FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  374826
Date:      2014-12-16
Time:      22:06:31Z
Committer: cs

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
9c88d8a8-8372-11e2-a010-20cf30e32f6dapache22 -- several vulnerabilities

Apache HTTP SERVER PROJECT reports:

low: XSS due to unescaped hostnames CVE-2012-3499

Various XSS flaws due to unescaped hostnames and URIs HTML output in mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp.

moderate: XSS in mod_proxy_balancer CVE-2012-4558

A XSS flaw affected the mod_proxy_balancer manager interface.


Discovery 2012-10-07
Entry 2013-03-02
apache22
gt 2.2.0 lt 2.2.24

apache22-event-mpm
gt 2.2.0 lt 2.2.24

apache22-itk-mpm
gt 2.2.0 lt 2.2.24

apache22-peruser-mpm
gt 2.2.0 lt 2.2.24

apache22-worker-mpm
gt 2.2.0 lt 2.2.24

CVE-2012-3499
CVE-2012-4558
65539c54-2517-11e2-b9d6-20cf30e32f6dapache22 -- several vulnerabilities

Apache HTTP SERVER PROJECT reports:

low: XSS in mod_negotiation when untrusted uploads are supported CVE-2012-2687

Possible XSS for sites which use mod_negotiation and allow untrusted uploads to locations which have MultiViews enabled.

low: insecure LD_LIBRARY_PATH handling CVE-2012-0883

This issue was already fixed in port version 2.2.22_5


Discovery 2012-09-13
Entry 2012-11-02
apache22
gt 2.2.0 lt 2.2.23

apache22-event-mpm
gt 2.2.0 lt 2.2.23

apache22-itk-mpm
gt 2.2.0 lt 2.2.23

apache22-peruser-mpm
gt 2.2.0 lt 2.2.23

apache22-worker-mpm
gt 2.2.0 lt 2.2.23

CVE-2012-2687
CVE-2012-0833
de2bc01f-dc44-11e1-9f4d-002354ed89bcApache -- Insecure LD_LIBRARY_PATH handling

Apache reports:

Insecure handling of LD_LIBRARY_PATH was found that could lead to the current working directory to be searched for DSOs. This could allow a local user to execute code as root if an administrator runs apachectl from an untrusted directory.


Discovery 2012-03-02
Entry 2012-08-01
apache
le 2.2.22_5

apache-event
le 2.2.22_5

apache-itk
le 2.2.22_5

apache-peruser
le 2.2.22_5

apache-worker
le 2.2.22_5

CVE-2012-0883
http://httpd.apache.org/security/vulnerabilities_24.html
http://www.apache.org/dist/httpd/CHANGES_2.4.2