FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  369765
Date:      2014-10-01
Time:      21:25:46Z
Committer: matthew

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
de2bc01f-dc44-11e1-9f4d-002354ed89bcApache -- Insecure LD_LIBRARY_PATH handling

Apache reports:

Insecure handling of LD_LIBRARY_PATH was found that could lead to the current working directory to be searched for DSOs. This could allow a local user to execute code as root if an administrator runs apachectl from an untrusted directory.


Discovery 2012-03-02
Entry 2012-08-01
apache
le 2.2.22_5

apache-event
le 2.2.22_5

apache-itk
le 2.2.22_5

apache-peruser
le 2.2.22_5

apache-worker
le 2.2.22_5

CVE-2012-0883
http://httpd.apache.org/security/vulnerabilities_24.html
http://www.apache.org/dist/httpd/CHANGES_2.4.2
65539c54-2517-11e2-b9d6-20cf30e32f6dapache22 -- several vulnerabilities

Apache HTTP SERVER PROJECT reports:

low: XSS in mod_negotiation when untrusted uploads are supported CVE-2012-2687

Possible XSS for sites which use mod_negotiation and allow untrusted uploads to locations which have MultiViews enabled.

low: insecure LD_LIBRARY_PATH handling CVE-2012-0883

This issue was already fixed in port version 2.2.22_5


Discovery 2012-09-13
Entry 2012-11-02
apache22
gt 2.2.0 lt 2.2.23

apache22-event-mpm
gt 2.2.0 lt 2.2.23

apache22-itk-mpm
gt 2.2.0 lt 2.2.23

apache22-peruser-mpm
gt 2.2.0 lt 2.2.23

apache22-worker-mpm
gt 2.2.0 lt 2.2.23

CVE-2012-2687
CVE-2012-0833
9c88d8a8-8372-11e2-a010-20cf30e32f6dapache22 -- several vulnerabilities

Apache HTTP SERVER PROJECT reports:

low: XSS due to unescaped hostnames CVE-2012-3499

Various XSS flaws due to unescaped hostnames and URIs HTML output in mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp.

moderate: XSS in mod_proxy_balancer CVE-2012-4558

A XSS flaw affected the mod_proxy_balancer manager interface.


Discovery 2012-10-07
Entry 2013-03-02
apache22
gt 2.2.0 lt 2.2.24

apache22-event-mpm
gt 2.2.0 lt 2.2.24

apache22-itk-mpm
gt 2.2.0 lt 2.2.24

apache22-peruser-mpm
gt 2.2.0 lt 2.2.24

apache22-worker-mpm
gt 2.2.0 lt 2.2.24

CVE-2012-3499
CVE-2012-4558
f3d24aee-e5ad-11e2-b183-20cf30e32f6dapache22 -- several vulnerabilities

Apache HTTP SERVER PROJECT reports:

The mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.

mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with the source href (sent as part of the request body as XML) pointing to a URI that is not configured for DAV will trigger a segfault.


Discovery 2013-06-21
Entry 2013-07-05
Modified 2013-07-10
apache22
gt 2.2.0 lt 2.2.25

apache22-event-mpm
gt 2.2.0 lt 2.2.25

apache22-itk-mpm
gt 2.2.0 lt 2.2.25

apache22-peruser-mpm
gt 2.2.0 lt 2.2.25

apache22-worker-mpm
gt 2.2.0 lt 2.2.25

CVE-2013-1862
CVE-2013-1896