You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ji...@apache.org on 2006/05/17 14:26:23 UTC
svn commit: r407233 - in /httpd/site/trunk: docs/ docs/security/ xdocs/
xdocs/security/
Author: jim
Date: Wed May 17 05:26:22 2006
New Revision: 407233
URL: http://svn.apache.org/viewcvs?rev=407233&view=rev
Log:
Announce 1.3.36
Modified:
httpd/site/trunk/docs/download.html
httpd/site/trunk/docs/index.html
httpd/site/trunk/docs/security/vulnerabilities_13.html
httpd/site/trunk/docs/security/vulnerabilities_20.html
httpd/site/trunk/docs/security/vulnerabilities_22.html
httpd/site/trunk/xdocs/download.xml
httpd/site/trunk/xdocs/index.xml
httpd/site/trunk/xdocs/security/vulnerabilities_22.xml
Modified: httpd/site/trunk/docs/download.html
URL: http://svn.apache.org/viewcvs/httpd/site/trunk/docs/download.html?rev=407233&r1=407232&r2=407233&view=diff
==============================================================================
--- httpd/site/trunk/docs/download.html (original)
+++ httpd/site/trunk/docs/download.html Wed May 17 05:26:22 2006
@@ -196,14 +196,14 @@
<table border="0" cellspacing="0" cellpadding="2" width="100%">
<tr><td bgcolor="#828DA6">
<font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="apache13"><strong>Apache 1.3.35 is also available</strong></a>
+ <a name="apache13"><strong>Apache 1.3.36 is also available</strong></a>
</font>
</td></tr>
<tr><td>
<blockquote>
-<p>Apache 1.3.35 is the best available version of the 1.3 series, and
-is recommended over all previous 1.3 releases. This release adds several
-enhancements, fixes a number of bugs and addresses 1 security issues.</p>
+<p>Apache 1.3.36 is the best available version of the 1.3 series, and
+is recommended over all previous 1.3 releases. This release fixes
+an unexpected and unwanted regression introduced in 1.3.35.</p>
<p>For additional details, read the <a href="http://www.apache.org/dist/httpd/Announcement1.3.html">Official
Announcement</a>.</p>
<p>The Apache 1.3 series is being actively maintained, and
@@ -212,18 +212,18 @@
Significantly new features are unlikely to be added to 1.3
in preference to 2.0, although important new features and
enhancements will be seriously considered for inclusion in 1.3.</p>
-<p>Use the Apache 1.3.35 version if you need to use third party
+<p>Use the Apache 1.3.36 version if you need to use third party
modules that are not yet available as an Apache 2.x module. Apache
1.3 is not compatibile with Apache 2.x modules.</p>
<ul>
-<li>Unix Source: <a href="[preferred]/httpd/apache_1.3.35.tar.gz">apache_1.3.35.tar.gz</a>
-[<a href="http://www.apache.org/dist/httpd/apache_1.3.35.tar.gz.asc">PGP</a>] [<a href="http://www.apache.org/dist/httpd/apache_1.3.35.tar.gz.md5">MD5</a>]</li>
+<li>Unix Source: <a href="[preferred]/httpd/apache_1.3.36.tar.gz">apache_1.3.36.tar.gz</a>
+[<a href="http://www.apache.org/dist/httpd/apache_1.3.36.tar.gz.asc">PGP</a>] [<a href="http://www.apache.org/dist/httpd/apache_1.3.36.tar.gz.md5">MD5</a>]</li>
-<li>Unix Source: <a href="[preferred]/httpd/apache_1.3.35.tar.Z">apache_1.3.35.tar.Z</a>
-[<a href="http://www.apache.org/dist/httpd/apache_1.3.35.tar.Z.asc">PGP</a>] [<a href="http://www.apache.org/dist/httpd/apache_1.3.35.tar.Z.md5">MD5</a>]</li>
+<li>Unix Source: <a href="[preferred]/httpd/apache_1.3.36.tar.Z">apache_1.3.36.tar.Z</a>
+[<a href="http://www.apache.org/dist/httpd/apache_1.3.36.tar.Z.asc">PGP</a>] [<a href="http://www.apache.org/dist/httpd/apache_1.3.36.tar.Z.md5">MD5</a>]</li>
-<li>Win32 Binary (Self extracting): <a href="[preferred]/httpd/binaries/win32/apache_1.3.35-win32-x86-no_src.exe">apache_1.3.35-win32-x86-no_src.exe</a> [<a href="http://www.apache.org/dist/httpd/binaries/win32/apache_1.3.35-win32-x86-no_src.exe.asc">PGP</a>]
-[<a href="http://www.apache.org/dist/httpd/binaries/win32/apache_1.3.35-win32-x86-no_src.exe.md5">MD5</a>]</li>
+<li>Win32 Binary (Self extracting): <a href="[preferred]/httpd/binaries/win32/apache_1.3.36-win32-x86-no_src.exe">apache_1.3.36-win32-x86-no_src.exe</a> [<a href="http://www.apache.org/dist/httpd/binaries/win32/apache_1.3.36-win32-x86-no_src.exe.asc">PGP</a>]
+[<a href="http://www.apache.org/dist/httpd/binaries/win32/apache_1.3.36-win32-x86-no_src.exe.md5">MD5</a>]</li>
<li><a href="[preferred]/httpd/">Other files</a></li>
</ul>
@@ -263,7 +263,7 @@
</code></p>
<ul>
<li>httpd-2.0.55.tar.gz is signed by William Rowe <code>10FDE075</code></li>
-<li>httpd-1.3.35.tar.gz is signed by Jim Jagielski <code>08C975E5</code></li>
+<li>httpd-1.3.36.tar.gz is signed by Jim Jagielski <code>08C975E5</code></li>
</ul>
<p>Alternatively, you can verify the MD5 signature on the files. A
unix program called <code>md5</code> or <code>md5sum</code> is
Modified: httpd/site/trunk/docs/index.html
URL: http://svn.apache.org/viewcvs/httpd/site/trunk/docs/index.html?rev=407233&r1=407232&r2=407233&view=diff
==============================================================================
--- httpd/site/trunk/docs/index.html (original)
+++ httpd/site/trunk/docs/index.html Wed May 17 05:26:22 2006
@@ -127,22 +127,22 @@
<table border="0" cellspacing="0" cellpadding="2" width="100%">
<tr><td bgcolor="#525D76">
<font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="1.3.35"><strong>Apache 1.3.35 Released</strong></a>
+ <a name="1.3.36"><strong>Apache 1.3.36 Released</strong></a>
</font>
</td></tr>
<tr><td>
<blockquote>
<p>The Apache Group is pleased to announce the
- <a href="http://www.apache.org/dist/httpd/Announcement1.3.html">legacy release of the 1.3.35 version of the Apache HTTP Server</a>.
+ <a href="http://www.apache.org/dist/httpd/Announcement1.3.html">legacy release of the 1.3.36 version of the Apache HTTP Server</a>.
</p>
-<p>This version of Apache is principally a security and bug fix release.</p>
+<p>This version of Apache is principally a bug fix release.</p>
<p>For further details, see the
<a href="http://www.apache.org/dist/httpd/Announcement1.3.html">announcement</a>.</p>
<p align="center">
<a href="download.cgi">Download</a> |
<a href="docs/1.3/windows.html">Apache for Win32</a> |
<a href="docs/1.3/new_features_1_3.html">New Features in Apache 1.3</a> |
-<a href="http://www.apache.org/dist/httpd/CHANGES_1.3">ChangeLog for 1.3.35</a>
+<a href="http://www.apache.org/dist/httpd/CHANGES_1.3">ChangeLog for 1.3.36</a>
</p>
</blockquote>
</td></tr>
Modified: httpd/site/trunk/docs/security/vulnerabilities_13.html
URL: http://svn.apache.org/viewcvs/httpd/site/trunk/docs/security/vulnerabilities_13.html?rev=407233&r1=407232&r2=407233&view=diff
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities_13.html (original)
+++ httpd/site/trunk/docs/security/vulnerabilities_13.html Wed May 17 05:26:22 2006
@@ -77,777 +77,6 @@
</blockquote>
</td></tr>
</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="1.3.35"><strong>Fixed in Apache httpd 1.3.35</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2005-3352">mod_imap Referer Cross-Site Scripting</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352">CVE-2005-3352</a>
-<p>
-A flaw in mod_imap when using the Referer directive with image maps.
-In certain site configurations a remote attacker could perform a cross-site
-scripting attack if a victim can be forced to visit a malicious
-URL using certain web browsers.
-</p>
-</dd>
-<dd>
- Update Released: 1st May 2006<br />
-</dd>
-<dd>
- Affects:
- 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="1.3.33"><strong>Fixed in Apache httpd 1.3.33</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2004-0940">mod_include overflow</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0940">CVE-2004-0940</a>
-<p>
-A buffer overflow in mod_include could allow a local user who
-is authorised to create server side include (SSI) files to gain
-the privileges of a httpd child.
-</p>
-</dd>
-<dd>
- Update Released: 28th October 2004<br />
-</dd>
-<dd>
- Affects:
- 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="1.3.32"><strong>Fixed in Apache httpd 1.3.32</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2004-0492">mod_proxy buffer overflow</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0492">CVE-2004-0492</a>
-<p>
-A buffer overflow was found in the Apache proxy module, mod_proxy, which
-can be triggered by receiving an invalid Content-Length header. In order
-to exploit this issue an attacker would need to get an Apache installation
-that was configured as a proxy to connect to a malicious site. This would
-cause the Apache child processing the request to crash, although this does
-not represent a significant Denial of Service attack as requests will
-continue to be handled by other Apache child processes. This issue may
-lead to remote arbitrary code execution on some BSD platforms.
-</p>
-</dd>
-<dd>
- Update Released: 20th October 2004<br />
-</dd>
-<dd>
- Affects:
- 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="1.3.31"><strong>Fixed in Apache httpd 1.3.31</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2004-0174">listening socket starvation</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0174">CVE-2004-0174</a>
-<p>
-A starvation issue on listening sockets occurs when a short-lived
-connection on a rarely-accessed listening socket will cause a child to
-hold the accept mutex and block out new connections until another
-connection arrives on that rarely-accessed listening socket. This
-issue is known to affect some versions of AIX, Solaris, and Tru64; it
-is known to not affect FreeBSD or Linux.
-
-</p>
-</dd>
-<dd>
- Update Released: 12th May 2004<br />
-</dd>
-<dd>
- Affects:
- 1.3.29, 1.3.28?, 1.3.27?, 1.3.26?, 1.3.24?, 1.3.22?, 1.3.20?, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p />
-</dd>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2003-0993">Allow/Deny parsing on big-endian 64-bit platforms</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0993">CVE-2003-0993</a>
-<p>
-A bug in the parsing of Allow/Deny rules using IP addresses
-without a netmask on big-endian 64-bit platforms causes the rules
-to fail to match.
-</p>
-</dd>
-<dd>
- Update Released: 12th May 2004<br />
-</dd>
-<dd>
- Affects:
- 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2003-0020">Error log escape filtering</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0020">CVE-2003-0020</a>
-<p>
-Apache does not filter terminal escape sequences from error logs,
-which could make it easier for attackers to insert those sequences
-into terminal emulators containing vulnerabilities related to escape
-sequences.
-</p>
-</dd>
-<dd>
- Update Released: 12th May 2004<br />
-</dd>
-<dd>
- Affects:
- 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2003-0987">mod_digest nonce checking</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0987">CVE-2003-0987</a>
-<p>
-
-mod_digest does not properly verify the nonce of a client response by
-using a AuthNonce secret. This could allow a malicious user who is
-able to sniff network traffic to conduct a replay attack against a
-website using Digest protection. Note that mod_digest implements an
-older version of the MD5 Digest Authentication specification which
-is known not to work with modern browsers. This issue does not affect
-mod_auth_digest.
-
-</p>
-</dd>
-<dd>
- Update Released: 12th May 2004<br />
-</dd>
-<dd>
- Affects:
- 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="1.3.29"><strong>Fixed in Apache httpd 1.3.29</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2003-0542">Local configuration regular expression overflow</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0542">CVE-2003-0542</a>
-<p>
-By using a regular expression with more than 9 captures a buffer
-overflow can occur in mod_alias or mod_rewrite. To exploit this an
-attacker would need to be able to create a carefully crafted configuration
-file (.htaccess or httpd.conf)
-</p>
-</dd>
-<dd>
- Update Released: 27th October 2003<br />
-</dd>
-<dd>
- Affects:
- 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="1.3.28"><strong>Fixed in Apache httpd 1.3.28</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2003-0460">RotateLogs DoS</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0460">CVE-2003-0460</a>
-<p>The rotatelogs support program on Win32 and OS/2 would quit logging
-and exit if it received special control characters such as 0x1A.
-</p>
-</dd>
-<dd>
- Update Released: 18th July 2003<br />
-</dd>
-<dd>
- Affects:
- 1.3.27, 1.3.26?, 1.3.24?, 1.3.22?, 1.3.20?, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="1.3.27"><strong>Fixed in Apache httpd 1.3.27</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2002-0843">Buffer overflows in ab utility</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0843">CVE-2002-0843</a>
-<p>Buffer overflows in the benchmarking utility ab could be exploited if
-ab is run against a malicious server
-</p>
-</dd>
-<dd>
- Update Released: 3rd October 2002<br />
-</dd>
-<dd>
- Affects:
- 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
-</dd>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2002-0839">Shared memory permissions lead to local privilege escalation</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0839">CVE-2002-0839</a>
-<p>The permissions of the shared memory used for the scoreboard
-allows an attacker who can execute under
-the Apache UID to send a signal to any process as root or cause a local
-denial of service attack.
-</p>
-</dd>
-<dd>
- Update Released: 3rd October 2002<br />
-</dd>
-<dd>
- Affects:
- 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2002-0840">Error page XSS using wildcard DNS</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0840">CVE-2002-0840</a>
-<p>Cross-site scripting (XSS) vulnerability in the default error page of
-Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when
-UseCanonicalName is "Off" and support for wildcard DNS is present,
-allows remote attackers to execute script as other web page visitors
-via the Host: header.</p>
-</dd>
-<dd>
- Update Released: 3rd October 2002<br />
-</dd>
-<dd>
- Affects:
- 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="1.3.26"><strong>Fixed in Apache httpd 1.3.26</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>critical: </b>
-<b>
-<name name="CVE-2002-0392">Apache Chunked encoding vulnerability</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0392">CVE-2002-0392</a>
-<p>Requests to all versions of Apache 1.3 can cause various effects
-ranging from a relatively harmless increase in
-system resources through to denial of service attacks and in some
-cases the ability to be remotely exploited.</p>
-</dd>
-<dd>
- Update Released: 18th June 2002<br />
-</dd>
-<dd>
- Affects:
- 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2003-0083">Filtered escape sequences</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0083">CVE-2003-0083</a>
-<p>
-Apache does not filter terminal escape sequences from its
-access logs, which could make it easier for attackers to insert those
-sequences into terminal emulators containing vulnerabilities related
-to escape sequences,
-</p>
-</dd>
-<dd>
- Update Released: 18th June 2002<br />
-</dd>
-<dd>
- Affects:
- 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="1.3.24"><strong>Fixed in Apache httpd 1.3.24</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>critical: </b>
-<b>
-<name name="CVE-2002-0061">Win32 Apache Remote command execution</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0061">CVE-2002-0061</a>
-<p>Apache for Win32 before 1.3.24 and 2.0.34-beta allows remote
-attackers to execute arbitrary commands via parameters passed
-to batch file CGI scripts.</p>
-</dd>
-<dd>
- Update Released: 22nd March 2002<br />
-</dd>
-<dd>
- Affects:
- 1.3.22, 1.3.20?, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="1.3.22"><strong>Fixed in Apache httpd 1.3.22</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2001-0729">Requests can cause directory listing to be displayed</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0729">CVE-2001-0729</a>
-<p>A vulnerability was found in the Win32 port of
-Apache 1.3.20. A client submitting a very long URI
-could cause a directory listing to be returned rather than
-the default index page. </p>
-</dd>
-<dd>
- Update Released: 12th October 2001<br />
-</dd>
-<dd>
- Affects:
- 1.3.20<p />
-</dd>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2001-0731">Multiviews can cause a directory listing to be displayed</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0731">CVE-2001-0731</a>
-<p>A vulnerability was found when <directive>Multiviews</directive>
- are used to negotiate the directory index. In some
- configurations, requesting a URI with a <samp>QUERY_STRING</samp> of
- <samp>M=D</samp> could
- return a directory listing rather than the expected index page.</p>
-</dd>
-<dd>
- Update Released: 12th October 2001<br />
-</dd>
-<dd>
- Affects:
- 1.3.20, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p />
-</dd>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2001-0730">split-logfile can cause arbitrary log files to be written to</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0730">CVE-2001-0730</a>
-<p>A vulnerability was found in the <samp>split-logfile</samp> support
- program. A request with a specially crafted <samp>Host:</samp>
- header could allow any file with a <samp>.log</samp> extension on
- the system to be written to. </p>
-</dd>
-<dd>
- Update Released: 12th October 2001<br />
-</dd>
-<dd>
- Affects:
- 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="1.3.20"><strong>Fixed in Apache httpd 1.3.20</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2001-1342">Denial of service attack on Win32 and OS2</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1342">CVE-2001-1342</a>
-<p>A vulnerability was found in the Win32 and OS2 ports of Apache 1.3. A
- client submitting a carefully constructed URI could cause a General
- Protection Fault in a child process, bringing up a message box which
- would have to be cleared by the operator to resume operation. This
- vulnerability introduced no identified means to compromise the server
- other than introducing a possible denial of service. </p>
-</dd>
-<dd>
- Update Released: 22nd May 2001<br />
-</dd>
-<dd>
- Affects:
- 1.3.20, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="1.3.19"><strong>Fixed in Apache httpd 1.3.19</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2001-0925">Requests can cause directory listing to be displayed</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0925">CVE-2001-0925</a>
-<p>The default installation can lead <samp>mod_negotiation</samp> and
- <samp>mod_dir</samp> or <samp>mod_autoindex</samp> to display a
- directory listing instead of the multiview index.html file if a
- very long path was created artificially by using many slashes. </p>
-</dd>
-<dd>
- Update Released: 28th February 2001<br />
-</dd>
-<dd>
- Affects:
- 1.3.17, 1.3.14, 1.3.12, 1.3.11<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="1.3.14"><strong>Fixed in Apache httpd 1.3.14</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2000-0913">Rewrite rules that include references allow access to any file</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0913">CVE-2000-0913</a>
-<p>The Rewrite module, <samp>mod_rewrite</samp>, can allow access to
- any file on the web server. The vulnerability occurs only with
- certain specific cases of using regular expression references in
- <samp>RewriteRule</samp> directives: If the destination
- of a <samp>RewriteRule</samp> contains regular expression references
- then an attacker will be able to access any file on the server.</p>
-</dd>
-<dd>
- Update Released: 13th October 2000<br />
-</dd>
-<dd>
- Affects:
- 1.3.12, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p />
-</dd>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2000-1204">Mass virtual hosting can display CGI source</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1204">CVE-2000-1204</a>
-<p>A security problem for users of the mass virtual hosting module,
- <samp>mod_vhost_alias</samp>, causes
- the source to a CGI to be sent if the <samp>cgi-bin</samp> directory is
- under the document root. However, it is not normal to have your
- cgi-bin directory under a document root.</p>
-</dd>
-<dd>
- Update Released: 13th October 2000<br />
-</dd>
-<dd>
- Affects:
- 1.3.12, 1.3.11, 1.3.9<p />
-</dd>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2000-0505">Requests can cause directory listing to be displayed on NT</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0505">CVE-2000-0505</a>
-<p>A security hole on Apache for Windows allows a user to
- view the listing of a
- directory instead of the default HTML page by sending a carefully
- constructed request.</p>
-</dd>
-<dd>
- Update Released: 13th October 2000<br />
-</dd>
-<dd>
- Affects:
- 1.3.12, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="1.3.12"><strong>Fixed in Apache httpd 1.3.12</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2000-1205">Cross-site scripting can reveal private session information</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1205">CVE-2000-1205</a>
-<p>Apache was vulnerable to cross site scripting issues.
- It was shown that malicious HTML tags can be embedded in client web
- requests if the server or script handling the request does not
- carefully encode all information displayed to
- the user. Using these vulnerabilities attackers could, for
- example, obtain copies of your private
- cookies used to authenticate
- you to other sites.</p>
-</dd>
-<dd>
- Update Released: 25th February 2000<br />
-</dd>
-<dd>
- Affects:
- 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="1.3.11"><strong>Fixed in Apache httpd 1.3.11</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2000-1206">Mass virtual hosting security issue</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1206">CVE-2000-1206</a>
-<p>A security problem can occur for sites using mass name-based virtual
-hosting (using
-the new <samp>mod_vhost_alias</samp> module) or with special
-<samp>mod_rewrite</samp> rules.
-
-<!-- Makes sure vhost alias can only be alnum, - or . -->
-
-</p>
-</dd>
-<dd>
- Update Released: 21st January 2000<br />
-</dd>
-<dd>
- Affects:
- 1.3.9, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="1.3.4"><strong>Fixed in Apache httpd 1.3.4</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="">Denial of service attack on Win32</name>
-</b>
-<p>There have been a number of important security fixes to Apache on
-Windows. The most important is that there is much better protection
-against people trying to access special DOS device names (such as
-"nul"). </p>
-</dd>
-<dd>
- Update Released: 11th January 1999<br />
-</dd>
-<dd>
- Affects:
- 1.3.3, 1.3.2, 1.3.1, 1.3.0<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="1.3.2"><strong>Fixed in Apache httpd 1.3.2</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-1999-1199">Multiple header Denial of Service vulnerability</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1199">CVE-1999-1199</a>
-<p>A serious problem exists when a client
-sends a large number of headers with the same header name. Apache uses
-up memory faster than the amount of memory required to simply store
-the received data itself. That is, memory use increases faster and
-faster as more headers are received, rather than increasing at a
-constant rate. This makes a denial of service attack based on this
-method more effective than methods which cause Apache to use memory at
-a constant rate, since the attacker has to send less data.</p>
-</dd>
-<dd>
- Update Released: 23rd September 1998<br />
-</dd>
-<dd>
- Affects:
- 1.3.1, 1.3.0<p />
-</dd>
-<dd>
-<b>important: </b>
-<b>
-<name name="">Denial of service attacks</name>
-</b>
-<p>Apache 1.3.2 has
-better protection against denial of service attacks. These are when
-people make excessive requests to the server to try and prevent other
-people using it. In 1.3.2 there are several new directives which can
-limit the size of requests (these directives all start with the word
-<SAMP>Limit</SAMP>).
-</p>
-</dd>
-<dd>
- Update Released: 23rd September 1998<br />
-</dd>
-<dd>
- Affects:
- 1.3.1, 1.3.0<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
</td>
</tr>
<!-- FOOTER -->
Modified: httpd/site/trunk/docs/security/vulnerabilities_20.html
URL: http://svn.apache.org/viewcvs/httpd/site/trunk/docs/security/vulnerabilities_20.html?rev=407233&r1=407232&r2=407233&view=diff
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities_20.html (original)
+++ httpd/site/trunk/docs/security/vulnerabilities_20.html Wed May 17 05:26:22 2006
@@ -77,1052 +77,6 @@
</blockquote>
</td></tr>
</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="2.0.58"><strong>Fixed in Apache httpd 2.0.58</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2005-3357">mod_ssl access control DoS</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3357">CVE-2005-3357</a>
-<p>
-A NULL pointer dereference flaw in mod_ssl was discovered affecting server
-configurations where an SSL virtual host is configured with access control
-and a custom 400 error document. A remote attacker could send a carefully
-crafted request to trigger this issue which would lead to a crash. This
-crash would only be a denial of service if using the worker MPM.
-</p>
-</dd>
-<dd>
- Update Released: 1st May 2006<br />
-</dd>
-<dd>
- Affects:
- 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
-</dd>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2005-3352">mod_imap Referer Cross-Site Scripting</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352">CVE-2005-3352</a>
-<p>
-A flaw in mod_imap when using the Referer directive with image maps.
-In certain site configurations a remote attacker could perform a cross-site
-scripting attack if a victim can be forced to visit a malicious
-URL using certain web browsers.
-</p>
-</dd>
-<dd>
- Update Released: 1st May 2006<br />
-</dd>
-<dd>
- Affects:
- 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="2.0.55"><strong>Fixed in Apache httpd 2.0.55</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2005-2700">SSLVerifyClient bypass</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2700">CVE-2005-2700</a>
-<p>
-A flaw in the mod_ssl handling of the "SSLVerifyClient"
-directive. This flaw would occur if a virtual host has been configured
-using "SSLVerifyClient optional" and further a directive "SSLVerifyClient
-required" is set for a specific location. For servers configured in this
-fashion, an attacker may be able to access resources that should otherwise
-be protected, by not supplying a client certificate when connecting.
-</p>
-</dd>
-<dd>
- Update Released: 14th October 2005<br />
-</dd>
-<dd>
- Affects:
- 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2005-2970">Worker MPM memory leak</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2970">CVE-2005-2970</a>
-<p>
-A memory leak in the worker MPM would allow remote attackers to cause
-a denial of service (memory consumption) via aborted connections,
-which prevents the memory for the transaction pool from being reused
-for other connections. This issue was downgraded in severity to low
-(from moderate) as sucessful exploitation of the race condition would
-be difficult.
-</p>
-</dd>
-<dd>
- Update Released: 14th October 2005<br />
-</dd>
-<dd>
- Affects:
- 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36<p />
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2005-2491">PCRE overflow</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2491">CVE-2005-2491</a>
-<p>
-An integer overflow flaw was found in PCRE, a Perl-compatible regular
-expression library included within httpd. A local user who has the
-ability to create .htaccess files could create a maliciously crafted
-regular expression in such as way that they could gain the privileges
-of a httpd child.
-</p>
-</dd>
-<dd>
- Update Released: 14th October 2005<br />
-</dd>
-<dd>
- Affects:
- 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2005-1268">Malicious CRL off-by-one</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1268">CVE-2005-1268</a>
-<p>
-An off-by-one stack overflow was discovered in the mod_ssl CRL
-verification callback. In order to exploit this issue the Apache
-server would need to be configured to use a malicious certificate
-revocation list (CRL)
-</p>
-</dd>
-<dd>
- Update Released: 14th October 2005<br />
-</dd>
-<dd>
- Affects:
- 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
-</dd>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2005-2728">Byterange filter DoS</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2728">CVE-2005-2728</a>
-<p>
-A flaw in the byterange filter would cause some responses to be buffered
-into memory. If a server has a dynamic resource such as a CGI
-script or PHP script which generates a large amount of data, an attacker
-could send carefully crafted requests in order to consume resources,
-potentially leading to a Denial of Service.
-</p>
-</dd>
-<dd>
- Update Released: 14th October 2005<br />
-</dd>
-<dd>
- Affects:
- 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
-</dd>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2005-2088">HTTP Request Spoofing</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2088">CVE-2005-2088</a>
-<p>
-A flaw occured when using the Apache server as a HTTP proxy. A remote
-attacker could send a HTTP request with both a "Transfer-Encoding:
-chunked" header and a Content-Length header, causing Apache to
-incorrectly handle and forward the body of the request in a way that
-causes the receiving server to process it as a separate HTTP request.
-This could allow the bypass of web application firewall protection or
-lead to cross-site scripting (XSS) attacks.
-</p>
-</dd>
-<dd>
- Update Released: 14th October 2005<br />
-</dd>
-<dd>
- Affects:
- 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="2.0.53"><strong>Fixed in Apache httpd 2.0.53</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2004-0942">Memory consumption DoS</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0942">CVE-2004-0942</a>
-<p>
-An issue was discovered where the field length limit was not enforced
-for certain malicious requests. This could allow a remote attacker who
-is able to send large amounts of data to a server the ability to cause
-Apache children to consume proportional amounts of memory, leading to
-a denial of service.
-</p>
-</dd>
-<dd>
- Update Released: 8th February 2005<br />
-</dd>
-<dd>
- Affects:
- 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2004-1834">mod_disk_cache stores sensitive headers</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1834">CVE-2004-1834</a>
-<p>
-The experimental mod_disk_cache module stored client authentication
-credentials for cached objects such as proxy authentication credentials
-and Basic Authentication passwords on disk.
-</p>
-</dd>
-<dd>
- Update Released: 8th February 2005<br />
-</dd>
-<dd>
- Affects:
- 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
-</dd>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2004-0885">SSLCipherSuite bypass</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0885">CVE-2004-0885</a>
-<p>
-An issue has been discovered in the mod_ssl module when configured to use
-the "SSLCipherSuite" directive in directory or location context. If a
-particular location context has been configured to require a specific set
-of cipher suites, then a client will be able to access that location using
-any cipher suite allowed by the virtual host configuration.
-</p>
-</dd>
-<dd>
- Update Released: 8th February 2005<br />
-</dd>
-<dd>
- Affects:
- 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="2.0.52"><strong>Fixed in Apache httpd 2.0.52</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2004-0811">Basic authentication bypass</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0811">CVE-2004-0811</a>
-<p>
-A flaw in Apache 2.0.51 (only) broke the merging of the Satisfy
-directive which could result in access being granted to
-resources despite any configured authentication
-</p>
-</dd>
-<dd>
- Update Released: 28th September 2004<br />
-</dd>
-<dd>
- Affects:
- 2.0.51<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="2.0.51"><strong>Fixed in Apache httpd 2.0.51</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>critical: </b>
-<b>
-<name name="CVE-2004-0786">IPv6 URI parsing heap overflow</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0786">CVE-2004-0786</a>
-<p>
-Testing using the Codenomicon HTTP Test Tool performed by the Apache
-Software Foundation security group and Red Hat uncovered an input
-validation issue in the IPv6 URI parsing routines in the apr-util library.
-If a remote attacker sent a request including a carefully crafted URI, an
-httpd child process could be made to crash. One some BSD systems it
-is believed this flaw may be able to lead to remote code execution.
-</p>
-</dd>
-<dd>
- Update Released: 15th September 2004<br />
-</dd>
-<dd>
- Affects:
- 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
-</dd>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2004-0748">SSL connection infinite loop</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0748">CVE-2004-0748</a>
-<p>
-An issue was discovered in the mod_ssl module in Apache 2.0.
-A remote attacker who forces an SSL connection to
-be aborted in a particular state may cause an Apache child process to
-enter an infinite loop, consuming CPU resources.
-</p>
-</dd>
-<dd>
- Update Released: 15th September 2004<br />
-</dd>
-<dd>
- Affects:
- 2.0.50, 2.0.49?, 2.0.48?, 2.0.47?, 2.0.46?, 2.0.45?, 2.0.44?, 2.0.43?, 2.0.42?, 2.0.40?, 2.0.39?, 2.0.37?, 2.0.36?, 2.0.35?<p />
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2004-0747">Environment variable expansion flaw</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0747">CVE-2004-0747</a>
-<p>
-The Swedish IT Incident Centre (SITIC) reported a buffer overflow in the
-expansion of environment variables during configuration file parsing. This
-issue could allow a local user to gain the privileges of a httpd
-child if a server can be forced to parse a carefully crafted .htaccess file
-written by a local user.
-</p>
-</dd>
-<dd>
- Update Released: 15th September 2004<br />
-</dd>
-<dd>
- Affects:
- 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2004-0751">Malicious SSL proxy can cause crash</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0751">CVE-2004-0751</a>
-<p>
-An issue was discovered in the mod_ssl module in Apache 2.0.44-2.0.50
-which could be triggered if
-the server is configured to allow proxying to a remote SSL server. A
-malicious remote SSL server could force an httpd child process to crash by
-sending a carefully crafted response header. This issue is not believed to
-allow execution of arbitrary code and will only result in a denial
-of service where a threaded process model is in use.
-</p>
-</dd>
-<dd>
- Update Released: 15th September 2004<br />
-</dd>
-<dd>
- Affects:
- 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44<p />
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2004-0809">WebDAV remote crash</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0809">CVE-2004-0809</a>
-<p>
-An issue was discovered in the mod_dav module which could be triggered
-for a location where WebDAV authoring access has been configured. A
-malicious remote client which is authorized to use the LOCK method
-could force an httpd child process to crash by sending a particular
-sequence of LOCK requests. This issue does not allow execution of
-arbitrary code. and will only result in a denial of service where a
-threaded process model is in use.
-</p>
-</dd>
-<dd>
- Update Released: 15th September 2004<br />
-</dd>
-<dd>
- Affects:
- 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="2.0.50"><strong>Fixed in Apache httpd 2.0.50</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2004-0493">Header parsing memory leak</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0493">CVE-2004-0493</a>
-<p>
-A memory leak in parsing of HTTP headers which can be triggered
-remotely may allow a denial of service attack due to excessive memory
-consumption.
-</p>
-</dd>
-<dd>
- Update Released: 1st July 2004<br />
-</dd>
-<dd>
- Affects:
- 2.0.49, 2.0.48?, 2.0.47?, 2.0.46?, 2.0.45?, 2.0.44?, 2.0.43?, 2.0.42?, 2.0.40?, 2.0.39?, 2.0.37?, 2.0.36?, 2.0.35?<p />
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2004-0488">FakeBasicAuth overflow</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0488">CVE-2004-0488</a>
-<p>
-A buffer overflow in the mod_ssl FakeBasicAuth code could be exploited
-by an attacker using a (trusted) client certificate with a subject DN
-field which exceeds 6K in length.
-</p>
-</dd>
-<dd>
- Update Released: 1st July 2004<br />
-</dd>
-<dd>
- Affects:
- 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="2.0.49"><strong>Fixed in Apache httpd 2.0.49</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2004-0174">listening socket starvation</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0174">CVE-2004-0174</a>
-<p>
-A starvation issue on listening sockets occurs when a short-lived
-connection on a rarely-accessed listening socket will cause a child to
-hold the accept mutex and block out new connections until another
-connection arrives on that rarely-accessed listening socket. This
-issue is known to affect some versions of AIX, Solaris, and Tru64; it
-is known to not affect FreeBSD or Linux.
-
-</p>
-</dd>
-<dd>
- Update Released: 19th March 2004<br />
-</dd>
-<dd>
- Affects:
- 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
-</dd>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2004-0113">mod_ssl memory leak</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0113">CVE-2004-0113</a>
-<p>
-A memory leak in mod_ssl allows a remote denial of service attack
-against an SSL-enabled server by sending plain HTTP requests to the
-SSL port.
-</p>
-</dd>
-<dd>
- Update Released: 19th March 2004<br />
-</dd>
-<dd>
- Affects:
- 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2003-0020">Error log escape filtering</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0020">CVE-2003-0020</a>
-<p>
-Apache does not filter terminal escape sequences from error logs,
-which could make it easier for attackers to insert those sequences
-into terminal emulators containing vulnerabilities related to escape
-sequences.
-</p>
-</dd>
-<dd>
- Update Released: 19th March 2004<br />
-</dd>
-<dd>
- Affects:
- 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="2.0.48"><strong>Fixed in Apache httpd 2.0.48</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2003-0542">Local configuration regular expression overflow</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0542">CVE-2003-0542</a>
-<p>
-By using a regular expression with more than 9 captures a buffer
-overflow can occur in mod_alias or mod_rewrite. To exploit this an
-attacker would need to be able to create a carefully crafted configuration
-file (.htaccess or httpd.conf)
-</p>
-</dd>
-<dd>
- Update Released: 27th October 2003<br />
-</dd>
-<dd>
- Affects:
- 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
-</dd>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2003-0789">CGI output information leak</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0789">CVE-2003-0789</a>
-<p>
-A bug in mod_cgid mishandling of CGI redirect paths can result in
-CGI output going to the wrong client when a threaded MPM
-is used.
-</p>
-</dd>
-<dd>
- Update Released: 27th October 2003<br />
-</dd>
-<dd>
- Affects:
- 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="2.0.47"><strong>Fixed in Apache httpd 2.0.47</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2003-0253">Remote DoS with multiple Listen directives</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0253">CVE-2003-0253</a>
-<p>
-In a server with multiple listening sockets a certain error returned
-by accept() on a rarely access port can cause a temporary denial of
-service, due to a bug in the prefork MPM.
-</p>
-</dd>
-<dd>
- Update Released: 9th July 2003<br />
-</dd>
-<dd>
- Affects:
- 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2003-0192">mod_ssl renegotiation issue</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0192">CVE-2003-0192</a>
-<p>
-A bug in the optional renegotiation code in mod_ssl included with
-Apache httpd can cause cipher suite restrictions to be ignored.
-This is triggered if optional renegotiation is used (SSLOptions
-+OptRenegotiate) along with verification of client certificates
-and a change to the cipher suite over the renegotiation.
-</p>
-</dd>
-<dd>
- Update Released: 9th July 2003<br />
-</dd>
-<dd>
- Affects:
- 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
-</dd>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2003-0254">Remote DoS via IPv6 ftp proxy</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0254">CVE-2003-0254</a>
-<p>
-When a client requests that proxy ftp connect to a ftp server with
-IPv6 address, and the proxy is unable to create an IPv6 socket,
-an infinite loop occurs causing a remote Denial of Service.
-</p>
-</dd>
-<dd>
- Update Released: 9th July 2003<br />
-</dd>
-<dd>
- Affects:
- 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="2.0.46"><strong>Fixed in Apache httpd 2.0.46</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>critical: </b>
-<b>
-<name name="CVE-2003-0245">APR remote crash</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0245">CVE-2003-0245</a>
-<p>
-A vulnerability in the apr_psprintf function in the Apache Portable
-Runtime (APR) library allows remote
-attackers to cause a denial of service (crash) and possibly execute
-arbitrary code via long strings, as demonstrated using XML objects to
-mod_dav, and possibly other vectors.
-</p>
-</dd>
-<dd>
- Update Released: 28th May 2003<br />
-</dd>
-<dd>
- Affects:
- 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37<p />
-</dd>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2003-0189">Basic Authentication DoS</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0189">CVE-2003-0189</a>
-<p>
-A build system problem in Apache 2.0.40 through 2.0.45 allows remote attackers
-to cause a denial of access to authenticated content when a threaded
-server is used.
-</p>
-</dd>
-<dd>
- Update Released: 28th May 2003<br />
-</dd>
-<dd>
- Affects:
- 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40<p />
-</dd>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2003-0134">OS2 device name DoS</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0134">CVE-2003-0134</a>
-<p>
-Apache on OS2 up to and including Apache 2.0.45
-have a Denial of Service vulnerability caused by
-device names.
-</p>
-</dd>
-<dd>
- Update Released: 28th May 2003<br />
-</dd>
-<dd>
- Affects:
- 2.0.45, 2.0.44?, 2.0.43?, 2.0.42?, 2.0.40?, 2.0.39?, 2.0.37?, 2.0.36?, 2.0.35?<p />
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2003-0083">Filtered escape sequences</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0083">CVE-2003-0083</a>
-<p>
-Apache did not filter terminal escape sequences from its
-access logs, which could make it easier for attackers to insert those
-sequences into terminal emulators containing vulnerabilities related
-to escape sequences.
-</p>
-</dd>
-<dd>
- Update Released: 2nd April 2004<br />
-</dd>
-<dd>
- Affects:
- 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="2.0.45"><strong>Fixed in Apache httpd 2.0.45</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2003-0132">Line feed memory leak DoS</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0132">CVE-2003-0132</a>
-<p>
-Apache 2.0 versions before Apache 2.0.45 had a significant Denial of
-Service vulnerability. Remote attackers could cause a denial of service
-(memory consumption) via large chunks of linefeed characters, which
-causes Apache to allocate 80 bytes for each linefeed.
-</p>
-</dd>
-<dd>
- Update Released: 2nd April 2004<br />
-</dd>
-<dd>
- Affects:
- 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="2.0.44"><strong>Fixed in Apache httpd 2.0.44</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>critical: </b>
-<b>
-<name name="CVE-2003-0016">MS-DOS device name filtering</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0016">CVE-2003-0016</a>
-<p>On Windows platforms Apache did not
-correctly filter MS-DOS device names which
-could lead to denial of service attacks or remote code execution.
-</p>
-</dd>
-<dd>
- Update Released: 20th January 2003<br />
-</dd>
-<dd>
- Affects:
- 2.0.43, 2.0.42?, 2.0.40?, 2.0.39?, 2.0.37?, 2.0.36?, 2.0.35?<p />
-</dd>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2003-0017">Apache can serve unexpected files</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0017">CVE-2003-0017</a>
-<p>
-On Windows platforms Apache could be forced to serve unexpected files
-by appending illegal characters such as '<' to the request URL
-</p>
-</dd>
-<dd>
- Update Released: 20th January 2003<br />
-</dd>
-<dd>
- Affects:
- 2.0.43, 2.0.42?, 2.0.40?, 2.0.39?, 2.0.37?, 2.0.36?, 2.0.35?<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="2.0.43"><strong>Fixed in Apache httpd 2.0.43</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2002-0840">Error page XSS using wildcard DNS</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0840">CVE-2002-0840</a>
-<p>Cross-site scripting (XSS) vulnerability in the default error page of
-Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when
-UseCanonicalName is "Off" and support for wildcard DNS is present,
-allows remote attackers to execute script as other web page visitors
-via the Host: header.</p>
-</dd>
-<dd>
- Update Released: 3rd October 2002<br />
-</dd>
-<dd>
- Affects:
- 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
-</dd>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2002-1156">CGI scripts source revealed using WebDAV</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1156">CVE-2002-1156</a>
-<p>In Apache 2.0.42 only, for a location where both WebDAV and CGI were
-enabled, a POST request to a CGI script would reveal the CGI source to
-a remote user. </p>
-</dd>
-<dd>
- Update Released: 3rd October 2002<br />
-</dd>
-<dd>
- Affects:
- 2.0.42<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="2.0.42"><strong>Fixed in Apache httpd 2.0.42</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2002-1593">mod_dav crash</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1593">CVE-2002-1593</a>
-<p>
-A flaw was found in handling of versioning hooks in mod_dav. An attacker
-could send a carefully crafted request in such a way to cause the child
-process handling the connection to crash. This issue will only result
-in a denial of service where a threaded process model is in use.
-</p>
-</dd>
-<dd>
- Update Released: 24th September 2002<br />
-</dd>
-<dd>
- Affects:
- 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="2.0.40"><strong>Fixed in Apache httpd 2.0.40</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>important: </b>
-<b>
-<name name="CVE-2002-0661">Path vulnerability</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0661">CVE-2002-0661</a>
-<p>Certain URIs would bypass security
-and allow users to invoke or access any file depending on the system
-configuration. Affects Windows, OS2, Netware and Cygwin platforms
-only.</p>
-</dd>
-<dd>
- Update Released: 9th August 2002<br />
-</dd>
-<dd>
- Affects:
- 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
-</dd>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2002-0654">Path revealing exposures</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0654">CVE-2002-0654</a>
-<p>A path-revealing exposure was present in multiview type
-map negotiation (such as the default error documents) where a
-module would report the full path of the typemapped .var file when
-multiple documents or no documents could be served.
-Additionally a path-revealing exposure in cgi/cgid when Apache
-fails to invoke a script. The modules would report "couldn't create
-child process /path-to-script/script.pl" revealing the full path
-of the script.</p>
-</dd>
-<dd>
- Update Released: 9th August 2002<br />
-</dd>
-<dd>
- Affects:
- 2.0.39, 2.0.37?, 2.0.36?, 2.0.35?<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="2.0.37"><strong>Fixed in Apache httpd 2.0.37</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>critical: </b>
-<b>
-<name name="CVE-2002-0392">Apache Chunked encoding vulnerability</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0392">CVE-2002-0392</a>
-<p>Malicious requests can cause various effects
-ranging from a relatively harmless increase in
-system resources through to denial of service attacks and in some
-cases the ability to execute arbitrary remote code.</p>
-</dd>
-<dd>
- Update Released: 18th June 2002<br />
-</dd>
-<dd>
- Affects:
- 2.0.36, 2.0.35<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="2.0.36"><strong>Fixed in Apache httpd 2.0.36</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2002-1592">Warning messages could be displayed to users</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1592">CVE-2002-1592</a>
-<p>
-In some cases warning messages could get returned to end users in
-addition to being recorded in the error log. This could reveal the
-path to a CGI script for example, a minor security exposure.
-</p>
-</dd>
-<dd>
- Update Released: 8th May 2002<br />
-</dd>
-<dd>
- Affects:
- 2.0.35<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
</td>
</tr>
<!-- FOOTER -->
Modified: httpd/site/trunk/docs/security/vulnerabilities_22.html
URL: http://svn.apache.org/viewcvs/httpd/site/trunk/docs/security/vulnerabilities_22.html?rev=407233&r1=407232&r2=407233&view=diff
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities_22.html (original)
+++ httpd/site/trunk/docs/security/vulnerabilities_22.html Wed May 17 05:26:22 2006
@@ -77,39 +77,6 @@
</blockquote>
</td></tr>
</table>
- <table border="0" cellspacing="0" cellpadding="2" width="100%">
- <tr><td bgcolor="#525D76">
- <font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="2.2.2"><strong>Fixed in Apache httpd 2.2.2</strong></a>
- </font>
- </td></tr>
- <tr><td>
- <blockquote>
-<dl>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2005-3352">mod_imap Referer Cross-Site Scripting</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352">CVE-2005-3352</a>
-<p>
-A flaw in mod_imap when using the Referer directive with image maps.
-In certain site configurations a remote attacker could perform a cross-site
-scripting attack if a victim can be forced to visit a malicious
-URL using certain web browsers.
-</p>
-</dd>
-<dd>
- Update Released: 1st May 2006<br />
-</dd>
-<dd>
- Affects:
- 2.2.0<p />
-</dd>
-</dl>
- </blockquote>
- </td></tr>
-</table>
</td>
</tr>
<!-- FOOTER -->
Modified: httpd/site/trunk/xdocs/download.xml
URL: http://svn.apache.org/viewcvs/httpd/site/trunk/xdocs/download.xml?rev=407233&r1=407232&r2=407233&view=diff
==============================================================================
--- httpd/site/trunk/xdocs/download.xml (original)
+++ httpd/site/trunk/xdocs/download.xml Wed May 17 05:26:22 2006
@@ -135,11 +135,11 @@
</section>
-<section id="apache13"><title>Apache 1.3.35 is also available</title>
+<section id="apache13"><title>Apache 1.3.36 is also available</title>
-<p>Apache 1.3.35 is the best available version of the 1.3 series, and
-is recommended over all previous 1.3 releases. This release adds several
-enhancements, fixes a number of bugs and addresses 1 security issues.</p>
+<p>Apache 1.3.36 is the best available version of the 1.3 series, and
+is recommended over all previous 1.3 releases. This release fixes
+an unexpected and unwanted regression introduced in 1.3.35.</p>
<p>For additional details, read the <a
href="http://www.apache.org/dist/httpd/Announcement1.3.html">Official
@@ -152,29 +152,29 @@
in preference to 2.0, although important new features and
enhancements will be seriously considered for inclusion in 1.3.</p>
-<p>Use the Apache 1.3.35 version if you need to use third party
+<p>Use the Apache 1.3.36 version if you need to use third party
modules that are not yet available as an Apache 2.x module. Apache
1.3 is not compatibile with Apache 2.x modules.</p>
<ul>
<li>Unix Source: <a
-href="[preferred]/httpd/apache_1.3.35.tar.gz">apache_1.3.35.tar.gz</a>
+href="[preferred]/httpd/apache_1.3.36.tar.gz">apache_1.3.36.tar.gz</a>
[<a
-href="http://www.apache.org/dist/httpd/apache_1.3.35.tar.gz.asc">PGP</a>] [<a
-href="http://www.apache.org/dist/httpd/apache_1.3.35.tar.gz.md5">MD5</a>]</li>
+href="http://www.apache.org/dist/httpd/apache_1.3.36.tar.gz.asc">PGP</a>] [<a
+href="http://www.apache.org/dist/httpd/apache_1.3.36.tar.gz.md5">MD5</a>]</li>
<li>Unix Source: <a
-href="[preferred]/httpd/apache_1.3.35.tar.Z">apache_1.3.35.tar.Z</a>
+href="[preferred]/httpd/apache_1.3.36.tar.Z">apache_1.3.36.tar.Z</a>
[<a
-href="http://www.apache.org/dist/httpd/apache_1.3.35.tar.Z.asc">PGP</a>] [<a
-href="http://www.apache.org/dist/httpd/apache_1.3.35.tar.Z.md5">MD5</a>]</li>
+href="http://www.apache.org/dist/httpd/apache_1.3.36.tar.Z.asc">PGP</a>] [<a
+href="http://www.apache.org/dist/httpd/apache_1.3.36.tar.Z.md5">MD5</a>]</li>
<li>Win32 Binary (Self extracting): <a
-href="[preferred]/httpd/binaries/win32/apache_1.3.35-win32-x86-no_src.exe"
->apache_1.3.35-win32-x86-no_src.exe</a> [<a
-href="http://www.apache.org/dist/httpd/binaries/win32/apache_1.3.35-win32-x86-no_src.exe.asc">PGP</a>]
+href="[preferred]/httpd/binaries/win32/apache_1.3.36-win32-x86-no_src.exe"
+>apache_1.3.36-win32-x86-no_src.exe</a> [<a
+href="http://www.apache.org/dist/httpd/binaries/win32/apache_1.3.36-win32-x86-no_src.exe.asc">PGP</a>]
[<a
-href="http://www.apache.org/dist/httpd/binaries/win32/apache_1.3.35-win32-x86-no_src.exe.md5">MD5</a>]</li>
+href="http://www.apache.org/dist/httpd/binaries/win32/apache_1.3.36-win32-x86-no_src.exe.md5">MD5</a>]</li>
<li><a href="[preferred]/httpd/">Other files</a></li>
</ul>
@@ -213,7 +213,7 @@
<ul>
<li>httpd-2.0.55.tar.gz is signed by William Rowe <code>10FDE075</code></li>
-<li>httpd-1.3.35.tar.gz is signed by Jim Jagielski <code>08C975E5</code></li>
+<li>httpd-1.3.36.tar.gz is signed by Jim Jagielski <code>08C975E5</code></li>
</ul>
Modified: httpd/site/trunk/xdocs/index.xml
URL: http://svn.apache.org/viewcvs/httpd/site/trunk/xdocs/index.xml?rev=407233&r1=407232&r2=407233&view=diff
==============================================================================
--- httpd/site/trunk/xdocs/index.xml (original)
+++ httpd/site/trunk/xdocs/index.xml Wed May 17 05:26:22 2006
@@ -71,15 +71,15 @@
</section>
-<section id="1.3.35">
-<title>Apache 1.3.35 Released</title>
+<section id="1.3.36">
+<title>Apache 1.3.36 Released</title>
<p>The Apache Group is pleased to announce the
<a href="http://www.apache.org/dist/httpd/Announcement1.3.html"
- >legacy release of the 1.3.35 version of the Apache HTTP Server</a>.
+ >legacy release of the 1.3.36 version of the Apache HTTP Server</a>.
</p>
-<p>This version of Apache is principally a security and bug fix release.</p>
+<p>This version of Apache is principally a bug fix release.</p>
<p>For further details, see the
<a href="http://www.apache.org/dist/httpd/Announcement1.3.html"
@@ -89,8 +89,9 @@
<a href="download.cgi">Download</a> |
<a href="docs/1.3/windows.html">Apache for Win32</a> |
<a href="docs/1.3/new_features_1_3.html">New Features in Apache 1.3</a> |
-<a href="http://www.apache.org/dist/httpd/CHANGES_1.3">ChangeLog for 1.3.35</a>
+<a href="http://www.apache.org/dist/httpd/CHANGES_1.3">ChangeLog for 1.3.36</a>
</p>
+
</section>
<section id="Mirrors">
Modified: httpd/site/trunk/xdocs/security/vulnerabilities_22.xml
URL: http://svn.apache.org/viewcvs/httpd/site/trunk/xdocs/security/vulnerabilities_22.xml?rev=407233&r1=407232&r2=407233&view=diff
==============================================================================
--- httpd/site/trunk/xdocs/security/vulnerabilities_22.xml (original)
+++ httpd/site/trunk/xdocs/security/vulnerabilities_22.xml Wed May 17 05:26:22 2006
@@ -19,30 +19,5 @@
these vulnerabilities to the <a href="/security_report.html">Security
Team</a>. </p>
</section>
-<section id="2.2.2">
-<title>Fixed in Apache httpd 2.2.2</title>
-<dl>
-<dd>
-<b>moderate: </b>
-<b>
-<name name="CVE-2005-3352">mod_imap Referer Cross-Site Scripting</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352">CVE-2005-3352</a>
-<p>
-A flaw in mod_imap when using the Referer directive with image maps.
-In certain site configurations a remote attacker could perform a cross-site
-scripting attack if a victim can be forced to visit a malicious
-URL using certain web browsers.
-</p>
-</dd>
-<dd>
- Update Released: 1st May 2006<br/>
-</dd>
-<dd>
- Affects:
- 2.2.0<p/>
-</dd>
-</dl>
-</section>
</body>
</document>