FreshPorts - VuXML
This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68
These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
0c2db2aa-5584-11e7-9a7d-b499baebfeaf | Apache httpd -- several vulnerabilities
The Apache httpd project reports:
- ap_get_basic_auth_pw() Authentication Bypass (CVE-2017-3167):
Use of the ap_get_basic_auth_pw() by third-party modules outside
of the authentication phase may lead to authentication requirements
being bypassed.
- mod_ssl Null Pointer Dereference (CVE-2017-3169):
mod_ssl may
dereference a NULL pointer when third-party modules
call ap_hook_process_connection() during an HTTP request to an HTTPS
port.
- mod_http2 Null Pointer Dereference (CVE-2017-7659):
A maliciously
constructed HTTP/2 request could cause mod_http2 to dereference a NULL
pointer and crash the server process.
- ap_find_token() Buffer Overread (CVE-2017-7668):
The HTTP strict
parsing changes added in 2.2.32 and 2.4.24 introduced a bug in token
list parsing, which allows ap_find_token() to search past the end of its
input string. By maliciously crafting a sequence of request headers, an
attacker may be able to cause a segmentation fault, or to force
ap_find_token() to return an incorrect value.
- mod_mime Buffer Overread (CVE-2017-7679):
mod_mime can read one
byte past the end of a buffer when sending a malicious Content-Type
response header.
Discovery 2017-06-20 Entry 2017-06-20 apache22
< 2.2.33
apache24
< 2.4.26
https://httpd.apache.org/security/vulnerabilities_24.html
https://httpd.apache.org/security/vulnerabilities_22.html
CVE-2017-3167
CVE-2017-3169
CVE-2017-7659
CVE-2017-7668
CVE-2017-7679
|