FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  318751
Date:      2013-05-22
Time:      09:14:17Z
Committer: rene

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
65539c54-2517-11e2-b9d6-20cf30e32f6d	apache22 -- several vulnerabilities Apache HTTP SERVER PROJECT reports: low: XSS in mod_negotiation when untrusted uploads are supported CVE-2012-2687 Possible XSS for sites which use mod_negotiation and allow untrusted uploads to locations which have MultiViews enabled. low: insecure LD_LIBRARY_PATH handling CVE-2012-0883 This issue was already fixed in port version 2.2.22_5 Discovery 2012-09-13 Entry 2012-11-02 apache22 gt 2.2.0 lt 2.2.23 apache22-event-mpm gt 2.2.0 lt 2.2.23 apache22-itk-mpm gt 2.2.0 lt 2.2.23 apache22-peruser-mpm gt 2.2.0 lt 2.2.23 apache22-worker-mpm gt 2.2.0 lt 2.2.23 CVE-2012-2687 CVE-2012-0833
de2bc01f-dc44-11e1-9f4d-002354ed89bc	Apache -- Insecure LD_LIBRARY_PATH handling Apache reports: Insecure handling of LD_LIBRARY_PATH was found that could lead to the current working directory to be searched for DSOs. This could allow a local user to execute code as root if an administrator runs apachectl from an untrusted directory. Discovery 2012-03-02 Entry 2012-08-01 apache le 2.2.22_5 apache-event le 2.2.22_5 apache-itk le 2.2.22_5 apache-peruser le 2.2.22_5 apache-worker le 2.2.22_5 CVE-2012-0883 http://httpd.apache.org/security/vulnerabilities_24.html http://www.apache.org/dist/httpd/CHANGES_2.4.2

VuXML ID

Description

65539c54-2517-11e2-b9d6-20cf30e32f6d

apache22 -- several vulnerabilities

Apache HTTP SERVER PROJECT reports:

low: XSS in mod_negotiation when untrusted uploads are supported CVE-2012-2687

Possible XSS for sites which use mod_negotiation and allow untrusted uploads to locations which have MultiViews enabled.

low: insecure LD_LIBRARY_PATH handling CVE-2012-0883

This issue was already fixed in port version 2.2.22_5

Discovery 2012-09-13
Entry 2012-11-02
apache22

gt 2.2.0 lt 2.2.23

apache22-event-mpm

gt 2.2.0 lt 2.2.23

apache22-itk-mpm

gt 2.2.0 lt 2.2.23

apache22-peruser-mpm

gt 2.2.0 lt 2.2.23

apache22-worker-mpm

gt 2.2.0 lt 2.2.23

CVE-2012-2687
CVE-2012-0833

de2bc01f-dc44-11e1-9f4d-002354ed89bc

Apache -- Insecure LD_LIBRARY_PATH handling

Apache reports:

Insecure handling of LD_LIBRARY_PATH was found that could lead to the current working directory to be searched for DSOs. This could allow a local user to execute code as root if an administrator runs apachectl from an untrusted directory.

Discovery 2012-03-02
Entry 2012-08-01
apache

le 2.2.22_5

apache-event

le 2.2.22_5

apache-itk

le 2.2.22_5

apache-peruser

le 2.2.22_5

apache-worker

le 2.2.22_5

CVE-2012-0883
http://httpd.apache.org/security/vulnerabilities_24.html
http://www.apache.org/dist/httpd/CHANGES_2.4.2