FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  363620
Date:      2014-07-31
Time:      15:23:47Z
Committer: rakuco

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
de2bc01f-dc44-11e1-9f4d-002354ed89bcApache -- Insecure LD_LIBRARY_PATH handling

Apache reports:

Insecure handling of LD_LIBRARY_PATH was found that could lead to the current working directory to be searched for DSOs. This could allow a local user to execute code as root if an administrator runs apachectl from an untrusted directory.


Discovery 2012-03-02
Entry 2012-08-01
apache
le 2.2.22_5

apache-event
le 2.2.22_5

apache-itk
le 2.2.22_5

apache-peruser
le 2.2.22_5

apache-worker
le 2.2.22_5

CVE-2012-0883
http://httpd.apache.org/security/vulnerabilities_24.html
http://www.apache.org/dist/httpd/CHANGES_2.4.2
d8c901ff-0f0f-11e1-902b-20cf30e32f6dApache 1.3 -- mod_proxy reverse proxy exposure

Apache HTTP server project reports:

An exposure was found when using mod_proxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to attacker. There is no patch against this issue!


Discovery 2011-10-05
Entry 2011-11-14
apache
lt 1.3.43

apache+ssl
lt 1.3.43.1.59_2

apache+ipv6
lt 1.3.43

apache+mod_perl
lt 1.3.43

apache+mod_ssl
lt 1.3.41+2.8.31_4

apache+mod_ssl+ipv6
lt 1.3.41+2.8.31_4

ru-apache-1.3
lt 1.3.43+30.23_1

ru-apache+mod_ssl
lt 1.3.43+30.23_1

CVE-2011-3368
http://httpd.apache.org/security/vulnerabilities_13.html
http://seclists.org/fulldisclosure/2011/Oct/232
d8c901ff-0f0f-11e1-902b-20cf30e32f6dApache 1.3 -- mod_proxy reverse proxy exposure

Apache HTTP server project reports:

An exposure was found when using mod_proxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to attacker. There is no patch against this issue!


Discovery 2011-10-05
Entry 2011-11-14
apache
lt 1.3.43

apache+ssl
lt 1.3.43.1.59_2

apache+ipv6
lt 1.3.43

apache+mod_perl
lt 1.3.43

apache+mod_ssl
lt 1.3.41+2.8.31_4

apache+mod_ssl+ipv6
lt 1.3.41+2.8.31_4

ru-apache-1.3
lt 1.3.43+30.23_1

ru-apache+mod_ssl
lt 1.3.43+30.23_1

CVE-2011-3368
http://httpd.apache.org/security/vulnerabilities_13.html
http://seclists.org/fulldisclosure/2011/Oct/232