You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by bu...@apache.org on 2017/07/27 17:43:40 UTC
svn commit: r1016048 [2/3] - in /websites/staging/httpd/trunk/content: ./
css/apsite.css security/vulnerabilities-httpd.page/securitydb.xsl
security/vulnerabilities_22.html security/vulnerabilities_24.html
Modified: websites/staging/httpd/trunk/content/security/vulnerabilities_22.html
==============================================================================
--- websites/staging/httpd/trunk/content/security/vulnerabilities_22.html (original)
+++ websites/staging/httpd/trunk/content/security/vulnerabilities_22.html Thu Jul 27 17:43:40 2017
@@ -106,15 +106,15 @@ in a "-dev" release then this means that
the development source tree and will be part of an upcoming full release.</p><p> This page is created from a database of vulnerabilities originally
populated by Apache Week. Please send comments or corrections for
these vulnerabilities to the <a href="/security_report.html">Security
-Team</a>. </p><h1 id="2.2.34">
+Team</a>. </p><br/><h1 id="2.2.34">
Fixed in Apache httpd 2.2.34</h1><dl>
+ <dt>
+ <h3>important:
+ <a name="CVE-2017-9788"/><name name="CVE-2017-9788">Uninitialized memory reflection in mod_auth_digest</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9788">CVE-2017-9788</a>)
+ </h3>
+ </dt>
<dd>
- <b>important: </b>
- <b>
- <a name="CVE-2017-9788"/>
- <name name="CVE-2017-9788">Uninitialized memory reflection in mod_auth_digest</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9788">CVE-2017-9788</a>
<p>
The value placeholder in [Proxy-]Authorization headers
of type 'Digest' was not initialized or reset
@@ -127,27 +127,35 @@ could reflect the stale value of uniniti
memory used by the prior request, leading to leakage
of potentially confidential information, and a segfault.
</p>
- </dd>
- <dd>
<p>Acknowledgements:
We would like to thank Robert ÅwiÄcki for reporting this issue.
</p>
- </dd>
- <dd>
- Reported to security team: 28th June 2017<br/>
- Issue public: 11th July 2017<br/></dd>
- <dd>
- Update Released: 11th July 2017<br/></dd>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">28th June 2017</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">11th July 2017</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">11th July 2017</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.2.32, 2.2.31, 2.2.29, 2.2.27, 2.2.26, 2.2.25, 2.2.24, 2.2.23, 2.2.22, 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</td>
+ </tr>
+ </table>
+ </dd>
+ <dt>
+ <h3>important:
+ <a name="CVE-2017-3167"/><name name="CVE-2017-3167">ap_get_basic_auth_pw() Authentication Bypass</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167">CVE-2017-3167</a>)
+ </h3>
+ </dt>
<dd>
- Affects:
- 2.2.32, 2.2.31, 2.2.29, 2.2.27, 2.2.26, 2.2.25, 2.2.24, 2.2.23, 2.2.22, 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
- <dd>
- <b>important: </b>
- <b>
- <a name="CVE-2017-3167"/>
- <name name="CVE-2017-3167">ap_get_basic_auth_pw() Authentication Bypass</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167">CVE-2017-3167</a>
<p>
Use of the ap_get_basic_auth_pw() by third-party modules outside of the
authentication phase may lead to authentication requirements being bypassed.
@@ -160,53 +168,69 @@ immediately authenticate the user after
immediately with an error response, to avoid incorrectly authenticating the
current request.
</p>
- </dd>
- <dd>
<p>Acknowledgements:
We would like to thank Emmanuel Dreyfus for reporting this issue.
</p>
- </dd>
- <dd>
- Reported to security team: 6th February 2017<br/>
- Issue public: 19th June 2017<br/></dd>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">6th February 2017</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">19th June 2017</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">11th July 2017</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.2.32, 2.2.31, 2.2.29, 2.2.27, 2.2.26, 2.2.25, 2.2.24, 2.2.23, 2.2.22, 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</td>
+ </tr>
+ </table>
+ </dd>
+ <dt>
+ <h3>important:
+ <a name="CVE-2017-3169"/><name name="CVE-2017-3169">mod_ssl Null Pointer Dereference</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169">CVE-2017-3169</a>)
+ </h3>
+ </dt>
<dd>
- Update Released: 11th July 2017<br/></dd>
- <dd>
- Affects:
- 2.2.32, 2.2.31, 2.2.29, 2.2.27, 2.2.26, 2.2.25, 2.2.24, 2.2.23, 2.2.22, 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
- <dd>
- <b>important: </b>
- <b>
- <a name="CVE-2017-3169"/>
- <name name="CVE-2017-3169">mod_ssl Null Pointer Dereference</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169">CVE-2017-3169</a>
<p>
mod_ssl may dereference a NULL pointer when third-party modules call
ap_hook_process_connection() during an HTTP request to an HTTPS port.
</p>
- </dd>
- <dd>
<p>Acknowledgements:
We would like to thank Vasileios Panopoulos and AdNovum Informatik AG for
reporting this issue.
</p>
- </dd>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">5th December 2016</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">19th June 2017</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">11th July 2017</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.2.32, 2.2.31, 2.2.29, 2.2.27, 2.2.26, 2.2.25, 2.2.24, 2.2.23, 2.2.22, 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</td>
+ </tr>
+ </table>
+ </dd>
+ <dt>
+ <h3>important:
+ <a name="CVE-2017-7668"/><name name="CVE-2017-7668">ap_find_token() Buffer Overread</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668">CVE-2017-7668</a>)
+ </h3>
+ </dt>
<dd>
- Reported to security team: 5th December 2016<br/>
- Issue public: 19th June 2017<br/></dd>
- <dd>
- Update Released: 11th July 2017<br/></dd>
- <dd>
- Affects:
- 2.2.32, 2.2.31, 2.2.29, 2.2.27, 2.2.26, 2.2.25, 2.2.24, 2.2.23, 2.2.22, 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
- <dd>
- <b>important: </b>
- <b>
- <a name="CVE-2017-7668"/>
- <name name="CVE-2017-7668">ap_find_token() Buffer Overread</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668">CVE-2017-7668</a>
<p>
The HTTP strict parsing changes added in 2.2.32 and 2.4.24 introduced a bug in
token list parsing, which allows ap_find_token() to search past the end of its
@@ -214,55 +238,71 @@ input string. By maliciously crafting a
may be able to cause a segmentation fault, or to force ap_find_token() to return
an incorrect value.
</p>
- </dd>
- <dd>
<p>Acknowledgements:
We would like to thank Javier Jiménez (javijmor@gmail.com) for reporting this
issue.
</p>
- </dd>
- <dd>
- Reported to security team: 6th May 2017<br/>
- Issue public: 19th June 2017<br/></dd>
- <dd>
- Update Released: 11th July 2017<br/></dd>
- <dd>
- Affects:
- 2.2.32<p/></dd>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">6th May 2017</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">19th June 2017</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">11th July 2017</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.2.32</td>
+ </tr>
+ </table>
+ </dd>
+ <dt>
+ <h3>important:
+ <a name="CVE-2017-7679"/><name name="CVE-2017-7679">mod_mime Buffer Overread</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679">CVE-2017-7679</a>)
+ </h3>
+ </dt>
<dd>
- <b>important: </b>
- <b>
- <a name="CVE-2017-7679"/>
- <name name="CVE-2017-7679">mod_mime Buffer Overread</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679">CVE-2017-7679</a>
<p>
mod_mime can read one byte past the end of a buffer when sending a malicious
Content-Type response header.
</p>
- </dd>
- <dd>
<p>Acknowledgements:
We would like to thank ChenQin and Hanno Böck for reporting this issue.
</p>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">15th November 2015</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">19th June 2017</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">11th July 2017</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.2.32, 2.2.31, 2.2.29, 2.2.27, 2.2.26, 2.2.25, 2.2.24, 2.2.23, 2.2.22, 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</td>
+ </tr>
+ </table>
</dd>
- <dd>
- Reported to security team: 15th November 2015<br/>
- Issue public: 19th June 2017<br/></dd>
- <dd>
- Update Released: 11th July 2017<br/></dd>
- <dd>
- Affects:
- 2.2.32, 2.2.31, 2.2.29, 2.2.27, 2.2.26, 2.2.25, 2.2.24, 2.2.23, 2.2.22, 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
-</dl><h1 id="2.2.32">
+</dl><br/><h1 id="2.2.32">
Fixed in Apache httpd 2.2.32</h1><dl>
+ <dt>
+ <h3>important:
+ <a name="CVE-2016-8743"/><name name="CVE-2016-8743">Apache HTTP Request Parsing Whitespace Defects</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743">CVE-2016-8743</a>)
+ </h3>
+ </dt>
<dd>
- <b>important: </b>
- <b>
- <a name="CVE-2016-8743"/>
- <name name="CVE-2016-8743">Apache HTTP Request Parsing Whitespace Defects</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743">CVE-2016-8743</a>
<p>
Apache HTTP Server, prior to release 2.4.25 (2.2.32), accepted a broad pattern
of unusual whitespace patterns from the user-agent, including bare CR, FF, VTAB
@@ -315,28 +355,36 @@ Note that relaxing the behavior to 'Unsa
other than HTAB (where permitted), but will allow other RFC requirements to
not be enforced, such as exactly two SP characters in the request line.
</p>
- </dd>
- <dd>
<p>Acknowledgements:
We would like to thank David Dennerline at IBM Security's X-Force Researchers
as well as Régis Leroy for each reporting this issue.
</p>
- </dd>
- <dd>
- Reported to security team: 10th February 2016<br/>
- Issue public: 20th December 2016<br/></dd>
- <dd>
- Update Released: 13th January 2017<br/></dd>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">10th February 2016</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">20th December 2016</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">13th January 2017</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.2.31, 2.2.29, 2.2.27, 2.2.26, 2.2.25, 2.2.24, 2.2.23, 2.2.22, 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</td>
+ </tr>
+ </table>
+ </dd>
+ <dt>
+ <h3>n/a:
+ <a name="CVE-2016-5387"/><name name="CVE-2016-5387">HTTP_PROXY environment variable "httpoxy" mitigation</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5387">CVE-2016-5387</a>)
+ </h3>
+ </dt>
<dd>
- Affects:
- 2.2.31, 2.2.29, 2.2.27, 2.2.26, 2.2.25, 2.2.24, 2.2.23, 2.2.22, 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
- <dd>
- <b>n/a: </b>
- <b>
- <a name="CVE-2016-5387"/>
- <name name="CVE-2016-5387">HTTP_PROXY environment variable "httpoxy" mitigation</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5387">CVE-2016-5387</a>
<p>
HTTP_PROXY is a well-defined environment variable in a CGI process,
which collided with a number of libraries which failed to avoid
@@ -348,30 +396,38 @@ as well as Régis Leroy for each repor
This workaround and patch are documented in the ASF Advisory at
<a href="https://www.apache.org/security/asf-httpoxy-response.txt">https://www.apache.org/security/asf-httpoxy-response.txt</a>
</p>
- </dd>
- <dd>
<p>Acknowledgements:
We would like to thank Dominic Scheirlinck and Scott Geary of Vend
for reporting and proposing a fix for this issue.
</p>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">2nd July 2016</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">18th July 2016</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">18th July 2016</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.2.31, 2.2.29, 2.2.27, 2.2.26, 2.2.25, 2.2.24, 2.2.23, 2.2.22, 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</td>
+ </tr>
+ </table>
</dd>
- <dd>
- Reported to security team: 2nd July 2016<br/>
- Issue public: 18th July 2016<br/></dd>
- <dd>
- Update Released: 18th July 2016<br/></dd>
- <dd>
- Affects:
- 2.2.31, 2.2.29, 2.2.27, 2.2.26, 2.2.25, 2.2.24, 2.2.23, 2.2.22, 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
-</dl><h1 id="2.2.31">
+</dl><br/><h1 id="2.2.31">
Fixed in Apache httpd 2.2.31</h1><dl>
+ <dt>
+ <h3>low:
+ <a name="CVE-2015-3183"/><name name="CVE-2015-3183">HTTP request smuggling attack against chunked request parser</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3183">CVE-2015-3183</a>)
+ </h3>
+ </dt>
<dd>
- <b>low: </b>
- <b>
- <a name="CVE-2015-3183"/>
- <name name="CVE-2015-3183">HTTP request smuggling attack against chunked request parser</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3183">CVE-2015-3183</a>
<p>
An HTTP request smuggling attack was possible due to a bug in parsing of
@@ -380,83 +436,107 @@ Fixed in Apache httpd 2.2.31</h1><dl>
credential hijacking if an intermediary proxy is in use.
</p>
- </dd>
- <dd>
<p>Acknowledgements:
This issue was reported by Régis Leroy.
</p>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">4th April 2015</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">9th June 2015</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">16th July 2015</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.2.29, 2.2.27, 2.2.26, 2.2.25, 2.2.24, 2.2.23, 2.2.22, 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</td>
+ </tr>
+ </table>
</dd>
- <dd>
- Reported to security team: 4th April 2015<br/>
- Issue public: 9th June 2015<br/></dd>
- <dd>
- Update Released: 16th July 2015<br/></dd>
- <dd>
- Affects:
- 2.2.29, 2.2.27, 2.2.26, 2.2.25, 2.2.24, 2.2.23, 2.2.22, 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
-</dl><h1 id="2.2.29">
+</dl><br/><h1 id="2.2.29">
Fixed in Apache httpd 2.2.29</h1><dl>
+ <dt>
+ <h3>important:
+ <a name="CVE-2014-0231"/><name name="CVE-2014-0231">mod_cgid denial of service</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0231">CVE-2014-0231</a>)
+ </h3>
+ </dt>
<dd>
- <b>important: </b>
- <b>
- <a name="CVE-2014-0231"/>
- <name name="CVE-2014-0231">mod_cgid denial of service</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0231">CVE-2014-0231</a>
<p>
A flaw was found in mod_cgid. If a server using mod_cgid hosted CGI
scripts which did not consume standard input, a remote attacker could
cause child processes to hang indefinitely, leading to denial of
service.
</p>
- </dd>
- <dd>
<p>Acknowledgements:
This issue was reported by Rainer Jung of the ASF
</p>
- </dd>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">16th June 2014</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">14th July 2014</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">3rd September 2014</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.2.27, 2.2.26, 2.2.25, 2.2.24, 2.2.23, 2.2.22, 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</td>
+ </tr>
+ </table>
+ </dd>
+ <dt>
+ <h3>low:
+ <a name="CVE-2013-5704"/><name name="CVE-2013-5704">HTTP Trailers processing bypass</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5704">CVE-2013-5704</a>)
+ </h3>
+ </dt>
<dd>
- Reported to security team: 16th June 2014<br/>
- Issue public: 14th July 2014<br/></dd>
- <dd>
- Update Released: 3rd September 2014<br/></dd>
- <dd>
- Affects:
- 2.2.27, 2.2.26, 2.2.25, 2.2.24, 2.2.23, 2.2.22, 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
- <dd>
- <b>low: </b>
- <b>
- <a name="CVE-2013-5704"/>
- <name name="CVE-2013-5704">HTTP Trailers processing bypass</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5704">CVE-2013-5704</a>
<p>
HTTP trailers could be used to replace HTTP headers late during request
processing, potentially undoing or otherwise confusing modules that
examined or modified request headers earlier.</p>
<p>This fix adds the "MergeTrailers" directive to restore legacy behavior.
</p>
- </dd>
- <dd>
<p>Acknowledgements:
This issue was reported by Martin Holst Swende.
</p>
- </dd>
- <dd>
- Reported to security team: 6th September 2013<br/>
- Issue public: 19th October 2013<br/></dd>
- <dd>
- Update Released: 3rd September 2014<br/></dd>
- <dd>
- Affects:
- 2.2.27, 2.2.26, 2.2.25, 2.2.24, 2.2.23, 2.2.22, 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">6th September 2013</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">19th October 2013</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">3rd September 2014</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.2.27, 2.2.26, 2.2.25, 2.2.24, 2.2.23, 2.2.22, 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</td>
+ </tr>
+ </table>
+ </dd>
+ <dt>
+ <h3>moderate:
+ <a name="CVE-2014-0118"/><name name="CVE-2014-0118">mod_deflate denial of service</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0118">CVE-2014-0118</a>)
+ </h3>
+ </dt>
<dd>
- <b>moderate: </b>
- <b>
- <a name="CVE-2014-0118"/>
- <name name="CVE-2014-0118">mod_deflate denial of service</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0118">CVE-2014-0118</a>
<p>
A resource consumption flaw was found in mod_deflate. If request body
decompression was configured (using the "DEFLATE" input filter), a
@@ -464,27 +544,35 @@ remote attacker could cause the server t
and/or CPU resources. The use of request body decompression is not a common
configuration.
</p>
- </dd>
- <dd>
<p>Acknowledgements:
This issue was reported by Giancarlo Pellegrino and Davide Balzarotti
</p>
- </dd>
- <dd>
- Reported to security team: 19th February 2014<br/>
- Issue public: 14th July 2014<br/></dd>
- <dd>
- Update Released: 3rd September 2014<br/></dd>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">19th February 2014</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">14th July 2014</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">3rd September 2014</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.2.27, 2.2.26, 2.2.25, 2.2.24, 2.2.23, 2.2.22, 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</td>
+ </tr>
+ </table>
+ </dd>
+ <dt>
+ <h3>moderate:
+ <a name="CVE-2014-0226"/><name name="CVE-2014-0226">mod_status buffer overflow</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0226">CVE-2014-0226</a>)
+ </h3>
+ </dt>
<dd>
- Affects:
- 2.2.27, 2.2.26, 2.2.25, 2.2.24, 2.2.23, 2.2.22, 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
- <dd>
- <b>moderate: </b>
- <b>
- <a name="CVE-2014-0226"/>
- <name name="CVE-2014-0226">mod_status buffer overflow</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0226">CVE-2014-0226</a>
<p>
A race condition was found in mod_status. An attacker able to access
a public server status page on a server using a threaded MPM could send a
@@ -492,236 +580,312 @@ carefully crafted request which could le
that it is not a default or recommended configuration to have a public
accessible server status page.
</p>
- </dd>
- <dd>
<p>Acknowledgements:
This issue was reported by Marek Kroemeke, AKAT-1 and
22733db72ab3ed94b5f8a1ffcde850251fe6f466 via HP ZDI
</p>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">30th May 2014</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">14th July 2014</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">3rd September 2014</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.2.27, 2.2.26, 2.2.25, 2.2.24, 2.2.23, 2.2.22, 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</td>
+ </tr>
+ </table>
</dd>
- <dd>
- Reported to security team: 30th May 2014<br/>
- Issue public: 14th July 2014<br/></dd>
- <dd>
- Update Released: 3rd September 2014<br/></dd>
- <dd>
- Affects:
- 2.2.27, 2.2.26, 2.2.25, 2.2.24, 2.2.23, 2.2.22, 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
-</dl><h1 id="2.2.27">
+</dl><br/><h1 id="2.2.27">
Fixed in Apache httpd 2.2.27</h1><dl>
+ <dt>
+ <h3>low:
+ <a name="CVE-2014-0098"/><name name="CVE-2014-0098">mod_log_config crash</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0098">CVE-2014-0098</a>)
+ </h3>
+ </dt>
<dd>
- <b>low: </b>
- <b>
- <a name="CVE-2014-0098"/>
- <name name="CVE-2014-0098">mod_log_config crash</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0098">CVE-2014-0098</a>
<p>
A flaw was found in mod_log_config. A remote attacker could send a
specific truncated cookie causing a crash. This crash would only be a
denial of service if using a threaded MPM.
</p>
- </dd>
- <dd>
<p>Acknowledgements:
This issue was reported by Rainer M Canavan
</p>
- </dd>
- <dd>
- Reported to security team: 25th February 2014<br/>
- Issue public: 17th March 2014<br/></dd>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">25th February 2014</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">17th March 2014</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">26th March 2014</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.2.26, 2.2.25, 2.2.24, 2.2.23, 2.2.22, 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</td>
+ </tr>
+ </table>
+ </dd>
+ <dt>
+ <h3>moderate:
+ <a name="CVE-2013-6438"/><name name="CVE-2013-6438">mod_dav crash</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6438">CVE-2013-6438</a>)
+ </h3>
+ </dt>
<dd>
- Update Released: 26th March 2014<br/></dd>
- <dd>
- Affects:
- 2.2.26, 2.2.25, 2.2.24, 2.2.23, 2.2.22, 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
- <dd>
- <b>moderate: </b>
- <b>
- <a name="CVE-2013-6438"/>
- <name name="CVE-2013-6438">mod_dav crash</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6438">CVE-2013-6438</a>
<p>
XML parsing code in mod_dav incorrectly calculates the end of the string when
removing leading spaces and places a NUL character outside the buffer, causing
random crashes. This XML parsing code is only used with DAV provider modules
that support DeltaV, of which the only publicly released provider is mod_dav_svn.
</p>
- </dd>
- <dd>
<p>Acknowledgements:
This issue was reported by Ning Zhang & Amin Tora of Neustar
</p>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">10th December 2013</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">17th March 2014</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">26th March 2014</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.2.26, 2.2.25, 2.2.24, 2.2.23, 2.2.22, 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</td>
+ </tr>
+ </table>
</dd>
- <dd>
- Reported to security team: 10th December 2013<br/>
- Issue public: 17th March 2014<br/></dd>
- <dd>
- Update Released: 26th March 2014<br/></dd>
- <dd>
- Affects:
- 2.2.26, 2.2.25, 2.2.24, 2.2.23, 2.2.22, 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
-</dl><h1 id="2.2.25">
+</dl><br/><h1 id="2.2.25">
Fixed in Apache httpd 2.2.25</h1><dl>
+ <dt>
+ <h3>low:
+ <a name="CVE-2013-1862"/><name name="CVE-2013-1862">mod_rewrite log escape filtering</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1862">CVE-2013-1862</a>)
+ </h3>
+ </dt>
<dd>
- <b>low: </b>
- <b>
- <a name="CVE-2013-1862"/>
- <name name="CVE-2013-1862">mod_rewrite log escape filtering</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1862">CVE-2013-1862</a>
<p>
mod_rewrite does not filter terminal escape sequences from logs,
which could make it easier for attackers to insert those sequences
into terminal emulators containing vulnerabilities related to escape
sequences.
</p>
- </dd>
- <dd>
<p>Acknowledgements:
This issue was reported by Ramiro Molina
</p>
- </dd>
- <dd>
- Reported to security team: 13th March 2013<br/>
- Issue public: 19th April 2013<br/></dd>
- <dd>
- Update Released: 22nd July 2013<br/></dd>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">13th March 2013</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">19th April 2013</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">22nd July 2013</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.2.23, 2.2.22, 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</td>
+ </tr>
+ </table>
+ </dd>
+ <dt>
+ <h3>moderate:
+ <a name="CVE-2013-1896"/><name name="CVE-2013-1896">mod_dav crash</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1896">CVE-2013-1896</a>)
+ </h3>
+ </dt>
<dd>
- Affects:
- 2.2.23, 2.2.22, 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
- <dd>
- <b>moderate: </b>
- <b>
- <a name="CVE-2013-1896"/>
- <name name="CVE-2013-1896">mod_dav crash</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1896">CVE-2013-1896</a>
<p>
Sending a MERGE request against a URI handled by mod_dav_svn with the
source href (sent as part of the request body as XML) pointing to a
URI that is not configured for DAV will trigger a segfault.
</p>
- </dd>
- <dd>
<p>Acknowledgements:
This issue was reported by Ben Reser
</p>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">7th March 2013</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">23rd May 2013</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">22nd July 2013</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.2.23, 2.2.22, 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</td>
+ </tr>
+ </table>
</dd>
- <dd>
- Reported to security team: 7th March 2013<br/>
- Issue public: 23rd May 2013<br/></dd>
- <dd>
- Update Released: 22nd July 2013<br/></dd>
- <dd>
- Affects:
- 2.2.23, 2.2.22, 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
-</dl><h1 id="2.2.24">
+</dl><br/><h1 id="2.2.24">
Fixed in Apache httpd 2.2.24</h1><dl>
+ <dt>
+ <h3>low:
+ <a name="CVE-2012-3499"/><name name="CVE-2012-3499">XSS due to unescaped hostnames</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3499">CVE-2012-3499</a>)
+ </h3>
+ </dt>
<dd>
- <b>low: </b>
- <b>
- <a name="CVE-2012-3499"/>
- <name name="CVE-2012-3499">XSS due to unescaped hostnames</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3499">CVE-2012-3499</a>
<p>
Various XSS flaws due to unescaped hostnames and URIs HTML output in
mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp.
</p>
- </dd>
- <dd>
<p>Acknowledgements:
This issue was reported by Niels Heinen of Google
</p>
- </dd>
- <dd>
- Reported to security team: 11th July 2012<br/>
- Issue public: 18th February 2013<br/></dd>
- <dd>
- Update Released: 25th February 2013<br/></dd>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">11th July 2012</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">18th February 2013</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">25th February 2013</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.2.23, 2.2.22, 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</td>
+ </tr>
+ </table>
+ </dd>
+ <dt>
+ <h3>moderate:
+ <a name="CVE-2012-4558"/><name name="CVE-2012-4558">XSS in mod_proxy_balancer</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4558">CVE-2012-4558</a>)
+ </h3>
+ </dt>
<dd>
- Affects:
- 2.2.23, 2.2.22, 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
- <dd>
- <b>moderate: </b>
- <b>
- <a name="CVE-2012-4558"/>
- <name name="CVE-2012-4558">XSS in mod_proxy_balancer</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4558">CVE-2012-4558</a>
<p>
A XSS flaw affected the mod_proxy_balancer manager interface.
</p>
- </dd>
- <dd>
<p>Acknowledgements:
This issue was reported by Niels Heinen of Google
</p>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">7th October 2012</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">18th February 2013</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">25th February 2013</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.2.23, 2.2.22, 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</td>
+ </tr>
+ </table>
</dd>
- <dd>
- Reported to security team: 7th October 2012<br/>
- Issue public: 18th February 2013<br/></dd>
- <dd>
- Update Released: 25th February 2013<br/></dd>
- <dd>
- Affects:
- 2.2.23, 2.2.22, 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
-</dl><h1 id="2.2.23">
+</dl><br/><h1 id="2.2.23">
Fixed in Apache httpd 2.2.23</h1><dl>
+ <dt>
+ <h3>low:
+ <a name="CVE-2012-2687"/><name name="CVE-2012-2687">XSS in mod_negotiation when untrusted uploads are supported</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2687">CVE-2012-2687</a>)
+ </h3>
+ </dt>
<dd>
- <b>low: </b>
- <b>
- <a name="CVE-2012-2687"/>
- <name name="CVE-2012-2687">XSS in mod_negotiation when untrusted uploads are supported</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2687">CVE-2012-2687</a>
<p>
Possible XSS for sites which use mod_negotiation and allow
untrusted uploads to locations which have MultiViews enabled.
</p>
<p>Note: This issue is also known as CVE-2008-0455.</p>
- </dd>
- <dd>
- Reported to security team: 31st May 2012<br/>
- Issue public: 13th June 2012<br/></dd>
- <dd>
- Update Released: 13th September 2012<br/></dd>
- <dd>
- Affects:
- 2.2.22, 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">31st May 2012</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">13th June 2012</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">13th September 2012</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.2.22, 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</td>
+ </tr>
+ </table>
+ </dd>
+ <dt>
+ <h3>low:
+ <a name="CVE-2012-0883"/><name name="CVE-2012-0883">insecure LD_LIBRARY_PATH handling</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0883">CVE-2012-0883</a>)
+ </h3>
+ </dt>
<dd>
- <b>low: </b>
- <b>
- <a name="CVE-2012-0883"/>
- <name name="CVE-2012-0883">insecure LD_LIBRARY_PATH handling</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0883">CVE-2012-0883</a>
<p>
Insecure handling of LD_LIBRARY_PATH was found that could
lead to the current working directory to be searched for DSOs.
This could allow a local user to execute code as root if an
administrator runs apachectl from an untrusted directory.
</p>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">14th February 2012</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">2nd March 2012</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">13th September 2012</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.2.22, 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</td>
+ </tr>
+ </table>
</dd>
- <dd>
- Reported to security team: 14th February 2012<br/>
- Issue public: 2nd March 2012<br/></dd>
- <dd>
- Update Released: 13th September 2012<br/></dd>
- <dd>
- Affects:
- 2.2.22, 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
-</dl><h1 id="2.2.22">
+</dl><br/><h1 id="2.2.22">
Fixed in Apache httpd 2.2.22</h1><dl>
+ <dt>
+ <h3>low:
+ <a name="CVE-2012-4557"/><name name="CVE-2012-4557">mod_proxy_ajp remote DoS</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4557">CVE-2012-4557</a>)
+ </h3>
+ </dt>
<dd>
- <b>low: </b>
- <b>
- <a name="CVE-2012-4557"/>
- <name name="CVE-2012-4557">mod_proxy_ajp remote DoS</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4557">CVE-2012-4557</a>
<p>
A flaw was found when mod_proxy_ajp connects to a backend server that
@@ -729,95 +893,131 @@ takes too long to respond. Given a spec
attacker could send certain requests, putting a backend server into an
error state until the retry timeout expired. This could lead to a
temporary denial of service.</p>
- </dd>
- <dd>
- Reported to security team: 11th October 2012<br/>
- Issue public: 4th January 2012<br/></dd>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">11th October 2012</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">4th January 2012</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">31st January 2012</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12</td>
+ </tr>
+ </table>
+ </dd>
+ <dt>
+ <h3>low:
+ <a name="CVE-2011-3607"/><name name="CVE-2011-3607">mod_setenvif .htaccess privilege escalation</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3607">CVE-2011-3607</a>)
+ </h3>
+ </dt>
<dd>
- Update Released: 31st January 2012<br/></dd>
- <dd>
- Affects:
- 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12<p/></dd>
- <dd>
- <b>low: </b>
- <b>
- <a name="CVE-2011-3607"/>
- <name name="CVE-2011-3607">mod_setenvif .htaccess privilege escalation</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3607">CVE-2011-3607</a>
<p>
An integer overflow flaw was found which, when the mod_setenvif module
is enabled, could allow local users to gain privileges via a .htaccess
file.
</p>
- </dd>
- <dd>
<p>Acknowledgements:
This issue was reported by halfdog
</p>
- </dd>
- <dd>
- Reported to security team: 4th October 2011<br/>
- Issue public: 2nd November 2011<br/></dd>
- <dd>
- Update Released: 31st January 2012<br/></dd>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">4th October 2011</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">2nd November 2011</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">31st January 2012</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</td>
+ </tr>
+ </table>
+ </dd>
+ <dt>
+ <h3>low:
+ <a name="CVE-2012-0021"/><name name="CVE-2012-0021">mod_log_config crash</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0021">CVE-2012-0021</a>)
+ </h3>
+ </dt>
<dd>
- Affects:
- 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
- <dd>
- <b>low: </b>
- <b>
- <a name="CVE-2012-0021"/>
- <name name="CVE-2012-0021">mod_log_config crash</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0021">CVE-2012-0021</a>
<p>
A flaw was found in mod_log_config. If the '%{cookiename}C' log format string
is in use, a remote attacker could send a specific cookie causing a crash.
This crash would only be a denial of service if using a threaded MPM.
</p>
- </dd>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">30th December 2011</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">28th November 2011</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">31st January 2012</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17</td>
+ </tr>
+ </table>
+ </dd>
+ <dt>
+ <h3>low:
+ <a name="CVE-2012-0031"/><name name="CVE-2012-0031">scoreboard parent DoS</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0031">CVE-2012-0031</a>)
+ </h3>
+ </dt>
<dd>
- Reported to security team: 30th December 2011<br/>
- Issue public: 28th November 2011<br/></dd>
- <dd>
- Update Released: 31st January 2012<br/></dd>
- <dd>
- Affects:
- 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17<p/></dd>
- <dd>
- <b>low: </b>
- <b>
- <a name="CVE-2012-0031"/>
- <name name="CVE-2012-0031">scoreboard parent DoS</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0031">CVE-2012-0031</a>
<p>
A flaw was found in the handling of the scoreboard. An
unprivileged child process could cause the parent process to crash at
shutdown rather than terminate cleanly.
</p>
- </dd>
- <dd>
<p>Acknowledgements:
This issue was reported by halfdog
</p>
- </dd>
- <dd>
- Reported to security team: 30th December 2011<br/>
- Issue public: 11th January 2012<br/></dd>
- <dd>
- Update Released: 31st January 2012<br/></dd>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">30th December 2011</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">11th January 2012</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">31st January 2012</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</td>
+ </tr>
+ </table>
+ </dd>
+ <dt>
+ <h3>moderate:
+ <a name="CVE-2011-4317"/><name name="CVE-2011-4317">mod_proxy reverse proxy exposure </name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317">CVE-2011-4317</a>)
+ </h3>
+ </dt>
<dd>
- Affects:
- 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
- <dd>
- <b>moderate: </b>
- <b>
- <a name="CVE-2011-4317"/>
- <name name="CVE-2011-4317">mod_proxy reverse proxy exposure </name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317">CVE-2011-4317</a>
<p>
An additional exposure was found when using mod_proxy in reverse proxy
mode. In certain configurations using RewriteRule with proxy flag or
@@ -826,53 +1026,69 @@ connect to an arbitrary server, possibly
information from internal web servers not directly accessible to
attacker.
</p>
- </dd>
- <dd>
<p>Acknowledgements:
This issue was reported by Prutha Parikh of Qualys
</p>
- </dd>
- <dd>
- Reported to security team: 20th October 2011<br/>
- Issue public: 22nd January 2012<br/></dd>
- <dd>
- Update Released: 31st January 2012<br/></dd>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">20th October 2011</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">22nd January 2012</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">31st January 2012</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</td>
+ </tr>
+ </table>
+ </dd>
+ <dt>
+ <h3>moderate:
+ <a name="CVE-2012-0053"/><name name="CVE-2012-0053">error responses can expose cookies</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0053">CVE-2012-0053</a>)
+ </h3>
+ </dt>
<dd>
- Affects:
- 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
- <dd>
- <b>moderate: </b>
- <b>
- <a name="CVE-2012-0053"/>
- <name name="CVE-2012-0053">error responses can expose cookies</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0053">CVE-2012-0053</a>
<p>
A flaw was found in the default error response for status code 400. This flaw could
be used by an attacker to expose "httpOnly" cookies
when no custom ErrorDocument is specified.
</p>
- </dd>
- <dd>
<p>Acknowledgements:
This issue was reported by Norman Hippert
</p>
- </dd>
- <dd>
- Reported to security team: 15th January 2012<br/>
- Issue public: 23rd January 2012<br/></dd>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">15th January 2012</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">23rd January 2012</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">31st January 2012</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</td>
+ </tr>
+ </table>
+ </dd>
+ <dt>
+ <h3>moderate:
+ <a name="CVE-2011-3368"/><name name="CVE-2011-3368">mod_proxy reverse proxy exposure</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368">CVE-2011-3368</a>)
+ </h3>
+ </dt>
<dd>
- Update Released: 31st January 2012<br/></dd>
- <dd>
- Affects:
- 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
- <dd>
- <b>moderate: </b>
- <b>
- <a name="CVE-2011-3368"/>
- <name name="CVE-2011-3368">mod_proxy reverse proxy exposure</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368">CVE-2011-3368</a>
<p>
An exposure was found when using mod_proxy in reverse proxy mode.
In certain configurations using RewriteRule with proxy flag or
@@ -880,53 +1096,71 @@ ProxyPassMatch, a remote attacker could
connect to an arbitrary server, possibly disclosing sensitive
information from internal web servers not directly accessible to
attacker.</p>
- </dd>
- <dd>
<p>Acknowledgements:
This issue was reported by Context Information Security Ltd
</p>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">16th September 2011</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">5th October 2011</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">31st January 2012</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</td>
+ </tr>
+ </table>
</dd>
- <dd>
- Reported to security team: 16th September 2011<br/>
- Issue public: 5th October 2011<br/></dd>
- <dd>
- Update Released: 31st January 2012<br/></dd>
- <dd>
- Affects:
- 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
-</dl><h1 id="2.2.21">
+</dl><br/><h1 id="2.2.21">
Fixed in Apache httpd 2.2.21</h1><dl>
+ <dt>
+ <h3>moderate:
+ <a name="CVE-2011-3348"/><name name="CVE-2011-3348">mod_proxy_ajp remote DoS</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3348">CVE-2011-3348</a>)
+ </h3>
+ </dt>
<dd>
- <b>moderate: </b>
- <b>
- <a name="CVE-2011-3348"/>
- <name name="CVE-2011-3348">mod_proxy_ajp remote DoS</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3348">CVE-2011-3348</a>
<p>
A flaw was found when mod_proxy_ajp is used together with
mod_proxy_balancer. Given a specific configuration, a remote attacker
could send certain malformed HTTP requests, putting a backend server
into an error state until the retry timeout expired.
This could lead to a temporary denial of service.</p>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">7th September 2011</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">14th September 2011</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">14th September 2011</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12</td>
+ </tr>
+ </table>
</dd>
- <dd>
- Reported to security team: 7th September 2011<br/>
- Issue public: 14th September 2011<br/></dd>
- <dd>
- Update Released: 14th September 2011<br/></dd>
- <dd>
- Affects:
- 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12<p/></dd>
-</dl><h1 id="2.2.20">
+</dl><br/><h1 id="2.2.20">
Fixed in Apache httpd 2.2.20</h1><dl>
+ <dt>
+ <h3>important:
+ <a name="CVE-2011-3192"/><name name="CVE-2011-3192">Range header remote DoS</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192">CVE-2011-3192</a>)
+ </h3>
+ </dt>
<dd>
- <b>important: </b>
- <b>
- <a name="CVE-2011-3192"/>
- <name name="CVE-2011-3192">Range header remote DoS</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192">CVE-2011-3192</a>
<p>
A flaw was found in the way the Apache HTTP Server handled Range HTTP
headers. A remote attacker could use this flaw to cause httpd to use
@@ -936,23 +1170,30 @@ service attack. </p>
<p>
Advisory: <a href="CVE-2011-3192.txt">CVE-2011-3192.txt</a>
</p>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">20th August 2011</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">30th August 2011</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</td>
+ </tr>
+ </table>
</dd>
- <dd>
- Issue public: 20th August 2011<br/></dd>
- <dd>
- Update Released: 30th August 2011<br/></dd>
- <dd>
- Affects:
- 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
-</dl><h1 id="2.2.19">
+</dl><br/><h1 id="2.2.19">
Fixed in Apache httpd 2.2.19</h1><dl>
+ <dt>
+ <h3>moderate:
+ <a name="CVE-2011-0419"/><name name="CVE-2011-0419">apr_fnmatch flaw leads to mod_autoindex remote DoS</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0419">CVE-2011-0419</a>)
+ </h3>
+ </dt>
<dd>
- <b>moderate: </b>
- <b>
- <a name="CVE-2011-0419"/>
- <name name="CVE-2011-0419">apr_fnmatch flaw leads to mod_autoindex remote DoS</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0419">CVE-2011-0419</a>
<p>
A flaw was found in the apr_fnmatch() function of the bundled APR
library. Where mod_autoindex is enabled, and a directory indexed by
@@ -969,29 +1210,37 @@ arguments, preventing this attack.
<p>
Resolution: Update APR to release 1.4.5 (bundled with httpd 2.2.19)
</p>
- </dd>
- <dd>
<p>Acknowledgements:
This issue was reported by Maksymilian Arciemowicz
</p>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">2nd March 2011</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">10th May 2011</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">21st May 2011</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</td>
+ </tr>
+ </table>
</dd>
- <dd>
- Reported to security team: 2nd March 2011<br/>
- Issue public: 10th May 2011<br/></dd>
- <dd>
- Update Released: 21st May 2011<br/></dd>
- <dd>
- Affects:
- 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
-</dl><h1 id="2.2.17">
+</dl><br/><h1 id="2.2.17">
Fixed in Apache httpd 2.2.17</h1><dl>
+ <dt>
+ <h3>low:
+ <a name="CVE-2009-3720"/><name name="CVE-2009-3720">expat DoS</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720">CVE-2009-3720</a>)
+ </h3>
+ </dt>
<dd>
- <b>low: </b>
- <b>
- <a name="CVE-2009-3720"/>
- <name name="CVE-2009-3720">expat DoS</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720">CVE-2009-3720</a>
<p>
A buffer over-read flaw was found in the bundled expat
library. An attacker who is able to get Apache to parse
@@ -999,22 +1248,32 @@ an untrused XML document (for example th
be able to cause a crash. This crash would only
be a denial of service if using the worker MPM.
</p>
- </dd>
- <dd>
- Reported to security team: 21st August 2009<br/>
- Issue public: 17th January 2009<br/></dd>
- <dd>
- Update Released: 19th October 2010<br/></dd>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">21st August 2009</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">17th January 2009</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">19th October 2010</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</td>
+ </tr>
+ </table>
+ </dd>
+ <dt>
+ <h3>low:
+ <a name="CVE-2009-3560"/><name name="CVE-2009-3560">expat DoS</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560">CVE-2009-3560</a>)
+ </h3>
+ </dt>
<dd>
- Affects:
- 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
- <dd>
- <b>low: </b>
- <b>
- <a name="CVE-2009-3560"/>
- <name name="CVE-2009-3560">expat DoS</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560">CVE-2009-3560</a>
<p>
A buffer over-read flaw was found in the bundled expat
library. An attacker who is able to get Apache to parse
@@ -1022,22 +1281,32 @@ an untrused XML document (for example th
be able to cause a crash. This crash would only
be a denial of service if using the worker MPM.
</p>
- </dd>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">18th December 2009</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">2nd December 2009</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">19th October 2010</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</td>
+ </tr>
+ </table>
+ </dd>
+ <dt>
+ <h3>low:
+ <a name="CVE-2010-1623"/><name name="CVE-2010-1623">apr_bridage_split_line DoS</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1623">CVE-2010-1623</a>)
+ </h3>
+ </dt>
<dd>
- Reported to security team: 18th December 2009<br/>
- Issue public: 2nd December 2009<br/></dd>
- <dd>
- Update Released: 19th October 2010<br/></dd>
- <dd>
- Affects:
- 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
- <dd>
- <b>low: </b>
- <b>
- <a name="CVE-2010-1623"/>
- <name name="CVE-2010-1623">apr_bridage_split_line DoS</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1623">CVE-2010-1623</a>
<p>
A flaw was found in the apr_brigade_split_line() function of the bundled
APR-util library, used to process non-SSL requests. A remote attacker
@@ -1045,24 +1314,34 @@ could send requests, carefully crafting
which would slowly consume memory, potentially leading to a denial of
service.
</p>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">3rd March 2010</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">1st October 2010</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">19th October 2010</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</td>
+ </tr>
+ </table>
</dd>
- <dd>
- Reported to security team: 3rd March 2010<br/>
- Issue public: 1st October 2010<br/></dd>
- <dd>
- Update Released: 19th October 2010<br/></dd>
- <dd>
- Affects:
- 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
-</dl><h1 id="2.2.16">
+</dl><br/><h1 id="2.2.16">
Fixed in Apache httpd 2.2.16</h1><dl>
+ <dt>
+ <h3>important:
+ <a name="CVE-2010-2068"/><name name="CVE-2010-2068">Timeout detection flaw (mod_proxy_http)</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2068">CVE-2010-2068</a>)
+ </h3>
+ </dt>
<dd>
- <b>important: </b>
- <b>
- <a name="CVE-2010-2068"/>
- <name name="CVE-2010-2068">Timeout detection flaw (mod_proxy_http)</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2068">CVE-2010-2068</a>
<p>
An information disclosure flaw was found in mod_proxy_http in versions
2.2.9 through 2.2.15, 2.3.4-alpha and 2.3.5-alpha. Under certain timeout
@@ -1081,27 +1360,32 @@ yet introduced. The simplest workaround
<ul>
<li><a href="http://www.apache.org/dist/httpd/binaries/win32/mod_proxy_http-CVE-2010-2068.zip">http://www.apache.org/dist/httpd/binaries/win32/mod_proxy_http-CVE-2010-2068.zip</a></li>
</ul>
- </dd>
- <dd>
<p>Acknowledgements:
We would like to thank Loren Anderson for the detailed analysis and
reporting of this issue.
</p>
- </dd>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">9th June 2010</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">25th July 2010</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.3.5-alpha, 2.3.4-alpha, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9</td>
+ </tr>
+ </table>
+ </dd>
+ <dt>
+ <h3>low:
+ <a name="CVE-2010-1452"/><name name="CVE-2010-1452">mod_cache and mod_dav DoS</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1452">CVE-2010-1452</a>)
+ </h3>
+ </dt>
<dd>
- Issue public: 9th June 2010<br/></dd>
- <dd>
- Update Released: 25th July 2010<br/></dd>
- <dd>
- Affects:
- 2.3.5-alpha, 2.3.4-alpha, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9<p/></dd>
- <dd>
- <b>low: </b>
- <b>
- <a name="CVE-2010-1452"/>
- <name name="CVE-2010-1452">mod_cache and mod_dav DoS</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1452">CVE-2010-1452</a>
<p>
A flaw was found in the handling of requests by mod_cache and mod_dav.
A malicious remote attacker could send a carefully crafted request and
@@ -1112,29 +1396,37 @@ to be authenticated, and mod_cache is on
"CacheIgnoreURLSessionIdentifiers" directive, introduced in
version 2.2.14, is used.
</p>
- </dd>
- <dd>
<p>Acknowledgements:
This issue was reported by Mark Drayton.
</p>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">4th May 2010</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">25th July 2010</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">25th July 2010</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</td>
+ </tr>
+ </table>
</dd>
- <dd>
- Reported to security team: 4th May 2010<br/>
- Issue public: 25th July 2010<br/></dd>
- <dd>
- Update Released: 25th July 2010<br/></dd>
- <dd>
- Affects:
- 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
-</dl><h1 id="2.2.15">
+</dl><br/><h1 id="2.2.15">
Fixed in Apache httpd 2.2.15</h1><dl>
+ <dt>
+ <h3>important:
+ <a name="CVE-2010-0425"/><name name="CVE-2010-0425">mod_isapi module unload flaw</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0425">CVE-2010-0425</a>)
+ </h3>
+ </dt>
<dd>
- <b>important: </b>
- <b>
- <a name="CVE-2010-0425"/>
- <name name="CVE-2010-0425">mod_isapi module unload flaw</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0425">CVE-2010-0425</a>
<p>
A flaw was found with within mod_isapi which would attempt to unload the ISAPI dll when it
encountered various error states. This could leave the callbacks in an
@@ -1143,28 +1435,36 @@ remote attacker could send a malicious r
process, this would result in a denial of service, and potentially allow
arbitrary code execution.
</p>
- </dd>
- <dd>
<p>Acknowledgements:
We would like to thank Brett Gervasoni of Sense of Security for reporting and
proposing a patch fix for this issue.
</p>
- </dd>
- <dd>
- Reported to security team: 9th February 2010<br/>
- Issue public: 2nd March 2010<br/></dd>
- <dd>
- Update Released: 5th March 2010<br/></dd>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">9th February 2010</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">2nd March 2010</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">5th March 2010</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</td>
+ </tr>
+ </table>
+ </dd>
+ <dt>
+ <h3>low:
+ <a name="CVE-2010-0434"/><name name="CVE-2010-0434">Subrequest handling of request headers (mod_headers)</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0434">CVE-2010-0434</a>)
+ </h3>
+ </dt>
<dd>
- Affects:
- 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
- <dd>
- <b>low: </b>
- <b>
- <a name="CVE-2010-0434"/>
- <name name="CVE-2010-0434">Subrequest handling of request headers (mod_headers)</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0434">CVE-2010-0434</a>
<p>
A flaw in the core subrequest process code was fixed, to always provide a shallow copy of the headers_in
array to the subrequest, instead of a pointer to the parent request's array
@@ -1177,57 +1477,70 @@ before the main request processing was f
in revealing data from another request on threaded servers, such as the worker
or winnt MPMs.
</p>
- </dd>
- <dd>
<p>Acknowledgements:
We would like to thank Philip Pickett of VMware for reporting and proposing a
fix for this issue.
</p>
- </dd>
- <dd>
- Issue public: 9th December 2009<br/></dd>
- <dd>
- Update Released: 5th March 2010<br/></dd>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">9th December 2009</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">5th March 2010</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</td>
+ </tr>
+ </table>
+ </dd>
+ <dt>
+ <h3>moderate:
+ <a name="CVE-2010-0408"/><name name="CVE-2010-0408">mod_proxy_ajp DoS</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0408">CVE-2010-0408</a>)
+ </h3>
+ </dt>
<dd>
- Affects:
- 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
- <dd>
- <b>moderate: </b>
- <b>
- <a name="CVE-2010-0408"/>
- <name name="CVE-2010-0408">mod_proxy_ajp DoS</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0408">CVE-2010-0408</a>
<p>
mod_proxy_ajp would return the wrong status code if it encountered
an error, causing a backend server to be put into an error state until
the retry timeout expired. A remote attacker could send malicious requests
to trigger this issue, resulting in denial of service.
</p>
- </dd>
- <dd>
<p>Acknowledgements:
We would like to thank Niku Toivola of Sulake Corporation for reporting and
proposing a patch fix for this issue.
</p>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">2nd February 2010</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">2nd March 2010</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">5th March 2010</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</td>
+ </tr>
+ </table>
</dd>
- <dd>
- Reported to security team: 2nd February 2010<br/>
- Issue public: 2nd March 2010<br/></dd>
- <dd>
- Update Released: 5th March 2010<br/></dd>
- <dd>
- Affects:
- 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
-</dl><h1 id="2.2.14">
+</dl><br/><h1 id="2.2.14">
Fixed in Apache httpd 2.2.14</h1><dl>
+ <dt>
+ <h3>low:
+ <a name="CVE-2009-3094"/><name name="CVE-2009-3094">mod_proxy_ftp DoS</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094">CVE-2009-3094</a>)
+ </h3>
+ </dt>
<dd>
- <b>low: </b>
- <b>
- <a name="CVE-2009-3094"/>
- <name name="CVE-2009-3094">mod_proxy_ftp DoS</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094">CVE-2009-3094</a>
<p>
A NULL pointer dereference flaw was found in the mod_proxy_ftp
module. A malicious FTP server to which requests are being proxied
@@ -1235,22 +1548,32 @@ could use this flaw to crash an httpd ch
reply to the EPSV or PASV commands, resulting in a limited denial of
service.
</p>
- </dd>
- <dd>
- Reported to security team: 4th September 2009<br/>
- Issue public: 2nd September 2009<br/></dd>
- <dd>
- Update Released: 5th October 2009<br/></dd>
- <dd>
- Affects:
- 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">4th September 2009</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">2nd September 2009</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">5th October 2009</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</td>
+ </tr>
+ </table>
+ </dd>
+ <dt>
+ <h3>low:
+ <a name="CVE-2009-3095"/><name name="CVE-2009-3095">mod_proxy_ftp FTP command injection</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095">CVE-2009-3095</a>)
+ </h3>
+ </dt>
<dd>
- <b>low: </b>
- <b>
- <a name="CVE-2009-3095"/>
- <name name="CVE-2009-3095">mod_proxy_ftp FTP command injection</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095">CVE-2009-3095</a>
<p>
A flaw was found in the mod_proxy_ftp module. In a reverse proxy
configuration, a remote attacker could use this flaw to bypass
@@ -1258,44 +1581,61 @@ intended access restrictions by creating
Authorization header, allowing the attacker to send arbitrary commands
to the FTP server.
</p>
- </dd>
- <dd>
- Issue public: 3rd September 2009<br/></dd>
- <dd>
- Update Released: 5th October 2009<br/></dd>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">3rd September 2009</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">5th October 2009</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</td>
+ </tr>
+ </table>
+ </dd>
+ <dt>
+ <h3>moderate:
+ <a name="CVE-2009-2699"/><name name="CVE-2009-2699">Solaris pollset DoS</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2699">CVE-2009-2699</a>)
+ </h3>
+ </dt>
<dd>
- Affects:
- 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
- <dd>
- <b>moderate: </b>
- <b>
- <a name="CVE-2009-2699"/>
- <name name="CVE-2009-2699">Solaris pollset DoS</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2699">CVE-2009-2699</a>
<p>Faulty error handling was found affecting Solaris pollset support
(Event Port backend) caused by a bug in APR. A remote attacker
could trigger this issue on Solaris servers which used prefork or
event MPMs, resulting in a denial of service.
</p>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">5th August 2009</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">23rd September 2009</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">5th October 2009</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</td>
+ </tr>
+ </table>
</dd>
- <dd>
- Reported to security team: 5th August 2009<br/>
- Issue public: 23rd September 2009<br/></dd>
- <dd>
- Update Released: 5th October 2009<br/></dd>
- <dd>
- Affects:
- 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
-</dl><h1 id="2.2.13">
+</dl><br/><h1 id="2.2.13">
Fixed in Apache httpd 2.2.13</h1><dl>
+ <dt>
+ <h3>low:
+ <a name="CVE-2009-2412"/><name name="CVE-2009-2412">APR apr_palloc heap overflow</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412">CVE-2009-2412</a>)
+ </h3>
+ </dt>
<dd>
- <b>low: </b>
- <b>
- <a name="CVE-2009-2412"/>
- <name name="CVE-2009-2412">APR apr_palloc heap overflow</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412">CVE-2009-2412</a>
<p>
A flaw in apr_palloc() in the bundled copy of APR could
cause heap overflows in programs that try to apr_palloc() a user
@@ -1304,67 +1644,97 @@ unsanitized user-provided sizes to this
be triggered through some other application which uses apr_palloc()
in a vulnerable way.
</p>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">27th July 2009</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">4th August 2009</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">9th August 2009</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</td>
+ </tr>
+ </table>
</dd>
- <dd>
- Reported to security team: 27th July 2009<br/>
- Issue public: 4th August 2009<br/></dd>
- <dd>
- Update Released: 9th August 2009<br/></dd>
- <dd>
- Affects:
- 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
-</dl><h1 id="2.2.12">
+</dl><br/><h1 id="2.2.12">
Fixed in Apache httpd 2.2.12</h1><dl>
+ <dt>
+ <h3>important:
+ <a name="CVE-2009-1890"/><name name="CVE-2009-1890">mod_proxy reverse proxy DoS</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1890">CVE-2009-1890</a>)
+ </h3>
+ </dt>
<dd>
- <b>important: </b>
- <b>
- <a name="CVE-2009-1890"/>
- <name name="CVE-2009-1890">mod_proxy reverse proxy DoS</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1890">CVE-2009-1890</a>
<p>
A denial of service flaw was found in the mod_proxy module when it was
used as a reverse proxy. A remote attacker could use this flaw to
force a proxy process to consume large amounts of CPU time.
</p>
- </dd>
- <dd>
- Reported to security team: 30th June 2009<br/>
- Issue public: 2nd July 2009<br/></dd>
- <dd>
- Update Released: 27th July 2009<br/></dd>
- <dd>
- Affects:
- 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">30th June 2009</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">2nd July 2009</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">27th July 2009</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</td>
+ </tr>
+ </table>
+ </dd>
+ <dt>
+ <h3>important:
+ <a name="CVE-2009-1191"/><name name="CVE-2009-1191">mod_proxy_ajp information disclosure</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1191">CVE-2009-1191</a>)
+ </h3>
+ </dt>
<dd>
- <b>important: </b>
- <b>
- <a name="CVE-2009-1191"/>
- <name name="CVE-2009-1191">mod_proxy_ajp information disclosure</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1191">CVE-2009-1191</a>
<p>
An information disclosure flaw was found in mod_proxy_ajp in version
2.2.11 only. In certain
situations, if a user sent a carefully crafted HTTP request, the server
could return a response intended for another user.
</p>
- </dd>
- <dd>
- Reported to security team: 5th March 2009<br/>
- Issue public: 21st April 2009<br/></dd>
- <dd>
- Update Released: 27th July 2009<br/></dd>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">5th March 2009</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">21st April 2009</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">27th July 2009</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.2.11</td>
+ </tr>
+ </table>
+ </dd>
+ <dt>
+ <h3>low:
+ <a name="CVE-2009-1891"/><name name="CVE-2009-1891">mod_deflate DoS</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891">CVE-2009-1891</a>)
+ </h3>
+ </dt>
<dd>
- Affects:
- 2.2.11<p/></dd>
- <dd>
- <b>low: </b>
- <b>
- <a name="CVE-2009-1891"/>
- <name name="CVE-2009-1891">mod_deflate DoS</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891">CVE-2009-1891</a>
<p>
A denial of service flaw was found in the mod_deflate module. This
module continued to compress large files until compression was
@@ -1372,64 +1742,91 @@ complete, even if the network connection
was closed before compression completed. This would cause mod_deflate
to consume large amounts of CPU if mod_deflate was enabled for a large
file.</p>
- </dd>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">26th June 2009</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">27th July 2009</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</td>
+ </tr>
+ </table>
+ </dd>
+ <dt>
+ <h3>low:
+ <a name="CVE-2009-1195"/><name name="CVE-2009-1195">AllowOverride Options handling bypass</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1195">CVE-2009-1195</a>)
+ </h3>
+ </dt>
<dd>
- Issue public: 26th June 2009<br/></dd>
- <dd>
- Update Released: 27th July 2009<br/></dd>
- <dd>
- Affects:
- 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
- <dd>
- <b>low: </b>
- <b>
- <a name="CVE-2009-1195"/>
- <name name="CVE-2009-1195">AllowOverride Options handling bypass</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1195">CVE-2009-1195</a>
<p>
A flaw was found in the handling of the "Options" and "AllowOverride"
directives. In configurations using the "AllowOverride" directive
with certain "Options=" arguments, local users were not restricted
from executing commands from a Server-Side-Include script as intended.
</p>
- </dd>
- <dd>
- Reported to security team: 9th March 2009<br/>
- Issue public: 22nd April 2009<br/></dd>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">9th March 2009</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">22nd April 2009</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">27th July 2009</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</td>
+ </tr>
+ </table>
+ </dd>
+ <dt>
+ <h3>low:
+ <a name="CVE-2008-0456"/><name name="CVE-2008-0456">CRLF injection in mod_negotiation when untrusted uploads are supported</name>
+ (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0456">CVE-2008-0456</a>)
+ </h3>
+ </dt>
<dd>
- Update Released: 27th July 2009<br/></dd>
- <dd>
- Affects:
- 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0<p/></dd>
- <dd>
- <b>low: </b>
- <b>
- <a name="CVE-2008-0456"/>
- <name name="CVE-2008-0456">CRLF injection in mod_negotiation when untrusted uploads are supported</name>
- </b>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0456">CVE-2008-0456</a>
<p>
Possible CRLF injection allowing HTTP response splitting attacks for sites
which use mod_negotiation and allow untrusted uploads to locations which have
MultiViews enabled.
</p>
- </dd>
- <dd>
- Reported to security team: 15th January 2008<br/>
- Issue public: 21st January 2008<br/></dd>
+ <table class="cve">
+ <tr>
+ <td class="cve-header">Reported to security team</td>
+ <td class="cve-value">15th January 2008</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Issue public</td>
+ <td class="cve-value">21st January 2008</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">27th July 2009</td>
+ </tr>
+ <tr>
+ <td class="cve-header">Affects</td>
+ <td class="cve-value">2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0</td>
[... 944 lines stripped ...]