FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  374826
Date:      2014-12-16
Time:      22:06:31Z
Committer: cs

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
d8c901ff-0f0f-11e1-902b-20cf30e32f6dApache 1.3 -- mod_proxy reverse proxy exposure

Apache HTTP server project reports:

An exposure was found when using mod_proxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to attacker. There is no patch against this issue!


Discovery 2011-10-05
Entry 2011-11-14
apache
lt 1.3.43

apache+ssl
lt 1.3.43.1.59_2

apache+ipv6
lt 1.3.43

apache+mod_perl
lt 1.3.43

apache+mod_ssl
lt 1.3.41+2.8.31_4

apache+mod_ssl+ipv6
lt 1.3.41+2.8.31_4

ru-apache-1.3
lt 1.3.43+30.23_1

ru-apache+mod_ssl
lt 1.3.43+30.23_1

CVE-2011-3368
http://httpd.apache.org/security/vulnerabilities_13.html
http://seclists.org/fulldisclosure/2011/Oct/232
d8c901ff-0f0f-11e1-902b-20cf30e32f6dApache 1.3 -- mod_proxy reverse proxy exposure

Apache HTTP server project reports:

An exposure was found when using mod_proxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to attacker. There is no patch against this issue!


Discovery 2011-10-05
Entry 2011-11-14
apache
lt 1.3.43

apache+ssl
lt 1.3.43.1.59_2

apache+ipv6
lt 1.3.43

apache+mod_perl
lt 1.3.43

apache+mod_ssl
lt 1.3.41+2.8.31_4

apache+mod_ssl+ipv6
lt 1.3.41+2.8.31_4

ru-apache-1.3
lt 1.3.43+30.23_1

ru-apache+mod_ssl
lt 1.3.43+30.23_1

CVE-2011-3368
http://httpd.apache.org/security/vulnerabilities_13.html
http://seclists.org/fulldisclosure/2011/Oct/232