You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by bu...@apache.org on 2017/07/27 17:43:40 UTC
svn commit: r1016048 [3/3] - in /websites/staging/httpd/trunk/content: ./
css/apsite.css security/vulnerabilities-httpd.page/securitydb.xsl
security/vulnerabilities_22.html security/vulnerabilities_24.html
Modified: websites/staging/httpd/trunk/content/security/vulnerabilities_24.html
==============================================================================
--- websites/staging/httpd/trunk/content/security/vulnerabilities_24.html (original)
+++ websites/staging/httpd/trunk/content/security/vulnerabilities_24.html Thu Jul 27 17:43:40 2017
@@ -106,41 +106,49 @@ in a "-dev" release then this means that
the development source tree and will be part of an upcoming full release.</p><p> This page is created from a database of vulnerabilities originally
populated by Apache Week. Please send comments or corrections for
these vulnerabilities to the <a href="/security_report.html">Security
-Team</a>. </p><p><em>The initial GA release, Apache httpd 2.4.1, includes fixes for all vulnerabilities which have been resolved in Apache httpd 2.2.22 and all older releases. Consult the <a href="vulnerabilities_22.html">Apache httpd 2.2 vulnerabilities list</a> for more information.</em></p><h1 id="2.4.27">
+Team</a>. </p><p><em>The initial GA release, Apache httpd 2.4.1, includes fixes for all vulnerabilities which have been resolved in Apache httpd 2.2.22 and all older releases. Consult the <a href="vulnerabilities_22.html">Apache httpd 2.2 vulnerabilities list</a> for more information.</em></p><br/><h1 id="2.4.27">
Fixed in Apache httpd 2.4.27</h1><dl>
+ <dt>
+ <h3>important:
+ <a name="CVE-2017-9789"/><name name="CVE-2017-9789">Read after free in mod_http2</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9789">CVE-2017-9789</a>)
+ </h3>
+ </dt>
<dd>
- <b>important: </b>
- <b>
- <a name="CVE-2017-9789"/>
- <name name="CVE-2017-9789">Read after free in mod_http2</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9789">CVE-2017-9789</a>
<p>
When under stress, closing many connections, the HTTP/2
handling code would sometimes access memory after it has
been freed, resulting in potentially erratic behaviour.
</p>
- </dd>
- <dd>
<p>Acknowledgements:
We would like to thank Robert ÅwiÄcki for reporting this issue.
</p>
- </dd>
- <dd>
- Reported to security team: 30th June 2017<br/>
- Issue public: 11th July 2017<br/></dd>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">30th June 2017</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">11th July 2017</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">11th July 2017</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.4.26</td>
+ </tr>
+ </table>
+ </dd>
+ <dt>
+ <h3>important:
+ <a name="CVE-2017-9788"/><name name="CVE-2017-9788">Uninitialized memory reflection in mod_auth_digest</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9788">CVE-2017-9788</a>)
+ </h3>
+ </dt>
<dd>
- Update Released: 11th July 2017<br/></dd>
- <dd>
- Affects:
- 2.4.26<p/></dd>
- <dd>
- <b>important: </b>
- <b>
- <a name="CVE-2017-9788"/>
- <name name="CVE-2017-9788">Uninitialized memory reflection in mod_auth_digest</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9788">CVE-2017-9788</a>
<p>
The value placeholder in [Proxy-]Authorization headers
of type 'Digest' was not initialized or reset
@@ -153,29 +161,37 @@ could reflect the stale value of uniniti
memory used by the prior request, leading to leakage
of potentially confidential information, and a segfault.
</p>
- </dd>
- <dd>
<p>Acknowledgements:
We would like to thank Robert ÅwiÄcki for reporting this issue.
</p>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">28th June 2017</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">11th July 2017</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">11th July 2017</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.4.26, 2.4.25, 2.4.23, 2.4.20, 2.4.18, 2.4.17, 2.4.16, 2.4.12, 2.4.10, 2.4.9, 2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2, 2.4.1</td>
+ </tr>
+ </table>
</dd>
- <dd>
- Reported to security team: 28th June 2017<br/>
- Issue public: 11th July 2017<br/></dd>
- <dd>
- Update Released: 11th July 2017<br/></dd>
- <dd>
- Affects:
- 2.4.26, 2.4.25, 2.4.23, 2.4.20, 2.4.18, 2.4.17, 2.4.16, 2.4.12, 2.4.10, 2.4.9, 2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2, 2.4.1<p/></dd>
-</dl><h1 id="2.4.26">
+</dl><br/><h1 id="2.4.26">
Fixed in Apache httpd 2.4.26</h1><dl>
+ <dt>
+ <h3>important:
+ <a name="CVE-2017-3167"/><name name="CVE-2017-3167">ap_get_basic_auth_pw() Authentication Bypass</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167">CVE-2017-3167</a>)
+ </h3>
+ </dt>
<dd>
- <b>important: </b>
- <b>
- <a name="CVE-2017-3167"/>
- <name name="CVE-2017-3167">ap_get_basic_auth_pw() Authentication Bypass</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167">CVE-2017-3167</a>
<p>
Use of the ap_get_basic_auth_pw() by third-party modules outside of the
authentication phase may lead to authentication requirements being bypassed.
@@ -188,78 +204,102 @@ immediately authenticate the user after
immediately with an error response, to avoid incorrectly authenticating the
current request.
</p>
- </dd>
- <dd>
<p>Acknowledgements:
We would like to thank Emmanuel Dreyfus for reporting this issue.
</p>
- </dd>
- <dd>
- Reported to security team: 6th February 2017<br/>
- Issue public: 19th June 2017<br/></dd>
- <dd>
- Update Released: 19th June 2017<br/></dd>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">6th February 2017</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">19th June 2017</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">19th June 2017</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.4.25, 2.4.23, 2.4.20, 2.4.18, 2.4.17, 2.4.16, 2.4.12, 2.4.10, 2.4.9, 2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2, 2.4.1</td>
+ </tr>
+ </table>
+ </dd>
+ <dt>
+ <h3>important:
+ <a name="CVE-2017-3169"/><name name="CVE-2017-3169">mod_ssl Null Pointer Dereference</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169">CVE-2017-3169</a>)
+ </h3>
+ </dt>
<dd>
- Affects:
- 2.4.25, 2.4.23, 2.4.20, 2.4.18, 2.4.17, 2.4.16, 2.4.12, 2.4.10, 2.4.9, 2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2, 2.4.1<p/></dd>
- <dd>
- <b>important: </b>
- <b>
- <a name="CVE-2017-3169"/>
- <name name="CVE-2017-3169">mod_ssl Null Pointer Dereference</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169">CVE-2017-3169</a>
<p>
mod_ssl may dereference a NULL pointer when third-party modules call
ap_hook_process_connection() during an HTTP request to an HTTPS port.
</p>
- </dd>
- <dd>
<p>Acknowledgements:
We would like to thank Vasileios Panopoulos and AdNovum Informatik AG for
reporting this issue.
</p>
- </dd>
- <dd>
- Reported to security team: 5th December 2016<br/>
- Issue public: 19th June 2017<br/></dd>
- <dd>
- Update Released: 19th June 2017<br/></dd>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">5th December 2016</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">19th June 2017</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">19th June 2017</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.4.25, 2.4.23, 2.4.20, 2.4.18, 2.4.17, 2.4.16, 2.4.12, 2.4.10, 2.4.9, 2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2, 2.4.1</td>
+ </tr>
+ </table>
+ </dd>
+ <dt>
+ <h3>important:
+ <a name="CVE-2017-7659"/><name name="CVE-2017-7659">mod_http2 Null Pointer Dereference</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7659">CVE-2017-7659</a>)
+ </h3>
+ </dt>
<dd>
- Affects:
- 2.4.25, 2.4.23, 2.4.20, 2.4.18, 2.4.17, 2.4.16, 2.4.12, 2.4.10, 2.4.9, 2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2, 2.4.1<p/></dd>
- <dd>
- <b>important: </b>
- <b>
- <a name="CVE-2017-7659"/>
- <name name="CVE-2017-7659">mod_http2 Null Pointer Dereference</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7659">CVE-2017-7659</a>
<p>
A maliciously constructed HTTP/2 request could cause mod_http2 to dereference a
NULL pointer and crash the server process.
</p>
- </dd>
- <dd>
<p>Acknowledgements:
We would like to thank Robert ÅwiÄcki for reporting this issue.
</p>
- </dd>
- <dd>
- Reported to security team: 18th November 2016<br/>
- Issue public: 19th June 2017<br/></dd>
- <dd>
- Update Released: 19th June 2017<br/></dd>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">18th November 2016</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">19th June 2017</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">19th June 2017</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.4.25</td>
+ </tr>
+ </table>
+ </dd>
+ <dt>
+ <h3>important:
+ <a name="CVE-2017-7668"/><name name="CVE-2017-7668">ap_find_token() Buffer Overread</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668">CVE-2017-7668</a>)
+ </h3>
+ </dt>
<dd>
- Affects:
- 2.4.25<p/></dd>
- <dd>
- <b>important: </b>
- <b>
- <a name="CVE-2017-7668"/>
- <name name="CVE-2017-7668">ap_find_token() Buffer Overread</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668">CVE-2017-7668</a>
<p>
The HTTP strict parsing changes added in 2.2.32 and 2.4.24 introduced a bug in
token list parsing, which allows ap_find_token() to search past the end of its
@@ -267,55 +307,71 @@ input string. By maliciously crafting a
may be able to cause a segmentation fault, or to force ap_find_token() to return
an incorrect value.
</p>
- </dd>
- <dd>
<p>Acknowledgements:
We would like to thank Javier Jiménez (javijmor@gmail.com) for reporting this
issue.
</p>
- </dd>
- <dd>
- Reported to security team: 6th May 2017<br/>
- Issue public: 19th June 2017<br/></dd>
- <dd>
- Update Released: 19th June 2017<br/></dd>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">6th May 2017</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">19th June 2017</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">19th June 2017</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.4.25</td>
+ </tr>
+ </table>
+ </dd>
+ <dt>
+ <h3>important:
+ <a name="CVE-2017-7679"/><name name="CVE-2017-7679">mod_mime Buffer Overread</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679">CVE-2017-7679</a>)
+ </h3>
+ </dt>
<dd>
- Affects:
- 2.4.25<p/></dd>
- <dd>
- <b>important: </b>
- <b>
- <a name="CVE-2017-7679"/>
- <name name="CVE-2017-7679">mod_mime Buffer Overread</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679">CVE-2017-7679</a>
<p>
mod_mime can read one byte past the end of a buffer when sending a malicious
Content-Type response header.
</p>
- </dd>
- <dd>
<p>Acknowledgements:
We would like to thank ChenQin and Hanno Böck for reporting this issue.
</p>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">15th November 2015</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">19th June 2017</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">19th June 2017</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.4.25, 2.4.23, 2.4.20, 2.4.18, 2.4.17, 2.4.16, 2.4.12, 2.4.10, 2.4.9, 2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2, 2.4.1</td>
+ </tr>
+ </table>
</dd>
- <dd>
- Reported to security team: 15th November 2015<br/>
- Issue public: 19th June 2017<br/></dd>
- <dd>
- Update Released: 19th June 2017<br/></dd>
- <dd>
- Affects:
- 2.4.25, 2.4.23, 2.4.20, 2.4.18, 2.4.17, 2.4.16, 2.4.12, 2.4.10, 2.4.9, 2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2, 2.4.1<p/></dd>
-</dl><h1 id="2.4.25">
+</dl><br/><h1 id="2.4.25">
Fixed in Apache httpd 2.4.25</h1><dl>
+ <dt>
+ <h3>important:
+ <a name="CVE-2016-8743"/><name name="CVE-2016-8743">Apache HTTP Request Parsing Whitespace Defects</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743">CVE-2016-8743</a>)
+ </h3>
+ </dt>
<dd>
- <b>important: </b>
- <b>
- <a name="CVE-2016-8743"/>
- <name name="CVE-2016-8743">Apache HTTP Request Parsing Whitespace Defects</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743">CVE-2016-8743</a>
<p>
Apache HTTP Server, prior to release 2.4.25 (2.2.32), accepted a broad pattern
of unusual whitespace patterns from the user-agent, including bare CR, FF, VTAB
@@ -368,28 +424,36 @@ Note that relaxing the behavior to 'Unsa
other than HTAB (where permitted), but will allow other RFC requirements to
not be enforced, such as exactly two SP characters in the request line.
</p>
- </dd>
- <dd>
<p>Acknowledgements:
We would like to thank David Dennerline at IBM Security's X-Force Researchers
as well as Régis Leroy for each reporting this issue.
</p>
- </dd>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">10th February 2016</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">20th December 2016</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">20th December 2016</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.4.23, 2.4.20, 2.4.18, 2.4.17, 2.4.16, 2.4.12, 2.4.10, 2.4.9, 2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2, 2.4.1</td>
+ </tr>
+ </table>
+ </dd>
+ <dt>
+ <h3>low:
+ <a name="CVE-2016-8740"/><name name="CVE-2016-8740">HTTP/2 CONTINUATION denial of service</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8740">CVE-2016-8740</a>)
+ </h3>
+ </dt>
<dd>
- Reported to security team: 10th February 2016<br/>
- Issue public: 20th December 2016<br/></dd>
- <dd>
- Update Released: 20th December 2016<br/></dd>
- <dd>
- Affects:
- 2.4.23, 2.4.20, 2.4.18, 2.4.17, 2.4.16, 2.4.12, 2.4.10, 2.4.9, 2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2, 2.4.1<p/></dd>
- <dd>
- <b>low: </b>
- <b>
- <a name="CVE-2016-8740"/>
- <name name="CVE-2016-8740">HTTP/2 CONTINUATION denial of service</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8740">CVE-2016-8740</a>
<p>
The HTTP/2 protocol implementation (mod_http2) had an incomplete handling
of the
@@ -397,53 +461,69 @@ as well as Régis Leroy for each repor
directive. This allowed an attacker to inject unlimited request headers into
the server, leading to eventual memory exhaustion.
</p>
- </dd>
- <dd>
<p>Acknowledgements:
We would like to thank Naveen Tiwari
and CDF/SEFCOM at Arizona State University to reporting this issue.
</p>
- </dd>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">22nd November 2016</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">4th December 2016</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">20th December 2016</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.4.23, 2.4.20, 2.4.18, 2.4.17</td>
+ </tr>
+ </table>
+ </dd>
+ <dt>
+ <h3>low:
+ <a name="CVE-2016-2161"/><name name="CVE-2016-2161">DoS vulnerability in mod_auth_digest</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2161">CVE-2016-2161</a>)
+ </h3>
+ </dt>
<dd>
- Reported to security team: 22nd November 2016<br/>
- Issue public: 4th December 2016<br/></dd>
- <dd>
- Update Released: 20th December 2016<br/></dd>
- <dd>
- Affects:
- 2.4.23, 2.4.20, 2.4.18, 2.4.17<p/></dd>
- <dd>
- <b>low: </b>
- <b>
- <a name="CVE-2016-2161"/>
- <name name="CVE-2016-2161">DoS vulnerability in mod_auth_digest</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2161">CVE-2016-2161</a>
<p>
Malicious input to mod_auth_digest will cause the server to crash, and
each instance continues to crash even for subsequently valid requests.
</p>
- </dd>
- <dd>
<p>Acknowledgements:
We would like to thank Maksim Malyutin for reporting this issue.
</p>
- </dd>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">11th July 2016</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">20th December 2016</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">20th December 2016</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.4.23, 2.4.20, 2.4.18, 2.4.17, 2.4.16, 2.4.12, 2.4.10, 2.4.9, 2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2, 2.4.1</td>
+ </tr>
+ </table>
+ </dd>
+ <dt>
+ <h3>low:
+ <a name="CVE-2016-0736"/><name name="CVE-2016-0736">Padding Oracle in Apache mod_session_crypto</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0736">CVE-2016-0736</a>)
+ </h3>
+ </dt>
<dd>
- Reported to security team: 11th July 2016<br/>
- Issue public: 20th December 2016<br/></dd>
- <dd>
- Update Released: 20th December 2016<br/></dd>
- <dd>
- Affects:
- 2.4.23, 2.4.20, 2.4.18, 2.4.17, 2.4.16, 2.4.12, 2.4.10, 2.4.9, 2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2, 2.4.1<p/></dd>
- <dd>
- <b>low: </b>
- <b>
- <a name="CVE-2016-0736"/>
- <name name="CVE-2016-0736">Padding Oracle in Apache mod_session_crypto</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0736">CVE-2016-0736</a>
<p>
Prior to Apache HTTP release 2.4.25, mod_sessioncrypto was encrypting its
data/cookie using the configured ciphers with possibly either CBC or ECB
@@ -452,28 +532,36 @@ We would like to thank Maksim Malyutin f
This made it vulnerable to padding oracle attacks, particularly with CBC.
An authentication tag (SipHash MAC) is now added to prevent such attacks.
</p>
- </dd>
- <dd>
<p>Acknowledgements:
We would like to thank individuals at the RedTeam Pentesting GmbH for reporting
this issue.
</p>
- </dd>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">20th January 2016</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">20th December 2016</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">20th December 2016</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.4.23, 2.4.20, 2.4.18, 2.4.17, 2.4.16, 2.4.12, 2.4.10, 2.4.9, 2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2, 2.4.1</td>
+ </tr>
+ </table>
+ </dd>
+ <dt>
+ <h3>n/a:
+ <a name="CVE-2016-5387"/><name name="CVE-2016-5387">HTTP_PROXY environment variable "httpoxy" mitigation</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5387">CVE-2016-5387</a>)
+ </h3>
+ </dt>
<dd>
- Reported to security team: 20th January 2016<br/>
- Issue public: 20th December 2016<br/></dd>
- <dd>
- Update Released: 20th December 2016<br/></dd>
- <dd>
- Affects:
- 2.4.23, 2.4.20, 2.4.18, 2.4.17, 2.4.16, 2.4.12, 2.4.10, 2.4.9, 2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2, 2.4.1<p/></dd>
- <dd>
- <b>n/a: </b>
- <b>
- <a name="CVE-2016-5387"/>
- <name name="CVE-2016-5387">HTTP_PROXY environment variable "httpoxy" mitigation</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5387">CVE-2016-5387</a>
<p>
HTTP_PROXY is a well-defined environment variable in a CGI process,
which collided with a number of libraries which failed to avoid
@@ -491,30 +579,38 @@ this issue.
other software which overloaded well-established CGI environment
variables, and does not reflect an error in HTTP server software.
</p>
- </dd>
- <dd>
<p>Acknowledgements:
We would like to thank Dominic Scheirlinck and Scott Geary of Vend
for reporting and proposing a fix for this issue.
</p>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">2nd July 2016</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">18th July 2016</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">20th December 2016</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.4.23, 2.4.20, 2.4.18, 2.4.17, 2.4.16, 2.4.12, 2.4.10, 2.4.9, 2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2, 2.4.1</td>
+ </tr>
+ </table>
</dd>
- <dd>
- Reported to security team: 2nd July 2016<br/>
- Issue public: 18th July 2016<br/></dd>
- <dd>
- Update Released: 20th December 2016<br/></dd>
- <dd>
- Affects:
- 2.4.23, 2.4.20, 2.4.18, 2.4.17, 2.4.16, 2.4.12, 2.4.10, 2.4.9, 2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2, 2.4.1<p/></dd>
-</dl><h1 id="2.4.23">
+</dl><br/><h1 id="2.4.23">
Fixed in Apache httpd 2.4.23</h1><dl>
+ <dt>
+ <h3>important:
+ <a name="CVE-2016-4979"/><name name="CVE-2016-4979">TLS/SSL X.509 client certificate auth bypass with HTTP/2</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4979">CVE-2016-4979</a>)
+ </h3>
+ </dt>
<dd>
- <b>important: </b>
- <b>
- <a name="CVE-2016-4979"/>
- <name name="CVE-2016-4979">TLS/SSL X.509 client certificate auth bypass with HTTP/2</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4979">CVE-2016-4979</a>
<p>
For configurations enabling support for HTTP/2, SSL client
certificate validation was not enforced if configured, allowing
@@ -523,29 +619,37 @@ Fixed in Apache httpd 2.4.23</h1><dl>
<p>
This issue affected releases 2.4.18 and 2.4.20 only.
</p>
- </dd>
- <dd>
<p>Acknowledgements:
This issue was reported by Erki Aring.
</p>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">30th June 2016</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">5th July 2016</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">5th July 2016</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.4.20, 2.4.18</td>
+ </tr>
+ </table>
</dd>
- <dd>
- Reported to security team: 30th June 2016<br/>
- Issue public: 5th July 2016<br/></dd>
- <dd>
- Update Released: 5th July 2016<br/></dd>
- <dd>
- Affects:
- 2.4.20, 2.4.18<p/></dd>
-</dl><h1 id="2.4.20">
+</dl><br/><h1 id="2.4.20">
Fixed in Apache httpd 2.4.20</h1><dl>
+ <dt>
+ <h3>low:
+ <a name="CVE-2016-1546"/><name name="CVE-2016-1546">mod_http2: denial of service by thread starvation</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1546">CVE-2016-1546</a>)
+ </h3>
+ </dt>
<dd>
- <b>low: </b>
- <b>
- <a name="CVE-2016-1546"/>
- <name name="CVE-2016-1546">mod_http2: denial of service by thread starvation</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1546">CVE-2016-1546</a>
<p>
By manipulating the flow control windows on streams, a client was able to
@@ -554,29 +658,37 @@ Fixed in Apache httpd 2.4.20</h1><dl>
This issue affected HTTP/2 support in 2.4.17 and 2.4.18.
</p>
- </dd>
- <dd>
<p>Acknowledgements:
This issue was reported by Noam Mazor.
</p>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">2nd February 2016</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">11th April 2016</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">11th April 2016</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.4.18, 2.4.17</td>
+ </tr>
+ </table>
</dd>
- <dd>
- Reported to security team: 2nd February 2016<br/>
- Issue public: 11th April 2016<br/></dd>
- <dd>
- Update Released: 11th April 2016<br/></dd>
- <dd>
- Affects:
- 2.4.18, 2.4.17<p/></dd>
-</dl><h1 id="2.4.16">
+</dl><br/><h1 id="2.4.16">
Fixed in Apache httpd 2.4.16</h1><dl>
+ <dt>
+ <h3>low:
+ <a name="CVE-2015-0228"/><name name="CVE-2015-0228">mod_lua: Crash in websockets PING handling</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0228">CVE-2015-0228</a>)
+ </h3>
+ </dt>
<dd>
- <b>low: </b>
- <b>
- <a name="CVE-2015-0228"/>
- <name name="CVE-2015-0228">mod_lua: Crash in websockets PING handling</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0228">CVE-2015-0228</a>
<p>
A stack recursion crash in the mod_lua module was found. A Lua
@@ -585,27 +697,35 @@ Fixed in Apache httpd 2.4.16</h1><dl>
issue affected releases 2.4.7 through 2.4.12 inclusive.
</p>
- </dd>
- <dd>
<p>Acknowledgements:
This issue was reported by Guido Vranken.
</p>
- </dd>
- <dd>
- Reported to security team: 28th January 2015<br/>
- Issue public: 4th February 2015<br/></dd>
- <dd>
- Update Released: 15th July 2015<br/></dd>
- <dd>
- Affects:
- 2.4.12, 2.4.10, 2.4.9, 2.4.7<p/></dd>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">28th January 2015</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">4th February 2015</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">15th July 2015</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.4.12, 2.4.10, 2.4.9, 2.4.7</td>
+ </tr>
+ </table>
+ </dd>
+ <dt>
+ <h3>low:
+ <a name="CVE-2015-0253"/><name name="CVE-2015-0253">Crash in ErrorDocument 400 handling</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0253">CVE-2015-0253</a>)
+ </h3>
+ </dt>
<dd>
- <b>low: </b>
- <b>
- <a name="CVE-2015-0253"/>
- <name name="CVE-2015-0253">Crash in ErrorDocument 400 handling</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0253">CVE-2015-0253</a>
<p>
A crash in ErrorDocument handling was found. If ErrorDocument 400
@@ -615,22 +735,32 @@ This issue was reported by Guido Vranken
release only.
</p>
- </dd>
- <dd>
- Reported to security team: 3rd February 2015<br/>
- Issue public: 5th March 2015<br/></dd>
- <dd>
- Update Released: 15th July 2015<br/></dd>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">3rd February 2015</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">5th March 2015</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">15th July 2015</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.4.12</td>
+ </tr>
+ </table>
+ </dd>
+ <dt>
+ <h3>low:
+ <a name="CVE-2015-3183"/><name name="CVE-2015-3183">HTTP request smuggling attack against chunked request parser</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3183">CVE-2015-3183</a>)
+ </h3>
+ </dt>
<dd>
- Affects:
- 2.4.12<p/></dd>
- <dd>
- <b>low: </b>
- <b>
- <a name="CVE-2015-3183"/>
- <name name="CVE-2015-3183">HTTP request smuggling attack against chunked request parser</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3183">CVE-2015-3183</a>
<p>
An HTTP request smuggling attack was possible due to a bug in parsing of
@@ -639,27 +769,35 @@ This issue was reported by Guido Vranken
credential hijacking if an intermediary proxy is in use.
</p>
- </dd>
- <dd>
<p>Acknowledgements:
This issue was reported by Régis Leroy.
</p>
- </dd>
- <dd>
- Reported to security team: 4th April 2015<br/>
- Issue public: 9th June 2015<br/></dd>
- <dd>
- Update Released: 15th July 2015<br/></dd>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">4th April 2015</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">9th June 2015</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">15th July 2015</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.4.12, 2.4.10, 2.4.9, 2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2, 2.4.1</td>
+ </tr>
+ </table>
+ </dd>
+ <dt>
+ <h3>low:
+ <a name="CVE-2015-3185"/><name name="CVE-2015-3185">ap_some_auth_required API unusable</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3185">CVE-2015-3185</a>)
+ </h3>
+ </dt>
<dd>
- Affects:
- 2.4.12, 2.4.10, 2.4.9, 2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2, 2.4.1<p/></dd>
- <dd>
- <b>low: </b>
- <b>
- <a name="CVE-2015-3185"/>
- <name name="CVE-2015-3185">ap_some_auth_required API unusable</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3185">CVE-2015-3185</a>
<p>
A design error in the "ap_some_auth_required" function renders the
@@ -674,205 +812,267 @@ This issue was reported by Régis Lero
2.4.16 instead.
</p>
- </dd>
- <dd>
<p>Acknowledgements:
This issue was reported by Ben Reser.
</p>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">5th August 2013</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">9th June 2015</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">15th July 2015</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.4.12, 2.4.10, 2.4.9, 2.4.7, 2.4.6, 2.4.5, 2.4.4, 2.4.3, 2.4.2, 2.4.1, 2.4.0</td>
+ </tr>
+ </table>
</dd>
- <dd>
- Reported to security team: 5th August 2013<br/>
- Issue public: 9th June 2015<br/></dd>
- <dd>
- Update Released: 15th July 2015<br/></dd>
- <dd>
- Affects:
- 2.4.12, 2.4.10, 2.4.9, 2.4.7, 2.4.6, 2.4.5, 2.4.4, 2.4.3, 2.4.2, 2.4.1, 2.4.0<p/></dd>
-</dl><h1 id="2.4.12">
+</dl><br/><h1 id="2.4.12">
Fixed in Apache httpd 2.4.12</h1><dl>
+ <dt>
+ <h3>low:
+ <a name="CVE-2014-8109"/><name name="CVE-2014-8109">mod_lua multiple "Require" directive handling is broken</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8109">CVE-2014-8109</a>)
+ </h3>
+ </dt>
<dd>
- <b>low: </b>
- <b>
- <a name="CVE-2014-8109"/>
- <name name="CVE-2014-8109">mod_lua multiple "Require" directive handling is broken</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8109">CVE-2014-8109</a>
<p>
Fix handling of the Require line in mod_lau when a LuaAuthzProvider is
used in multiple Require directives with different arguments. This could
lead to different authentication rules than expected.
</p>
- </dd>
- <dd>
- Issue public: 9th November 2014<br/></dd>
- <dd>
- Update Released: 30th January 2015<br/></dd>
- <dd>
- Affects:
- 2.4.10, 2.4.9, 2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2, 2.4.1<p/></dd>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">9th November 2014</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">30th January 2015</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.4.10, 2.4.9, 2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2, 2.4.1</td>
+ </tr>
+ </table>
+ </dd>
+ <dt>
+ <h3>low:
+ <a name="CVE-2014-3583"/><name name="CVE-2014-3583">mod_proxy_fcgi out-of-bounds memory read</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3583">CVE-2014-3583</a>)
+ </h3>
+ </dt>
<dd>
- <b>low: </b>
- <b>
- <a name="CVE-2014-3583"/>
- <name name="CVE-2014-3583">mod_proxy_fcgi out-of-bounds memory read</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3583">CVE-2014-3583</a>
<p>
An out-of-bounds memory read was found in mod_proxy_fcgi. A malicious
FastCGI server could send a carefully crafted response which could
lead to a crash when reading past the end of a heap memory or stack
buffer. This issue affects version 2.4.10 only.
</p>
- </dd>
- <dd>
<p>Acknowledgements:
This issue was reported by Teguh P. Alko.
</p>
- </dd>
- <dd>
- Reported to security team: 17th September 2014<br/>
- Issue public: 12th November 2014<br/></dd>
- <dd>
- Update Released: 30th January 2015<br/></dd>
- <dd>
- Affects:
- 2.4.10<p/></dd>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">17th September 2014</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">12th November 2014</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">30th January 2015</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.4.10</td>
+ </tr>
+ </table>
+ </dd>
+ <dt>
+ <h3>low:
+ <a name="CVE-2014-3581"/><name name="CVE-2014-3581">mod_cache crash with empty Content-Type header</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3581">CVE-2014-3581</a>)
+ </h3>
+ </dt>
<dd>
- <b>low: </b>
- <b>
- <a name="CVE-2014-3581"/>
- <name name="CVE-2014-3581">mod_cache crash with empty Content-Type header</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3581">CVE-2014-3581</a>
<p>
A NULL pointer deference was found in mod_cache. A malicious HTTP
server could cause a crash in a caching forward proxy configuration.
This crash would only be a denial of service if using a threaded MPM.
</p>
- </dd>
- <dd>
- Issue public: 8th September 2014<br/></dd>
- <dd>
- Update Released: 30th January 2015<br/></dd>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">8th September 2014</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">30th January 2015</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.4.10, 2.4.9, 2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2, 2.4.1</td>
+ </tr>
+ </table>
+ </dd>
+ <dt>
+ <h3>low:
+ <a name="CVE-2013-5704"/><name name="CVE-2013-5704">HTTP Trailers processing bypass</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5704">CVE-2013-5704</a>)
+ </h3>
+ </dt>
<dd>
- Affects:
- 2.4.10, 2.4.9, 2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2, 2.4.1<p/></dd>
- <dd>
- <b>low: </b>
- <b>
- <a name="CVE-2013-5704"/>
- <name name="CVE-2013-5704">HTTP Trailers processing bypass</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5704">CVE-2013-5704</a>
<p>
HTTP trailers could be used to replace HTTP headers late during request
processing, potentially undoing or otherwise confusing modules that
examined or modified request headers earlier.</p>
<p>This fix adds the "MergeTrailers" directive to restore legacy behavior.
</p>
- </dd>
- <dd>
<p>Acknowledgements:
This issue was reported by Martin Holst Swende.
</p>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">6th September 2013</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">19th October 2013</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">30th January 2015</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.4.10, 2.4.9, 2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2, 2.4.1</td>
+ </tr>
+ </table>
</dd>
- <dd>
- Reported to security team: 6th September 2013<br/>
- Issue public: 19th October 2013<br/></dd>
- <dd>
- Update Released: 30th January 2015<br/></dd>
- <dd>
- Affects:
- 2.4.10, 2.4.9, 2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2, 2.4.1<p/></dd>
-</dl><h1 id="2.4.10">
+</dl><br/><h1 id="2.4.10">
Fixed in Apache httpd 2.4.10</h1><dl>
+ <dt>
+ <h3>important:
+ <a name="CVE-2014-0231"/><name name="CVE-2014-0231">mod_cgid denial of service</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0231">CVE-2014-0231</a>)
+ </h3>
+ </dt>
<dd>
- <b>important: </b>
- <b>
- <a name="CVE-2014-0231"/>
- <name name="CVE-2014-0231">mod_cgid denial of service</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0231">CVE-2014-0231</a>
<p>
A flaw was found in mod_cgid. If a server using mod_cgid hosted CGI
scripts which did not consume standard input, a remote attacker could
cause child processes to hang indefinitely, leading to denial of
service.
</p>
- </dd>
- <dd>
<p>Acknowledgements:
This issue was reported by Rainer Jung of the ASF
</p>
- </dd>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">16th June 2014</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">14th July 2014</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">14th July 2014</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.4.9, 2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2, 2.4.1</td>
+ </tr>
+ </table>
+ </dd>
+ <dt>
+ <h3>important:
+ <a name="CVE-2014-3523"/><name name="CVE-2014-3523">WinNT MPM denial of service</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3523">CVE-2014-3523</a>)
+ </h3>
+ </dt>
<dd>
- Reported to security team: 16th June 2014<br/>
- Issue public: 14th July 2014<br/></dd>
- <dd>
- Update Released: 14th July 2014<br/></dd>
- <dd>
- Affects:
- 2.4.9, 2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2, 2.4.1<p/></dd>
- <dd>
- <b>important: </b>
- <b>
- <a name="CVE-2014-3523"/>
- <name name="CVE-2014-3523">WinNT MPM denial of service</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3523">CVE-2014-3523</a>
<p>
A flaw was found in the WinNT MPM in httpd versions 2.4.1 to 2.4.9, when
using the default AcceptFilter for that platform. A remote attacker
could send carefully crafted requests that would leak memory and
eventually lead to a denial of service against the server.
</p>
- </dd>
- <dd>
<p>Acknowledgements:
This issue was reported by Jeff Trawick of the ASF
</p>
- </dd>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">1st July 2014</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">15th July 2014</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">15th July 2014</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.4.9, 2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2, 2.4.1</td>
+ </tr>
+ </table>
+ </dd>
+ <dt>
+ <h3>moderate:
+ <a name="CVE-2014-0117"/><name name="CVE-2014-0117">mod_proxy denial of service</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0117">CVE-2014-0117</a>)
+ </h3>
+ </dt>
<dd>
- Reported to security team: 1st July 2014<br/>
- Issue public: 15th July 2014<br/></dd>
- <dd>
- Update Released: 15th July 2014<br/></dd>
- <dd>
- Affects:
- 2.4.9, 2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2, 2.4.1<p/></dd>
- <dd>
- <b>moderate: </b>
- <b>
- <a name="CVE-2014-0117"/>
- <name name="CVE-2014-0117">mod_proxy denial of service</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0117">CVE-2014-0117</a>
<p>
A flaw was found in mod_proxy in httpd versions 2.4.6 to 2.4.9. A remote attacker could send a carefully crafted request
to a server configured as a reverse proxy, and cause the child process
to crash. This could lead to a denial of service against a threaded MPM.
</p>
- </dd>
- <dd>
<p>Acknowledgements:
This issue was reported by Marek Kroemeke, AKAT-1 and 22733db72ab3ed94b5f8a1ffcde850251fe6f466 via HP ZDI
</p>
- </dd>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">7th April 2014</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">15th July 2014</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">15th July 2014</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.4.9, 2.4.7, 2.4.6</td>
+ </tr>
+ </table>
+ </dd>
+ <dt>
+ <h3>moderate:
+ <a name="CVE-2014-0118"/><name name="CVE-2014-0118">mod_deflate denial of service</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0118">CVE-2014-0118</a>)
+ </h3>
+ </dt>
<dd>
- Reported to security team: 7th April 2014<br/>
- Issue public: 15th July 2014<br/></dd>
- <dd>
- Update Released: 15th July 2014<br/></dd>
- <dd>
- Affects:
- 2.4.9, 2.4.7, 2.4.6<p/></dd>
- <dd>
- <b>moderate: </b>
- <b>
- <a name="CVE-2014-0118"/>
- <name name="CVE-2014-0118">mod_deflate denial of service</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0118">CVE-2014-0118</a>
<p>
A resource consumption flaw was found in mod_deflate. If request body
decompression was configured (using the "DEFLATE" input filter), a
@@ -880,27 +1080,35 @@ remote attacker could cause the server t
and/or CPU resources. The use of request body decompression is not a common
configuration.
</p>
- </dd>
- <dd>
<p>Acknowledgements:
This issue was reported by Giancarlo Pellegrino and Davide Balzarotti
</p>
- </dd>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">19th February 2014</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">14th July 2014</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">14th July 2014</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.4.9, 2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2, 2.4.1</td>
+ </tr>
+ </table>
+ </dd>
+ <dt>
+ <h3>moderate:
+ <a name="CVE-2014-0226"/><name name="CVE-2014-0226">mod_status buffer overflow</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0226">CVE-2014-0226</a>)
+ </h3>
+ </dt>
<dd>
- Reported to security team: 19th February 2014<br/>
- Issue public: 14th July 2014<br/></dd>
- <dd>
- Update Released: 14th July 2014<br/></dd>
- <dd>
- Affects:
- 2.4.9, 2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2, 2.4.1<p/></dd>
- <dd>
- <b>moderate: </b>
- <b>
- <a name="CVE-2014-0226"/>
- <name name="CVE-2014-0226">mod_status buffer overflow</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0226">CVE-2014-0226</a>
<p>
A race condition was found in mod_status. An attacker able to access
a public server status page on a server using a threaded MPM could send a
@@ -908,273 +1116,366 @@ carefully crafted request which could le
that it is not a default or recommended configuration to have a public
accessible server status page.
</p>
- </dd>
- <dd>
<p>Acknowledgements:
This issue was reported by Marek Kroemeke, AKAT-1 and
22733db72ab3ed94b5f8a1ffcde850251fe6f466 via HP ZDI
</p>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">30th May 2014</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">14th July 2014</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">14th July 2014</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.4.9, 2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2, 2.4.1</td>
+ </tr>
+ </table>
</dd>
- <dd>
- Reported to security team: 30th May 2014<br/>
- Issue public: 14th July 2014<br/></dd>
- <dd>
- Update Released: 14th July 2014<br/></dd>
- <dd>
- Affects:
- 2.4.9, 2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2, 2.4.1<p/></dd>
-</dl><h1 id="2.4.7">
+</dl><br/><h1 id="2.4.7">
Fixed in Apache httpd 2.4.7</h1><dl>
+ <dt>
+ <h3>low:
+ <a name="CVE-2013-4352"/><name name="CVE-2013-4352">mod_cache crash</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4352">CVE-2013-4352</a>)
+ </h3>
+ </dt>
<dd>
- <b>low: </b>
- <b>
- <a name="CVE-2013-4352"/>
- <name name="CVE-2013-4352">mod_cache crash</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4352">CVE-2013-4352</a>
<p>
A NULL pointer dereference was found in mod_cache. A malicious HTTP
server could cause a crash in a caching forward proxy configuration.
(Note that this vulnerability was fixed in the 2.4.7 release, but the
security impact was not disclosed at the time of the release.)
</p>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">14th September 2013</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">14th July 2014</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">26th November 2013</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.4.6</td>
+ </tr>
+ </table>
</dd>
- <dd>
- Reported to security team: 14th September 2013<br/>
- Issue public: 14th July 2014<br/></dd>
- <dd>
- Update Released: 26th November 2013<br/></dd>
- <dd>
- Affects:
- 2.4.6<p/></dd>
-</dl><h1 id="2.4.9">
+</dl><br/><h1 id="2.4.9">
Fixed in Apache httpd 2.4.9</h1><dl>
+ <dt>
+ <h3>low:
+ <a name="CVE-2014-0098"/><name name="CVE-2014-0098">mod_log_config crash</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0098">CVE-2014-0098</a>)
+ </h3>
+ </dt>
<dd>
- <b>low: </b>
- <b>
- <a name="CVE-2014-0098"/>
- <name name="CVE-2014-0098">mod_log_config crash</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0098">CVE-2014-0098</a>
<p>
A flaw was found in mod_log_config. A remote attacker could send a
specific truncated cookie causing a crash. This crash would only be a
denial of service if using a threaded MPM.
</p>
- </dd>
- <dd>
<p>Acknowledgements:
This issue was reported by Rainer M Canavan
</p>
- </dd>
- <dd>
- Reported to security team: 25th February 2014<br/>
- Issue public: 17th March 2014<br/></dd>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">25th February 2014</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">17th March 2014</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">17th March 2014</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2, 2.4.1</td>
+ </tr>
+ </table>
+ </dd>
+ <dt>
+ <h3>moderate:
+ <a name="CVE-2013-6438"/><name name="CVE-2013-6438">mod_dav crash</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6438">CVE-2013-6438</a>)
+ </h3>
+ </dt>
<dd>
- Update Released: 17th March 2014<br/></dd>
- <dd>
- Affects:
- 2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2, 2.4.1<p/></dd>
- <dd>
- <b>moderate: </b>
- <b>
- <a name="CVE-2013-6438"/>
- <name name="CVE-2013-6438">mod_dav crash</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6438">CVE-2013-6438</a>
<p>
XML parsing code in mod_dav incorrectly calculates the end of the string when
removing leading spaces and places a NUL character outside the buffer, causing
random crashes. This XML parsing code is only used with DAV provider modules
that support DeltaV, of which the only publicly released provider is mod_dav_svn.
</p>
- </dd>
- <dd>
<p>Acknowledgements:
This issue was reported by Ning Zhang & Amin Tora of Neustar
</p>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">10th December 2013</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">17th March 2014</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">17th March 2014</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2, 2.4.1</td>
+ </tr>
+ </table>
</dd>
- <dd>
- Reported to security team: 10th December 2013<br/>
- Issue public: 17th March 2014<br/></dd>
- <dd>
- Update Released: 17th March 2014<br/></dd>
- <dd>
- Affects:
- 2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2, 2.4.1<p/></dd>
-</dl><h1 id="2.4.6">
+</dl><br/><h1 id="2.4.6">
Fixed in Apache httpd 2.4.6</h1><dl>
+ <dt>
+ <h3>moderate:
+ <a name="CVE-2013-1896"/><name name="CVE-2013-1896">mod_dav crash</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1896">CVE-2013-1896</a>)
+ </h3>
+ </dt>
<dd>
- <b>moderate: </b>
- <b>
- <a name="CVE-2013-1896"/>
- <name name="CVE-2013-1896">mod_dav crash</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1896">CVE-2013-1896</a>
<p>
Sending a MERGE request against a URI handled by mod_dav_svn with the
source href (sent as part of the request body as XML) pointing to a
URI that is not configured for DAV will trigger a segfault.
</p>
- </dd>
- <dd>
<p>Acknowledgements:
This issue was reported by Ben Reser
</p>
- </dd>
- <dd>
- Reported to security team: 7th March 2013<br/>
- Issue public: 23rd May 2013<br/></dd>
- <dd>
- Update Released: 22nd July 2013<br/></dd>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">7th March 2013</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">23rd May 2013</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">22nd July 2013</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.4.4, 2.4.3, 2.4.2, 2.4.1</td>
+ </tr>
+ </table>
+ </dd>
+ <dt>
+ <h3>moderate:
+ <a name="CVE-2013-2249"/><name name="CVE-2013-2249">mod_session_dbd session fixation flaw</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2249">CVE-2013-2249</a>)
+ </h3>
+ </dt>
<dd>
- Affects:
- 2.4.4, 2.4.3, 2.4.2, 2.4.1<p/></dd>
- <dd>
- <b>moderate: </b>
- <b>
- <a name="CVE-2013-2249"/>
- <name name="CVE-2013-2249">mod_session_dbd session fixation flaw</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2249">CVE-2013-2249</a>
<p>
A flaw in mod_session_dbd caused it to proceed with save operations for a session
without considering the dirty flag and the requirement for a new
session ID.
</p>
- </dd>
- <dd>
<p>Acknowledgements:
This issue was reported by Takashi Sato
</p>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">29th May 2013</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">22nd July 2013</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">22nd July 2013</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.4.4, 2.4.3, 2.4.2, 2.4.1</td>
+ </tr>
+ </table>
</dd>
- <dd>
- Reported to security team: 29th May 2013<br/>
- Issue public: 22nd July 2013<br/></dd>
- <dd>
- Update Released: 22nd July 2013<br/></dd>
- <dd>
- Affects:
- 2.4.4, 2.4.3, 2.4.2, 2.4.1<p/></dd>
-</dl><h1 id="2.4.4">
+</dl><br/><h1 id="2.4.4">
Fixed in Apache httpd 2.4.4</h1><dl>
+ <dt>
+ <h3>low:
+ <a name="CVE-2012-3499"/><name name="CVE-2012-3499">XSS due to unescaped hostnames</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3499">CVE-2012-3499</a>)
+ </h3>
+ </dt>
<dd>
- <b>low: </b>
- <b>
- <a name="CVE-2012-3499"/>
- <name name="CVE-2012-3499">XSS due to unescaped hostnames</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3499">CVE-2012-3499</a>
<p>
Various XSS flaws due to unescaped hostnames and URIs HTML output in
mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp.
</p>
- </dd>
- <dd>
<p>Acknowledgements:
This issue was reported by Niels Heinen of Google
</p>
- </dd>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">11th July 2012</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">18th February 2013</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">25th February 2013</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.4.3, 2.4.2, 2.4.1</td>
+ </tr>
+ </table>
+ </dd>
+ <dt>
+ <h3>moderate:
+ <a name="CVE-2012-4558"/><name name="CVE-2012-4558">XSS in mod_proxy_balancer</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4558">CVE-2012-4558</a>)
+ </h3>
+ </dt>
<dd>
- Reported to security team: 11th July 2012<br/>
- Issue public: 18th February 2013<br/></dd>
- <dd>
- Update Released: 25th February 2013<br/></dd>
- <dd>
- Affects:
- 2.4.3, 2.4.2, 2.4.1<p/></dd>
- <dd>
- <b>moderate: </b>
- <b>
- <a name="CVE-2012-4558"/>
- <name name="CVE-2012-4558">XSS in mod_proxy_balancer</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4558">CVE-2012-4558</a>
<p>
A XSS flaw affected the mod_proxy_balancer manager interface.
</p>
- </dd>
- <dd>
<p>Acknowledgements:
This issue was reported by Niels Heinen of Google
</p>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">7th October 2012</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">18th February 2013</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">25th February 2013</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.4.3, 2.4.2, 2.4.1</td>
+ </tr>
+ </table>
</dd>
- <dd>
- Reported to security team: 7th October 2012<br/>
- Issue public: 18th February 2013<br/></dd>
- <dd>
- Update Released: 25th February 2013<br/></dd>
- <dd>
- Affects:
- 2.4.3, 2.4.2, 2.4.1<p/></dd>
-</dl><h1 id="2.4.3">
+</dl><br/><h1 id="2.4.3">
Fixed in Apache httpd 2.4.3</h1><dl>
+ <dt>
+ <h3>important:
+ <a name="CVE-2012-3502"/><name name="CVE-2012-3502">Response mixup when using mod_proxy_ajp or mod_proxy_http</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3502">CVE-2012-3502</a>)
+ </h3>
+ </dt>
<dd>
- <b>important: </b>
- <b>
- <a name="CVE-2012-3502"/>
- <name name="CVE-2012-3502">Response mixup when using mod_proxy_ajp or mod_proxy_http</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3502">CVE-2012-3502</a>
<p>
The modules mod_proxy_ajp and mod_proxy_http did not always close
the connection to the back end server when necessary as part of error
handling. This could lead to an information disclosure due to a response mixup
between users.
</p>
- </dd>
- <dd>
- Issue public: 16th August 2012<br/></dd>
- <dd>
- Update Released: 21st August 2012<br/></dd>
- <dd>
- Affects:
- 2.4.2, 2.4.1<p/></dd>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">16th August 2012</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">21st August 2012</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.4.2, 2.4.1</td>
+ </tr>
+ </table>
+ </dd>
+ <dt>
+ <h3>low:
+ <a name="CVE-2012-2687"/><name name="CVE-2012-2687">XSS in mod_negotiation when untrusted uploads are supported</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2687">CVE-2012-2687</a>)
+ </h3>
+ </dt>
<dd>
- <b>low: </b>
- <b>
- <a name="CVE-2012-2687"/>
- <name name="CVE-2012-2687">XSS in mod_negotiation when untrusted uploads are supported</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2687">CVE-2012-2687</a>
<p>
Possible XSS for sites which use mod_negotiation and allow
untrusted uploads to locations which have MultiViews enabled.
</p>
<p>Note: This issue is also known as CVE-2008-0455.</p>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">31st May 2012</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">13th June 2012</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">21st August 2012</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.4.2, 2.4.1</td>
+ </tr>
+ </table>
</dd>
- <dd>
- Reported to security team: 31st May 2012<br/>
- Issue public: 13th June 2012<br/></dd>
- <dd>
- Update Released: 21st August 2012<br/></dd>
- <dd>
- Affects:
- 2.4.2, 2.4.1<p/></dd>
-</dl><h1 id="2.4.2">
+</dl><br/><h1 id="2.4.2">
Fixed in Apache httpd 2.4.2</h1><dl>
+ <dt>
+ <h3>low:
+ <a name="CVE-2012-0883"/><name name="CVE-2012-0883">insecure LD_LIBRARY_PATH handling</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0883">CVE-2012-0883</a>)
+ </h3>
+ </dt>
<dd>
- <b>low: </b>
- <b>
- <a name="CVE-2012-0883"/>
- <name name="CVE-2012-0883">insecure LD_LIBRARY_PATH handling</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0883">CVE-2012-0883</a>
<p>
Insecure handling of LD_LIBRARY_PATH was found that could
lead to the current working directory to be searched for DSOs.
This could allow a local user to execute code as root if an
administrator runs apachectl from an untrusted directory.
</p>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">14th February 2012</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">2nd March 2012</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">17th April 2012</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.4.1</td>
+ </tr>
+ </table>
</dd>
- <dd>
- Reported to security team: 14th February 2012<br/>
- Issue public: 2nd March 2012<br/></dd>
- <dd>
- Update Released: 17th April 2012<br/></dd>
- <dd>
- Affects:
- 2.4.1<p/></dd>
</dl>