issue public: 9th January 2008<br/>
+ Update released: 14th June 2008<br/>
+</dd>
+<dd>
+ Affected:
+ 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/>
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2008-2364">mod_proxy_http DoS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364">CVE-2008-2364</a>
+<p>
+A flaw was found in the handling of excessive interim responses
+from an origin server when using mod_proxy_http. A remote attacker
+could cause a denial of service or high memory usage.</p>
+</dd>
+<dd>
+ Reported to security team: 29th May 2008<br/>
+ Issue public: 10th June 2008<br/>
+ Update released: 14th June 2008<br/>
+</dd>
+<dd>
+ Affected:
+ 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/>
+</dd>
+</dl>
+</section>
+<section id="2.2.8">
+<title>
+Fixed in Apache httpd 2.2.8</title>
+<dl>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2008-0005">mod_proxy_ftp UTF-7 XSS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005">CVE-2008-0005</a>
+<p>
+A workaround was added in the mod_proxy_ftp module. On sites where
+mod_proxy_ftp is enabled and a forward proxy is configured, a
+cross-site scripting attack is possible against Web browsers which do
+not correctly derive the response character set following the rules in
+RFC 2616.
+</p>
+</dd>
+<dd>
+ Reported to security team: 15th December 2007<br/>
+ Issue public: 8th January 2008<br/>
+ Update released: 19th January 2008<br/>
+</dd>
+<dd>
+ Affected:
+ 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/>
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2007-6422">mod_proxy_balancer DoS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6422">CVE-2007-6422</a>
+<p>
+A flaw was found in the mod_proxy_balancer module. On sites where
+mod_proxy_balancer is enabled, an authorized user could send a carefully
+crafted request that would cause the Apache child process handling that
+request to crash. This could lead to a denial of service if using a
+threaded Multi-Processing Module. </p>
+</dd>
+<dd>
+ Reported to security team: 12th December 2007<br/>
+ Issue public: 2nd January 2008<br/>
+ Update released: 19th January 2008<br/>
+</dd>
+<dd>
+ Affected:
+ 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/>
+</dd>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2007-6421">mod_proxy_balancer XSS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6421">CVE-2007-6421</a>
+<p>
+A flaw was found in the mod_proxy_balancer module. On sites where
+mod_proxy_balancer is enabled, a cross-site scripting attack against an
+authorized user is possible. </p>
+</dd>
+<dd>
+ Reported to security team: 12th December 2007<br/>
+ Issue public: 2nd January 2008<br/>
+ Update released: 19th January 2008<br/>
+</dd>
+<dd>
+ Affected:
+ 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/>
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2007-6388">mod_status XSS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388">CVE-2007-6388</a>
+<p>
+A flaw was found in the mod_status module. On sites where mod_status is
+enabled and the status pages were publicly accessible, a cross-site
+scripting attack is possible.
+Note that the server-status page is not enabled by default and it is best practice to not make this publicly available.</p>
+</dd>
+<dd>
+ Reported to security team: 15th December 2007<br/>
+ Issue public: 2nd January 2008<br/>
+ Update released: 19th January 2008<br/>
+</dd>
+<dd>
+ Affected:
+ 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/>
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2007-5000">mod_imagemap XSS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000">CVE-2007-5000</a>
+<p>
+A flaw was found in the mod_imagemap module. On sites where
+mod_imagemap is enabled and an imagemap file is publicly available, a
+cross-site scripting attack is possible.</p>
+</dd>
+<dd>
+ Reported to security team: 23rd October 2007<br/>
+ Issue public: 11th December 2007<br/>
+ Update released: 19th January 2008<br/>
+</dd>
+<dd>
+ Affected:
+ 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/>
+</dd>
+</dl>
+</section>
+<section id="2.2.6">
+<title>
+Fixed in Apache httpd 2.2.6</title>
+<dl>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2007-3847">mod_proxy crash</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847">CVE-2007-3847</a>
+<p>
+A flaw was found in the Apache HTTP Server mod_proxy module. On sites where
+a reverse proxy is configured, a remote attacker could send a carefully
+crafted request that would cause the Apache child process handling that
+request to crash. On sites where a forward proxy is configured, an attacker
+could cause a similar crash if a user could be persuaded to visit a
+malicious site using the proxy. This could lead to a denial of service if
+using a threaded Multi-Processing Module.</p>
+</dd>
+<dd>
+ Issue public: 10th December 2006<br/>
+ Update released: 7th September 2007<br/>
+</dd>
+<dd>
+ Affected:
+ 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/>
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2006-5752">mod_status cross-site scripting</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752">CVE-2006-5752</a>
+<p>
+A flaw was found in the mod_status module. On sites where the
+server-status page is publicly accessible and ExtendedStatus is
+enabled this could lead to a cross-site scripting attack.
+Note that the server-status
+page is not enabled by default and it is best practice to not make
+this publicly available.</p>
+</dd>
+<dd>
+ Reported to security team: 19th October 2006<br/>
+ Issue public: 20th June 2007<br/>
+ Update released: 7th September 2007<br/>
+</dd>
+<dd>
+ Affected:
+ 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/>
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2007-3304">Signals to arbitrary processes</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304">CVE-2007-3304</a>
+<p>The Apache HTTP server did not verify that a process
+was an Apache child process before sending it signals. A local
+attacker with the ability to run scripts on the HTTP server could
+manipulate the scoreboard and cause arbitrary processes to be
+terminated which could lead to a denial of service.</p>
+</dd>
+<dd>
+ Reported to security team: 15th May 2006<br/>
+ Issue public: 19th June 2007<br/>
+ Update released: 7th September 2007<br/>
+</dd>
+<dd>
+ Affected:
+ 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/>
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2007-1862">mod_cache information leak</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1862">CVE-2007-1862</a>
+<p>The recall_headers function in mod_mem_cache in Apache 2.2.4 did not
+properly copy all levels of header data, which can cause Apache to
+return HTTP headers containing previously used data, which could be
+used by remote attackers to obtain potentially sensitive information.
+</p>
+</dd>
+<dd>
+ Reported to security team: 26th April 2007<br/>
+ Issue public: 1st June 2007<br/>
+ Update released: 7th September 2007<br/>
+</dd>
+<dd>
+ Affected:
+ 2.2.4<p/>
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2007-1863">mod_cache proxy DoS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863">CVE-2007-1863</a>
+<p>A bug was found in the mod_cache module. On sites where
+caching is enabled, a remote attacker could send a carefully crafted
+request that would cause the Apache child process handling that request to
+crash. This could lead to a denial of service if using a threaded
+Multi-Processing Module.</p>
+</dd>
+<dd>
+ Reported to security team: 2nd May 2007<br/>
+ Issue public: 18th June 2007<br/>
+ Update released: 7th September 2007<br/>
+</dd>
+<dd>
+ Affected:
+ 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/>
+</dd>
+</dl>
+</section>
+<section id="2.2.3">
+<title>
+Fixed in Apache httpd 2.2.3</title>
+<dl>
+<dd>
+<b>important: </b>
+<b>
+<name name="CVE-2006-3747">mod_rewrite off-by-one error</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3747">CVE-2006-3747</a>
+<p>
+An off-by-one flaw exists in the Rewrite module, mod_rewrite.
+Depending on the manner in which Apache httpd was compiled, this
+software defect may result in a vulnerability which, in combination
+with certain types of Rewrite rules in the web server configuration
+files, could be triggered remotely. For vulnerable builds, the nature
+of the vulnerability can be denial of service (crashing of web server
+processes) or potentially allow arbitrary code execution.
+</p>
+</dd>
+<dd>
+ Reported to security team: 21st July 2006<br/>
+ Issue public: 27th July 2006<br/>
+ Update released: 27th July 2006<br/>
+</dd>
+<dd>
+ Affected:
+ 2.2.2, 2.2.0<p/>
+</dd>
+</dl>
+</section>
+<section id="2.2.2">
+<title>
+Fixed in Apache httpd 2.2.2</title>
+<dl>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2005-3357">mod_ssl access control DoS</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3357">CVE-2005-3357</a>
+<p>
+A NULL pointer dereference flaw in mod_ssl was discovered affecting server
+configurations where an SSL virtual host is configured with access control
+and a custom 400 error document. A remote attacker could send a carefully
+crafted request to trigger this issue which would lead to a crash. This
+crash would only be a denial of service if using the worker MPM.
+</p>
+</dd>
+<dd>
+ Reported to security team: 5th December 2005<br/>
+ Issue public: 12th December 2005<br/>
+ Update released: 1st May 2006<br/>
+</dd>
+<dd>
+ Affected:
+ 2.2.0<p/>
+</dd>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2005-3352">mod_imap Referer Cross-Site Scripting</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352">CVE-2005-3352</a>
+<p>
+A flaw in mod_imap when using the Referer directive with image maps.
+In certain site configurations a remote attacker could perform a cross-site
+scripting attack if a victim can be forced to visit a malicious
+URL using certain web browsers.
+</p>
+</dd>
+<dd>
+ Reported to security team: 1st November 2005<br/>
+ Issue public: 12th December 2005<br/>
+ Update released: 1st May 2006<br/>
+</dd>
+<dd>
+ Affected:
+ 2.2.0<p/>
+</dd>
+</dl>
+</section>
+</body>
+</document>
Propchange: httpd/site/trunk/content/security/vulnerabilities_22.xml
------------------------------------------------------------------------------
svn:eol-style = native
Added: httpd/site/trunk/content/security/vulnerabilities_24.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/security/vulnerabilities_24.xml?rev=1334622&view=auto
==============================================================================
--- httpd/site/trunk/content/security/vulnerabilities_24.xml (added)
+++ httpd/site/trunk/content/security/vulnerabilities_24.xml Sun May 6 13:14:42 2012
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<document>
+<properties>
+<author email="security@httpd.apache.org">Apache HTTP Server Security Team</author>
+<title>Apache httpd 2.4 vulnerabilities</title>
+</properties>
+<body>
+<section id="top">
+<title>Apache httpd 2.4 vulnerabilities</title>
+<p>This page lists all security vulnerabilities fixed in released
+versions of Apache httpd 2.4. Each
+vulnerability is given a security <a href="/security/impact_levels.html">impact rating</a> by the Apache
+security team - please note that this rating may well vary from
+platform to platform. We also list the versions of Apache httpd the
+flaw is known to affect, and where a flaw has not been verified list
+the version with a question mark. </p>
+<p> Please note that if a vulnerability is shown below as being fixed
+in a "-dev" release then this means that a fix has been applied to
+the development source tree and will be part of an upcoming full release.</p>
+<p> This page is created from a database of vulnerabilities originally
+populated by Apache Week. Please send comments or corrections for
+these vulnerabilities to the <a href="/security_report.html">Security
+Team</a>. </p>
+<p><em>The initial GA release, Apache httpd 2.4.1, includes fixes for all vulnerabilities which have been resolved in Apache httpd 2.2.22 and all older releases. Consult the <a href="vulnerabilities_22.html">Apache httpd 2.2 vulnerabilities list</a> for more information.</em></p>
+</section>
+<section id="2.4.2">
+<title>
+Fixed in Apache httpd 2.4.2</title>
+<dl>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2012-0883">insecure LD_LIBRARY_PATH handling</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0883">CVE-2012-0883</a>
+<p>
+Insecure handling of LD_LIBRARY_PATH was found that could
+lead to the current working directory to be searched for DSOs.
+This could allow a local user to execute code as root if an
+administrator runs apachectl from an untrusted directory.
+</p>
+</dd>
+<dd>
+ Reported to security team: 14th February 2012<br/>
+ Issue public: 2nd March 2012<br/>
+ Update released: 17th April 2012<br/>
+</dd>
+<dd>
+ Affected:
+ 2.4.1<p/>
+</dd>
+</dl>
+</section>
+</body>
+</document>
Propchange: httpd/site/trunk/content/security/vulnerabilities_24.xml
------------------------------------------------------------------------------
svn:eol-style = native
Added: httpd/site/trunk/content/security_report.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/security_report.xml?rev=1334622&view=auto
==============================================================================
--- httpd/site/trunk/content/security_report.xml (added)
+++ httpd/site/trunk/content/security_report.xml Sun May 6 13:14:42 2012
@@ -0,0 +1,76 @@
+<?xml version="1.0"?>
+<document>
+ <properties>
+ <author email="docs@httpd.apache.org">Documentation Group</author>
+ <title>Reporting Security Problems with Apache</title>
+ </properties>
+<body>
+<section id="discovering">
+<title>Security Updates</title>
+
+<p>Lists of security problems fixed in released versions of the Apache HTTP
+Server are available:</p>
+<ul>
+ <li><a href="/security/vulnerabilities_24.html">Apache 2.4
+Security Vulnerabilities</a></li>
+ <li><a href="/security/vulnerabilities_22.html">Apache 2.2
+Security Vulnerabilities</a></li>
+ <li><a href="/security/vulnerabilities_20.html">Apache 2.0
+Security Vulnerabilities</a></li>
+ <li><a href="/security/vulnerabilities_13.html">Apache 1.3
+Security Vulnerabilities</a></li>
+</ul>
+
+<p>To get notification of when new security issues are fixed, join
+the <a href="http://httpd.apache.org/lists.html#http-announce">Apache HTTP Server Announcements list</a></p>
+
+</section>
+
+<section id="reporting">
+<title>Reporting New Security Problems with the Apache HTTP Server</title>
+<p>The Apache Software Foundation takes a very active stance in eliminating
+security problems and denial of service attacks against the Apache HTTP
+server.</p>
+
+<p>We strongly encourage folks to report such problems to the private
+security mailing list of the ASF Security Team, before disclosing them
+in a public forum.</p>
+
+<p>Please see the page of the <a href="http://www.apache.org/security/">ASF
+Security Team</a> for further information and contact information.
+</p>
+
+<p><strong>The Security Team cannot accept regular bug reports or other
+queries, we ask that you use our <a href="/bug_report.html">bug
+reporting page</a> for those. <font color="red">All mail sent to the
+Security Team that does not relate to security problems in Apache software
+will be ignored.</font></strong></p>
+
+<p>Note that all networked servers are subject to denial of service
+attacks, and we cannot promise magic workarounds to generic problems
+(such as a client streaming lots of data to your server, or re-requesting
+the same URL repeatedly). In general our philosophy is to avoid any
+attacks which can cause the server to consume resources in a non-linear
+relationship to the size of inputs.</p>
+
+<p><a
+href="http://httpd.apache.org/docs/trunk/misc/security_tips.html">More
+security tips</a></p>
+
+</section>
+
+<section id="standards">
+<title>Security Standards</title>
+
+<p>Apache HTTP Server vulnerabilities are labelled with
+<a href="http://cve.mitre.org">CVE</a>
+(Common Vulnerabilities and Exposures) identifiers.</p>
+
+<p>Experimental
+<a href="/security/vulnerabilities-oval.xml">OVAL definitions</a>
+are available for Apache HTTP Server vulnerabilities</p>
+
+</section>
+
+</body>
+</document>
Propchange: httpd/site/trunk/content/security_report.xml
------------------------------------------------------------------------------
svn:eol-style = native